From 5ef74d676f42ec3ba66b24cc661d5cc854d5283a Mon Sep 17 00:00:00 2001
From: Ken Koch <kkoch986@gmail.com>
Date: Mon, 16 Feb 2026 11:54:25 -0500
Subject: [PATCH] fix revokeSession api call format

according to the docs, this should be a post to
/user_management/sessions/revoke but it was adding the session id
to the url instead which caused a 404 and for the session to not be
revoked.
---
 lib/UserManagement.php              | 6 ++++--
 tests/WorkOS/UserManagementTest.php | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/UserManagement.php b/lib/UserManagement.php
index b0bc7a75..d8cdf542 100644
--- a/lib/UserManagement.php
+++ b/lib/UserManagement.php
@@ -1419,13 +1419,15 @@ public function listSessions(string $userId, array $options = [])
      */
     public function revokeSession(string $sessionId)
     {
-        $path = "user_management/sessions/{$sessionId}/revoke";
+        $path = "user_management/sessions/revoke";
 
         $response = Client::request(
             Client::METHOD_POST,
             $path,
             null,
-            null,
+            [
+                "session_id" => $sessionId,
+            ],
             true
         );
 
diff --git a/tests/WorkOS/UserManagementTest.php b/tests/WorkOS/UserManagementTest.php
index 015a60cd..260a9a94 100644
--- a/tests/WorkOS/UserManagementTest.php
+++ b/tests/WorkOS/UserManagementTest.php
@@ -2266,7 +2266,7 @@ public function testListSessions()
     public function testRevokeSession()
     {
         $sessionId = "session_01H7X1M4TZJN5N4HG4XXMA1234";
-        $path = "user_management/sessions/{$sessionId}/revoke";
+        $path = "user_management/sessions/revoke";
 
         $result = json_encode([
             "id" => $sessionId,
@@ -2287,7 +2287,7 @@ public function testRevokeSession()
             Client::METHOD_POST,
             $path,
             null,
-            null,
+            [ "session_id" => $sessionId ],
             true,
             $result
         );