Session Delete Improvements

[isurusamarasekara]

Purpose

Includes new features to the session management API along with wso2/carbon-identity-framework#3750.

Goals

Includes new features to the session management API:

• Terminate active sessions that fulfil the criteria determined by the filter parameter value.

Approach

Service Specification

https://app.swaggerhub.com/apis/sessionapi/wso-2_identity_server_user_session_management_api_definition/v1

Sessions API

Extended /sessions endpoint with delete implementation
Operation available for privileged users. Delete active sessions on the system retrieved based on. a filtering criteria.
Based off of #132

User stories

As a System Admin user, I want to terminate user sessions based on a criteria.

Release note

Session Management API enhancement.

Documentation

Impacts on User's Session Management API Definition - v1

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

N/A

Marketing

N/A

Automation tests

• Unit tests

  N/A

• Integration tests

  N/A

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes
• Ran FindSecurityBugs plugin and verified report? yes
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes

Samples

Sample Request

DELETE t/carbon.super/api/users/v1/sessions?filter=appName eq My Account
Host: localhost:9443
Authorization: Basic YWRtaW46YWRtaW4=

Related PRs

• Session Delete Improvements carbon-identity-framework#3750

Migrations (if applicable)

N/A

Test environment

OS: macOS Big Sur
JDK version: OpenJDK 1.8.0_292
Databases: Embedded H2

Learning

N/A

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ isurusamarasekara
❌ Isuru Samarasekara

---

Isuru Samarasekara seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[somindatommy]

Shall we fix the formatting errors here?

• Param descriptions are not aligned.
• Start sentences with uppercase letter and end with a .

[isurusamarasekara]

corrected.

[somindatommy]

Extra space before the method name

[isurusamarasekara]

corrected

[somindatommy]

Shall we fix formatting here as well?

[isurusamarasekara]

corrected

[somindatommy]

Seems like this is a server error. Shall we start the error code with 150xx instead of 100xx? We use 100xx for client errors.

[isurusamarasekara]

INVALID_TENANT_DOMAIN is a client error IMO... as the client could change the context tenantDomain to a non-existing one.

[somindatommy]

Can we add more context to this? Add the tenant domain at the end? WDYT?

[isurusamarasekara]

implemented

[senthalan]

Let's not use * imports.

[madurangasiriwardena]

This is a auto generated file. So this should be fine.

[isurusamarasekara]

corrected

[lashinijay]

Shalll we avoid * imports?

[isurusamarasekara]

corrected

[somindatommy]

@isurusamarasekara can you address the comments?