Autional Autional
API Reference GitHub autional.com →

GET /sessions/user/{user_id}/sessions

Queries all active sessions of the currently authenticated user; JWT user identity must match the path parameter user_id. References: RFC 7519 (JWT), NIST SP 800-63B §4 (Session Management).

Session Management `bearerAuth` application/json

Request Parameters

NameInTypeRequiredDefaultExampleConstraintsDescription
user_id path string Yes User ID, must match the current JWT user
page query integer No 1 Page number
page_size query integer No 20 Items per page

Responses

StatusDescriptionSchema
200Session list and pagination infodto.SessionListResponse
400Invalid request parametersdto.Problem
401Unauthenticated or token expireddto.Problem
403JWT user does not match path parameterdto.Problem
404User not founddto.Problem
500Internal server errordto.Problem

Referenced Schemas

dto.FieldViolation

FieldTypeRequiredExampleConstraintsDescription
code string No Code is an error code (optional). Used by programs to identify error types, e.g., "required", "format", "range"
description string No Description is a human-readable error description. Should explain which rule was violated, e.g., "Must be a valid email address"
field string No Field is the path to the error field. Uses dot notation for nested fields, e.g., "user.email" or "addresses[0].city"
value object No Value is the value that caused the error (optional, used in development mode). May not be returned in production to avoid leaking sensitive information

dto.Problem

FieldTypeRequiredExampleConstraintsDescription
code integer No Code is a business error code. Used by programs to handle specific error scenarios. Example: 30101001
detail string No Detail is a human-readable explanation for this specific error instance. May include specific error details, e.g., "Field 'email' is required"
errors array of

See dto.FieldViolation

No Errors is a list of field-level validation errors (extension field). Follows Web API standard practices, each error contains field name and error message
i18n_args object No I18nArgs are internationalization parameters. Used to dynamically fill translation templates
i18n_key string No I18nKey is an internationalization key. Used for client-side localization of error messages. Example: "error.user_not_found"
instance string No Instance is a specific URI reference where the problem occurred. Usually the request URL, may include query parameters. Example: "/api/v1/users?limit=invalid"
request_id string No RequestID is a unique request identifier. Used for log correlation and issue tracking. Example: "req_550e8400-e29b-41d4-a716-446655440000"
retry_after integer No RetryAfter is used for 429 Too Many Requests responses. Indicates how many seconds the client should wait before retrying (RFC 6585)
service string No Service is the service name. Used in microservice architecture to locate the error source. Example: "auth-service"
span_id string No SpanID is the current span identifier. Used to precisely locate the current node in a distributed trace
status integer No Status is the HTTP status code generated. Used by clients to distinguish problem types, does not change with Accept-Language. Example: 400, 401, 403, 404, 500
timestamp string No Timestamp is the error occurrence time. ISO 8601 format. Example: "2026-04-03T12:00:00Z"
title string No Title is a short, human-readable summary of the problem type. The same Type should always have the same Title (does not change per instance). Example: "Invalid Request Parameters"
trace_id string No TraceID is a distributed tracing identifier. Follows W3C Trace Context standard. Example: "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01"
type string No Type is a URI reference that identifies the problem type. When dereferenced, it should provide human-readable documentation. Example: "https://api.example.com/errors/invalid-request"

dto.SessionListResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
items array of

See dto.SessionResponse

No Use items uniformly
message string No
pagination object No Pagination Information (Nested Object)
timestamp string No
total integer No Total Count (Flattened for Direct Reading)

dto.SessionResponse

User Session Information

FieldTypeRequiredExampleConstraintsDescription
amr string No password,totp Authentication Method Reference
authenticated_at string No 2026-04-15T08:00:00Z Authentication Time
created_at string No 2026-04-15T08:00:00Z Creation Time
device_id string No dev_abc123 Device ID
device_type string No desktop Device Type
expires_at string No 2026-04-16T08:00:00Z Expiration Time
geoip string No Beijing, CN GeoIP Location
id string No sess_abc123 Session ID
idle_expires_at string No 2026-04-15T12:00:00Z Idle Timeout
ip string No 192.168.1.1 IP
last_active_at string No 2026-04-15T10:30:00Z Last Activity
status string No active Status
tenant_id string No tnt_xyz789 Tenant ID
user_agent string No Mozilla/5.0... UA
user_id string No usr_abc123 User ID

gitee_com_linmes_authms_base_dto.PageInfo

FieldTypeRequiredExampleConstraintsDescription
has_next boolean No HasNext indicates whether there is a next page
has_prev boolean No HasPrev indicates whether there is a previous page
page integer No Page is the current page number (1-based)
page_size integer No PageSize is the number of items per page
total integer No Total is the total number of items across all pages
total_pages integer No TotalPages is the total number of pages