From f54ca4779236a0b889f522bafd95368c5a15297c Mon Sep 17 00:00:00 2001
From: Snehil Kishore <snehil.kishore@okta.com>
Date: Mon, 13 Jan 2025 15:40:56 +0530
Subject: [PATCH] Adding Support For Session And Refresh Tokens (#786)

### Changes

Support Added for following endpoints:

-
[api/management/v2/users/get-refresh-tokens-for-user](https://auth0.com/docs/api/management/v2/users/get-refresh-tokens-for-user)
-
[api/management/v2/users/delete-refresh-tokens-for-user](https://auth0.com/docs/api/management/v2/users/delete-refresh-tokens-for-user)
-
[api/management/v2/users/get-sessions-for-user](https://auth0.com/docs/api/management/v2/users/get-sessions-for-user)
-
[api/management/v2/users/delete-sessions-for-user](https://auth0.com/docs/api/management/v2/users/delete-sessions-for-user)
-
[api/management/v2/refresh-tokens/get-refresh-token](https://auth0.com/docs/api/management/v2/refresh-tokens/get-refresh-token)
-
[api/management/v2/refresh-tokens/delete-refresh-token](https://auth0.com/docs/api/management/v2/refresh-tokens/delete-refresh-token)
-
[api/management/v2/sessions/get-session](https://auth0.com/docs/api/management/v2/sessions/get-session)
-
[api/management/v2/sessions/delete-session](https://auth0.com/docs/api/management/v2/sessions/delete-session)

### References

-
[api/management/v2/users/get-refresh-tokens-for-user](https://auth0.com/docs/api/management/v2/users/get-refresh-tokens-for-user)
-
[api/management/v2/users/delete-refresh-tokens-for-user](https://auth0.com/docs/api/management/v2/users/delete-refresh-tokens-for-user)
-
[api/management/v2/users/get-sessions-for-user](https://auth0.com/docs/api/management/v2/users/get-sessions-for-user)
-
[api/management/v2/users/delete-sessions-for-user](https://auth0.com/docs/api/management/v2/users/delete-sessions-for-user)
-
[api/management/v2/refresh-tokens/get-refresh-token](https://auth0.com/docs/api/management/v2/refresh-tokens/get-refresh-token)
-
[api/management/v2/refresh-tokens/delete-refresh-token](https://auth0.com/docs/api/management/v2/refresh-tokens/delete-refresh-token)
-
[api/management/v2/sessions/get-session](https://auth0.com/docs/api/management/v2/sessions/get-session)
-
[api/management/v2/sessions/delete-session](https://auth0.com/docs/api/management/v2/sessions/delete-session)

### Testing

- [x] This change adds test coverage

- [x] This change has been tested on the latest version of the
platform/language or why not

### Contributor Checklist

- [x] I agree to adhere to the [Auth0 General Contribution
Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md).
- [x] I agree to uphold the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
---
 src/API/Management.php                        | 14 +++-
 src/API/Management/RefreshTokens.php          | 50 ++++++++++++++
 src/API/Management/Sessions.php               | 50 ++++++++++++++
 src/API/Management/Users.php                  | 64 ++++++++++++++++++
 .../API/Management/RefreshTokensInterface.php | 46 +++++++++++++
 .../API/Management/SessionsInterface.php      | 46 +++++++++++++
 .../API/Management/UsersInterface.php         | 66 +++++++++++++++++++
 .../Unit/API/Management/RefreshTokensTest.php | 30 +++++++++
 tests/Unit/API/Management/SessionsTest.php    | 30 +++++++++
 tests/Unit/API/Management/UsersTest.php       | 42 ++++++++++++
 10 files changed, 436 insertions(+), 2 deletions(-)
 create mode 100644 src/API/Management/RefreshTokens.php
 create mode 100644 src/API/Management/Sessions.php
 create mode 100644 src/Contract/API/Management/RefreshTokensInterface.php
 create mode 100644 src/Contract/API/Management/SessionsInterface.php
 create mode 100644 tests/Unit/API/Management/RefreshTokensTest.php
 create mode 100644 tests/Unit/API/Management/SessionsTest.php

diff --git a/src/API/Management.php b/src/API/Management.php
index 1e3c5f79..5ca1debe 100644
--- a/src/API/Management.php
+++ b/src/API/Management.php
@@ -4,9 +4,9 @@
 
 namespace Auth0\SDK\API;
 
-use Auth0\SDK\API\Management\{Actions, AttackProtection, Blacklists, ClientGrants, Clients, Connections, DeviceCredentials, EmailTemplates, Emails, Grants, Guardian, Jobs, Keys, LogStreams, Logs, Organizations, ResourceServers, Roles, Rules, Stats, Tenants, Tickets, UserBlocks, Users, UsersByEmail};
+use Auth0\SDK\API\Management\{Actions, AttackProtection, Blacklists, ClientGrants, Clients, Connections, DeviceCredentials, EmailTemplates, Emails, Grants, Guardian, Jobs, Keys, LogStreams, Logs, Organizations, RefreshTokens, ResourceServers, Roles, Rules, Sessions, Stats, Tenants, Tickets, UserBlocks, Users, UsersByEmail};
 use Auth0\SDK\Configuration\SdkConfiguration;
-use Auth0\SDK\Contract\API\Management\{ActionsInterface, AttackProtectionInterface, BlacklistsInterface, ClientGrantsInterface, ClientsInterface, ConnectionsInterface, DeviceCredentialsInterface, EmailTemplatesInterface, EmailsInterface, GrantsInterface, GuardianInterface, JobsInterface, KeysInterface, LogStreamsInterface, LogsInterface, OrganizationsInterface, ResourceServersInterface, RolesInterface, RulesInterface, StatsInterface, TenantsInterface, TicketsInterface, UserBlocksInterface, UsersByEmailInterface, UsersInterface};
+use Auth0\SDK\Contract\API\Management\{ActionsInterface, AttackProtectionInterface, BlacklistsInterface, ClientGrantsInterface, ClientsInterface, ConnectionsInterface, DeviceCredentialsInterface, EmailTemplatesInterface, EmailsInterface, GrantsInterface, GuardianInterface, JobsInterface, KeysInterface, LogStreamsInterface, LogsInterface, OrganizationsInterface, RefreshTokensInterface, ResourceServersInterface, RolesInterface, RulesInterface, SessionsInterface, StatsInterface, TenantsInterface, TicketsInterface, UserBlocksInterface, UsersByEmailInterface, UsersInterface};
 use Auth0\SDK\Contract\API\{AuthenticationInterface, ManagementInterface};
 use Auth0\SDK\Utility\{HttpClient, HttpResponse, HttpResponsePaginator};
 use Psr\Cache\CacheItemPoolInterface;
@@ -202,6 +202,11 @@ public function organizations(): OrganizationsInterface
         return Organizations::instance($this->getHttpClient());
     }
 
+    public function refreshTokens(): RefreshTokensInterface
+    {
+        return RefreshTokens::instance($this->getHttpClient());
+    }
+
     public function resourceServers(): ResourceServersInterface
     {
         return ResourceServers::instance($this->getHttpClient());
@@ -217,6 +222,11 @@ public function rules(): RulesInterface
         return Rules::instance($this->getHttpClient());
     }
 
+    public function sessions(): SessionsInterface
+    {
+        return Sessions::instance($this->getHttpClient());
+    }
+
     public function stats(): StatsInterface
     {
         return Stats::instance($this->getHttpClient());
diff --git a/src/API/Management/RefreshTokens.php b/src/API/Management/RefreshTokens.php
new file mode 100644
index 00000000..94c32396
--- /dev/null
+++ b/src/API/Management/RefreshTokens.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Auth0\SDK\API\Management;
+
+use Auth0\SDK\Contract\API\Management\RefreshTokensInterface;
+use Auth0\SDK\Utility\Request\RequestOptions;
+use Auth0\SDK\Utility\Toolkit;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Handles requests to the Refresh Tokens endpoint of the v2 Management API.
+ *
+ * @see https://auth0.com/docs/api/management/v2#!/Refresh_Tokens
+ */
+final class RefreshTokens extends ManagementEndpoint implements RefreshTokensInterface
+{
+    public function delete(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('delete')->addPath(['refresh-tokens', $id])
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function get(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('get')->addPath(['refresh-tokens', $id])
+            ->withOptions($options)
+            ->call();
+    }
+}
diff --git a/src/API/Management/Sessions.php b/src/API/Management/Sessions.php
new file mode 100644
index 00000000..f570aeb6
--- /dev/null
+++ b/src/API/Management/Sessions.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Auth0\SDK\API\Management;
+
+use Auth0\SDK\Contract\API\Management\SessionsInterface;
+use Auth0\SDK\Utility\Request\RequestOptions;
+use Auth0\SDK\Utility\Toolkit;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Handles requests to the Sessions endpoint of the v2 Management API.
+ *
+ * @see https://auth0.com/docs/api/management/v2/Sessions
+ */
+final class Sessions extends ManagementEndpoint implements SessionsInterface
+{
+    public function delete(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('delete')->addPath(['sessions', $id])
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function get(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('get')->addPath(['sessions', $id])
+            ->withOptions($options)
+            ->call();
+    }
+}
diff --git a/src/API/Management/Users.php b/src/API/Management/Users.php
index adf02464..0b7ee2c3 100644
--- a/src/API/Management/Users.php
+++ b/src/API/Management/Users.php
@@ -221,6 +221,38 @@ public function deleteMultifactorProvider(
             ->call();
     }
 
+    public function deleteRefreshTokens(
+        string $user,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$user] = Toolkit::filter([$user])->string()->trim();
+
+        Toolkit::assert([
+            [$user, \Auth0\SDK\Exception\ArgumentException::missing('user')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('delete')->addPath(['users', $user, 'refresh-tokens'])
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function deleteSessions(
+        string $user,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$user] = Toolkit::filter([$user])->string()->trim();
+
+        Toolkit::assert([
+            [$user, \Auth0\SDK\Exception\ArgumentException::missing('user')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('delete')->addPath(['users', $user, 'sessions'])
+            ->withOptions($options)
+            ->call();
+    }
+
     public function get(
         string $id,
         ?RequestOptions $options = null,
@@ -351,6 +383,22 @@ public function getPermissions(
             ->call();
     }
 
+    public function getRefreshTokens(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('get')->addPath(['users', $id, 'refresh-tokens'])
+            ->withOptions($options)
+            ->call();
+    }
+
     public function getRoles(
         string $id,
         ?RequestOptions $options = null,
@@ -367,6 +415,22 @@ public function getRoles(
             ->call();
     }
 
+    public function getSessions(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('get')->addPath(['users', $id, 'sessions'])
+            ->withOptions($options)
+            ->call();
+    }
+
     public function invalidateBrowsers(
         string $id,
         ?RequestOptions $options = null,
diff --git a/src/Contract/API/Management/RefreshTokensInterface.php b/src/Contract/API/Management/RefreshTokensInterface.php
new file mode 100644
index 00000000..e273f827
--- /dev/null
+++ b/src/Contract/API/Management/RefreshTokensInterface.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Auth0\SDK\Contract\API\Management;
+
+use Auth0\SDK\Utility\Request\RequestOptions;
+use Psr\Http\Message\ResponseInterface;
+
+interface RefreshTokensInterface
+{
+    /**
+     * Delete a Refresh Token by ID.
+     * Required scope: `delete:refresh_tokens`.
+     *
+     * @param string              $id      ID of the refresh token to delete.
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Refresh_Tokens/delete_refresh_token
+     */
+    public function delete(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Retrieve Refresh Token information
+     * Required scopes:
+     * - `read:refresh_tokens` for any call to this endpoint.
+     *
+     * @param string              $id      ID of refresh token to retrieve
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Refresh_Tokens/get_refresh_token
+     */
+    public function get(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+}
diff --git a/src/Contract/API/Management/SessionsInterface.php b/src/Contract/API/Management/SessionsInterface.php
new file mode 100644
index 00000000..5b266bc5
--- /dev/null
+++ b/src/Contract/API/Management/SessionsInterface.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Auth0\SDK\Contract\API\Management;
+
+use Auth0\SDK\Utility\Request\RequestOptions;
+use Psr\Http\Message\ResponseInterface;
+
+interface SessionsInterface
+{
+    /**
+     * Delete a Session by ID.
+     * Required scope: `delete:sessions`.
+     *
+     * @param string              $id      ID of the session to delete.
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Sessions/delete_session
+     */
+    public function delete(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Retrieve Session information
+     * Required scopes:
+     * - `read:sessions` for any call to this endpoint.
+     *
+     * @param string              $id      ID of session to retrieve
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Sessions/get_session
+     */
+    public function get(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+}
diff --git a/src/Contract/API/Management/UsersInterface.php b/src/Contract/API/Management/UsersInterface.php
index 5aabc425..1a245c1e 100644
--- a/src/Contract/API/Management/UsersInterface.php
+++ b/src/Contract/API/Management/UsersInterface.php
@@ -189,6 +189,36 @@ public function deleteMultifactorProvider(
         ?RequestOptions $options = null,
     ): ResponseInterface;
 
+    /**
+     * Delete all refresh tokens for a user.
+     *
+     * Required scope: `delete:refresh_tokens`.
+     *
+     * @param string              $user    ID of user to query.
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Users/delete_refresh_tokens_for_user
+     */
+    public function deleteRefreshTokens(
+        string $user,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Delete all sessions for a user.
+     *
+     * Required scope: `delete:sessions`.
+     *
+     * @param string              $user    ID of user to query.
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Users/delete_sessions_for_user
+     */
+    public function deleteSessions(
+        string $user,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
     /**
      * Get a User.
      * Required scopes:
@@ -330,6 +360,24 @@ public function getPermissions(
         ?RequestOptions $options = null,
     ): ResponseInterface;
 
+    /**
+     * Retrieve details for a user's refresh tokens.
+     * Required scopes:
+     * - `read:refresh_tokens`.
+     *
+     * @param string              $id      user ID to get refresh tokens for
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Users/get_refresh_tokens_for_user
+     */
+    public function getRefreshTokens(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
     /**
      * Get all roles assigned to a specific user.
      * Required scopes:
@@ -349,6 +397,24 @@ public function getRoles(
         ?RequestOptions $options = null,
     ): ResponseInterface;
 
+    /**
+     * Retrieve details for a user's sessions.
+     * Required scopes:
+     * - `read: sessions`.
+     *
+     * @param string              $id      user ID to get session details for
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Users/get_sessions_for_user
+     */
+    public function getSessions(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
     /**
      * Invalidate all remembered browsers across all authentication factors for a user.
      * Required scope: `update:users`.
diff --git a/tests/Unit/API/Management/RefreshTokensTest.php b/tests/Unit/API/Management/RefreshTokensTest.php
new file mode 100644
index 00000000..6db63b0e
--- /dev/null
+++ b/tests/Unit/API/Management/RefreshTokensTest.php
@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+uses()->group('management', 'management.refresh_tokens');
+
+beforeEach(function(): void {
+    $this->endpoint = $this->api->mock()->refreshTokens();
+});
+
+test('get() issues an appropriate request', function(): void {
+    $id = uniqid();
+
+    $this->endpoint->get($id);
+
+    expect($this->api->getRequestMethod())->toEqual('GET');
+    expect($this->api->getRequestUrl())->toEndWith('/api/v2/refresh-tokens/' . $id);
+});
+
+test('delete() issues an appropriate request', function(): void {
+    $id = uniqid();
+
+    $this->endpoint->delete($id);
+
+    expect($this->api->getRequestMethod())->toEqual('DELETE');
+    expect($this->api->getRequestUrl())->toEndWith('/api/v2/refresh-tokens/' . $id);
+
+    $headers = $this->api->getRequestHeaders();
+    expect($headers['Content-Type'][0])->toEqual('application/json');
+});
\ No newline at end of file
diff --git a/tests/Unit/API/Management/SessionsTest.php b/tests/Unit/API/Management/SessionsTest.php
new file mode 100644
index 00000000..4c7a1ab9
--- /dev/null
+++ b/tests/Unit/API/Management/SessionsTest.php
@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+uses()->group('management', 'management.sessions');
+
+beforeEach(function(): void {
+    $this->endpoint = $this->api->mock()->sessions();
+});
+
+test('get() issues an appropriate request', function(): void {
+    $id = uniqid();
+
+    $this->endpoint->get($id);
+
+    expect($this->api->getRequestMethod())->toEqual('GET');
+    expect($this->api->getRequestUrl())->toEndWith('/api/v2/sessions/' . $id);
+});
+
+test('delete() issues an appropriate request', function(): void {
+    $id = uniqid();
+
+    $this->endpoint->delete($id);
+
+    expect($this->api->getRequestMethod())->toEqual('DELETE');
+    expect($this->api->getRequestUrl())->toEndWith('/api/v2/sessions/' . $id);
+
+    $headers = $this->api->getRequestHeaders();
+    expect($headers['Content-Type'][0])->toEqual('application/json');
+});
\ No newline at end of file
diff --git a/tests/Unit/API/Management/UsersTest.php b/tests/Unit/API/Management/UsersTest.php
index d4feb478..6789abf6 100644
--- a/tests/Unit/API/Management/UsersTest.php
+++ b/tests/Unit/API/Management/UsersTest.php
@@ -476,3 +476,45 @@
     $headers = $this->api->getRequestHeaders();
     expect($headers['Content-Type'][0])->toEqual('application/json');
 });
+
+test('getRefreshTokens() issues an appropriate request', function(): void {
+    $mockupId = uniqid();
+
+    $this->endpoint->getRefreshTokens($mockupId);
+
+    expect($this->api->getRequestMethod())->toEqual('GET');
+    expect($this->api->getRequestUrl())->toStartWith('https://' . $this->api->mock()->getConfiguration()->getDomain() . '/api/v2/users/' . $mockupId . '/refresh-tokens');
+});
+
+test('getSessions() issues an appropriate request', function(): void {
+    $mockupId = uniqid();
+
+    $this->endpoint->getSessions($mockupId);
+
+    expect($this->api->getRequestMethod())->toEqual('GET');
+    expect($this->api->getRequestUrl())->toStartWith('https://' . $this->api->mock()->getConfiguration()->getDomain() . '/api/v2/users/' . $mockupId . '/sessions');
+});
+
+test('deleteRefreshTokens() issues an appropriate request', function(): void {
+    $userId = uniqid();
+
+    $this->endpoint->deleteRefreshTokens($userId);
+
+    expect($this->api->getRequestMethod())->toEqual('DELETE');
+    expect($this->api->getRequestUrl())->toEndWith('/api/v2/users/' . $userId . '/refresh-tokens');
+
+    $headers = $this->api->getRequestHeaders();
+    expect($headers['Content-Type'][0])->toEqual('application/json');
+});
+
+test('deleteSessions() issues an appropriate request', function(): void {
+    $userId = uniqid();
+
+    $this->endpoint->deleteSessions($userId);
+
+    expect($this->api->getRequestMethod())->toEqual('DELETE');
+    expect($this->api->getRequestUrl())->toEndWith('/api/v2/users/' . $userId . '/sessions');
+
+    $headers = $this->api->getRequestHeaders();
+    expect($headers['Content-Type'][0])->toEqual('application/json');
+});
\ No newline at end of file