User's Session Management API Definition - v1¶
Click For Instructions
Before invoking the session management REST APIs, create some sessions for the user. You can create active sessions for the users as follows. 1. Register a service provider in the WSO2 Identity Server so that the authentication for the application will be handled by the Identity Server. 2. Login to the application with valid credentials. Do the following to try out the REST APIs with your local instance of WSO2 Identity Server.
- Click on Authorize button and provide desired values for authentication.
- Expand the relevant API operation and click the Try It Out button.
- Fill in relevant sample values for the input parameters and click Execute. You will receive a sample curl command with the sample values you filled in.
- Add a
-kheader to the curl command and run the curl command on the terminal with a running instance of WSO2 IS.
- From WSO2 IS 5.12 onwards, access tokens that are mapped with the session via REST API can be revoked. This is applicable for authorization code grant, implicit flow, refresh token grant, and hybrid flow.
- If one session is terminated via the API and the same access token is used by multiple sessions, the other sessions may then lose their tokens. Therefore, it is recommended to use sso-session binding if you wish to retain the capability to revoke the access token when the session is terminated via REST API.
- WSO2 Identity Server sends SAML/OIDC back-channel logouts also when session is terminated via API. To support this, the application should be configured to enable back-channel logout.