{"id":20844505,"url":"https://github.com/pushpabrol/app-multiple-session-check-api-for-auth0","last_synced_at":"2026-04-13T11:32:09.113Z","repository":{"id":228683657,"uuid":"774656551","full_name":"pushpabrol/app-multiple-session-check-api-for-auth0","owner":"pushpabrol","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-19T23:49:24.000Z","size":1470,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-27T21:52:01.178Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pushpabrol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-19T23:46:54.000Z","updated_at":"2024-03-19T23:49:00.000Z","dependencies_parsed_at":"2024-03-20T00:49:39.316Z","dependency_job_id":null,"html_url":"https://github.com/pushpabrol/app-multiple-session-check-api-for-auth0","commit_stats":null,"previous_names":["pushpabrol/app-multiple-session-check-api-for-auth0"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pushpabrol/app-multiple-session-check-api-for-auth0","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fapp-multiple-session-check-api-for-auth0","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fapp-multiple-session-check-api-for-auth0/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fapp-multiple-session-check-api-for-auth0/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fapp-multiple-session-check-api-for-auth0/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pushpabrol","download_url":"https://codeload.github.com/pushpabrol/app-multiple-session-check-api-for-auth0/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fapp-multiple-session-check-api-for-auth0/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31751305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T09:16:15.125Z","status":"ssl_error","status_checked_at":"2026-04-13T09:16:05.023Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T02:09:49.834Z","updated_at":"2026-04-13T11:32:09.099Z","avatar_url":"https://github.com/pushpabrol.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Auth0 Session Checker\n\nThis Node.js Express application demonstrates how to query the Auth0 Management API to check for existing user sessions. It is designed to be used in scenarios where you need to prevent multiple sessions per application per user, enhancing security and user management in your application.\n\n## Getting Started\n\n### Prerequisites\n\n- Node.js and npm installed\n- An Auth0 account\n- A machine-to-machine application in Auth0 with permissions to access the Management API (`read:sessions` scope)\n\n### Installation\n\n1. Clone this repository or copy the files into your project directory.\n2. Run `npm install` to install the required dependencies.\n3. Create a `.env` file in the root of your project directory with the following contents:\n\n```env\nAUTH0_DOMAIN=your_auth0_domain\nAUTH0_CLIENT_ID=your_client_id\nAUTH0_CLIENT_SECRET=your_client_secret\nPORT=3000\n```\n\nReplace `your_auth0_domain`, `your_client_id`, and `your_client_secret` with your Auth0 domain, client ID, and client secret, respectively.\n\n### Running the Application\n\n1. Start the application with the command:\n\n```bash\nnpm start\n```\n\n2. The server will start running on the specified port (default is 3000).\n\n## Usage\n\n### Making a Request\n\nTo check for existing sessions, make a POST request to `/check` with a JSON payload containing the `user_id`, `client_id`, and `sid` (current session ID). For example:\n\n```json\n{\n  \"user_id\": \"auth0|1234567890\",\n  \"client_id\": \"your_client_application_id\",\n  \"sid\": \"current_session_id\"\n}\n```\n\nUse tools like Postman or `curl` for testing:\n\n```bash\ncurl -X POST http://localhost:3000/check \\\n-H 'Content-Type: application/json' \\\n-d '{\"user_id\": \"auth0|1234567890\", \"client_id\": \"your_client_application_id\", \"sid\": \"current_session_id\"}'\n```\n\n### Response\n\nThe application will respond with a JSON object indicating whether to block the session creation:\n\n```json\n{\n  \"block\": true\n}\n```\n\nIf `block` is `true`, it means an existing session for the app and user has been found, and you may choose to block the creation of a new session.\n\n## Intended to be used within Auth0 Actions\n\nTo use this functionality within an Auth0 Action to prevent multiple sessions per app per user, follow these steps:\n\n1. Go to the Auth0 Dashboard and navigate to **Actions** \u003e **Flows**.\n2. Select the flow where you want to include this logic, such as the **Login** flow.\n3. Create a new **Action** and add the following code snippet:\n\n```javascript\nexports.onExecutePostLogin = async (event, api) =\u003e {\n  const axios = require('axios');\n  const response = await axios.post('http://your-server-domain:3000/check', {\n    user_id: event.user.user_id,\n    client_id: event.client.client_id,\n    sid: event.session.id\n  });\n\n  if (response.data.block) {\n    api.access.deny(\"Multiple sessions per app per user are not allowed.\");\n  }\n};\n```\n\n4. Replace `http://your-server-domain:3000/check` with the actual URL of your deployed Express application.\n5. Save and deploy the Action.\n\nThis Action will now run on every login attempt, checking for existing sessions and potentially denying access based on the response from your Express application.\n\n---\n\nMake sure to thoroughly test this integration in a safe testing environment before rolling it out to your production environment.\nThis is for demo purposes only!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpushpabrol%2Fapp-multiple-session-check-api-for-auth0","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpushpabrol%2Fapp-multiple-session-check-api-for-auth0","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpushpabrol%2Fapp-multiple-session-check-api-for-auth0/lists"}