Delete /api/v1/users/${userId}/sessions with accessToken

abhigts1 · July 6, 2023, 12:52am

I am trying to call '/api/v1/users/${userId}/sessions’ delete API in .net6. I captured the access token during OpenIdConnectEvents.OnTokenValidated.
When I try to call it via the API token, it works fine. But if I am trying to use the accessToken, I get a 403 error stating invalid session. What could be the reason to it.

{
    "errorCode": "E0000005",
    "errorSummary": "Invalid session",
    "errorLink": "E0000005",
    "errorId": "oael83e1QQxSNuHOlE0VkqBuA",
    "errorCauses": []
}

andrea · July 6, 2023, 8:41pm

This endpoint requires Admin permissions, so if the token you are using was issued to an end user, the call will fail.

abhigts1 · July 7, 2023, 1:45am

This brings me back to where I started. So basically in our identity Server we use an upstream Identity Provider which can be okta. Now I want to sign out a user from okta. I want to do this only on c# and not in the client side. This functionality should not be restricted to admins as users too should be able to logout.

Things I have tried -

Capturing the token during login (but on decoding the token, scopes is not present in it)
Trying to generate a new token via clientCredentials flow but get the same error there.

Could you please help me with this?

Post		Replies	Views
Which API call should use to clear session from ALL applications. (OIDC Application) OAuth/OIDC	3	2797	February 13, 2024
How to delete user sessions Questions	2	5322	February 7, 2024
Clear User Session - Oauth tokens can not be revoked OAuth/OIDC api	5	7019	January 12, 2024
400 Bad Request ! Invalid Id_token - /logout endpoint calling. (SSO Embedded SignIn Widget - OIDC web App) OAuth/OIDC dotnet	4	3023	April 15, 2023
Getting 200 OK while calling /v1/revoke/ API but my access token is still working OAuth/OIDC	5	110	November 7, 2024

Delete /api/v1/users/${userId}/sessions with accessToken

Related topics