fix revokeSession api call format

[kkoch986]

according to the docs, this should be a post to
/user_management/sessions/revoke but it was adding the session id to the url instead which caused a 404 and for the session to not be revoked.

Description

the call as implemented is incorrect, this corrects it to make a properly formatted request to the right endpoint.

Documentation

Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.

[ ] Yes

If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.

[greptile-apps]

Greptile Summary

This PR fixes the revokeSession method in UserManagement.php to correctly call the WorkOS API endpoint POST /user_management/sessions/revoke with session_id in the JSON request body. Previously, the session ID was interpolated into the URL path (/sessions/{id}/revoke), causing 404 errors and preventing sessions from being revoked.

• Bug fix: Changed endpoint from user_management/sessions/{$sessionId}/revoke to user_management/sessions/revoke
• Bug fix: Moved session_id from URL path to POST body parameters, matching the WorkOS API documentation
• Test updated: testRevokeSession mock expectations updated to match the corrected endpoint and parameters

Confidence Score: 5/5

• This PR is safe to merge — it corrects an existing bug with a minimal, well-tested change.
• The change is small, focused, and clearly correct: it aligns the API call format with the documented WorkOS API. The existing test has been updated to match. The implementation follows the same pattern used by other POST methods in the codebase (params passed as JSON body). No new functionality or risk is introduced.
• No files require special attention.

Important Files Changed

Filename	Overview
lib/UserManagement.php	Fixes revokeSession to POST to /user_management/sessions/revoke with session_id in the request body, matching the WorkOS API spec. Previously the session ID was incorrectly interpolated into the URL path.
tests/WorkOS/UserManagementTest.php	Updates testRevokeSession mock expectations to match the corrected endpoint path and pass session_id as a body parameter.

Sequence Diagram

sequenceDiagram
    participant App as Application
    participant UM as UserManagement
    participant Client as Client
    participant API as WorkOS API

    App->>UM: revokeSession(sessionId)
    UM->>Client: request(POST, "user_management/sessions/revoke", null, {"session_id": sessionId}, true)
    Client->>API: POST /user_management/sessions/revoke<br/>Body: {"session_id": "session_01..."}
    API-->>Client: 200 OK (Session JSON)
    Client-->>UM: Response array
    UM-->>App: Session resource

Loading

_{Last reviewed commit: 5ef74d6}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Test not updated to match

The corresponding test in tests/WorkOS/UserManagementTest.php:2269-2293 still uses the old path ("user_management/sessions/{$sessionId}/revoke") and passes null as the params argument. The mock expectation won't match the actual call being made now. Please update testRevokeSession to use the new path and pass ["session_id" => $sessionId] as params.

Additionally, the array here uses 2-space indentation, while the rest of the codebase consistently uses 4-space indentation for array contents. Consider aligning to match:

Suggested change

	[
	"session_id" => $sessionId,
	],
	[
	"session_id" => $sessionId,
	],

[kkoch986]

fixed

[kkoch986]

updated the unit test as well

[gjtorikian]

@greptile review this

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[gjtorikian]

thanks! this is now out as 4.30.1.

[kkoch986]

thanks! this is now out as 4.30.1.

👍 thanks for the quick merge!