Added support for revoke session endpoint (#699)

auth0 · Feb 17, 2025 · 90e4800 · 90e4800
1 parent 80fd4a6
commit 90e4800
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 0 deletions.
diff --git a/src/main/java/com/auth0/client/mgmt/SessionsEntity.java b/src/main/java/com/auth0/client/mgmt/SessionsEntity.java
@@ -2,6 +2,7 @@
 
 import com.auth0.json.mgmt.sessions.Session;
 import com.auth0.net.BaseRequest;
+import com.auth0.net.EmptyBodyVoidRequest;
 import com.auth0.net.Request;
 import com.auth0.net.VoidRequest;
 import com.auth0.net.client.Auth0HttpClient;
@@ -64,4 +65,25 @@ public Request<Void> delete(String sessionId){
 
         return new VoidRequest(client, tokenProvider, url, HttpMethod.DELETE);
     }
+
+    /**
+     * Revoke the session for a given session ID.
+     * A token with scope {@code delete:sessions}, {@code delete:refresh_tokens} is needed.
+     * See <a href="https://auth0.com/docs/api/management/v2/sessions/revoke-session">https://auth0.com/docs/api/management/v2/sessions/revoke-session</a>
+     * @param sessionId the session ID.
+     * @return a Request to execute.
+     */
+    public Request<Void> revoke(String sessionId){
+        Asserts.assertNotNull(sessionId, "session ID");
+
+        String url = baseUrl
+            .newBuilder()
+            .addPathSegments("api/v2/sessions")
+            .addPathSegment(sessionId)
+            .addPathSegment("revoke")
+            .build()
+            .toString();
+
+        return new EmptyBodyVoidRequest<>(client, tokenProvider, url, HttpMethod.POST, new TypeReference<Void>() {});
+    }
 }
diff --git a/src/test/java/com/auth0/client/mgmt/SessionsEntityTest.java b/src/test/java/com/auth0/client/mgmt/SessionsEntityTest.java
@@ -58,4 +58,24 @@ public void shouldDeleteSession() throws Exception {
         assertThat(recordedRequest, hasHeader("Authorization", "Bearer apiToken"));
     }
 
+    @Test
+    public void revokeShouldThrowOnNullSessionId() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.sessions().revoke(null),
+            "'session ID' cannot be null!");
+    }
+
+    @Test
+    public void shouldRevoke() throws Exception {
+        Request<Void> request = api.sessions().revoke("session_ID");
+        assertThat(request, is(notNullValue()));
+
+        server.noContentResponse();
+        request.execute().getBody();
+        RecordedRequest recordedRequest = server.takeRequest();
+
+        assertThat(recordedRequest, hasMethodAndPath(HttpMethod.POST, "/api/v2/sessions/session_ID/revoke"));
+        assertThat(recordedRequest, hasHeader("Authorization", "Bearer apiToken"));
+    }
+
 }