Add support for sessions and refresh-tokens for Users in the Management API
jak opened this issue · 2 comments
Checklist
- I have looked into the Readme and Examples, and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
I'd like to access these resources:
- https://auth0.com/docs/api/management/v2/users/get-refresh-tokens-for-user
- https://auth0.com/docs/api/management/v2/users/delete-refresh-tokens-for-user
- https://auth0.com/docs/api/management/v2/users/get-sessions-for-user
- https://auth0.com/docs/api/management/v2/users/delete-sessions-for-user
Describe the ideal solution
Something like:
managementAPI.users().listSessions()
managementAPI.users().listRefreshTokens()
managementAPI.users().deleteSessions()
managementAPI.users().deleteRefreshTokens()
It'd require a Session entity being added, and likely a RefreshToken entity. The API puts refresh tokens in an array called sessions but it is not look like the same entity from the documented schema.
Alternatives and current workarounds
No response
Additional context
No response
I'm looking at creating a PR here. According to the docs, the sessions and refresh tokens URLs do not support "classic" pagination, only the "next"/"take" approach which seems to be called checkpoint pagination in the code base. The current codebase doesn't seems to support a pagination concept without the properties start/length/total and limit. The "next" property is always consumed in addition.
My suggestion is to not use the Page abstract in these instances, as they add a number of properties that are not expected to be on the responses.
Is that approach acceptable?