Currently it is possible as an administrator to query all the session for a particular user (in a realm) However this is not possible that a session itself try to query sessions that is owned (or created by the same user) and this will give Forbidden.
returns Forbidden when the session is itself used to query it's own username
Purpose of this
- There is a need to relax this so that same "user" (hopefully they are the same) can query all their own sessions and so that some user application (dashboard) can be used to manage their own sessions (including invalidating them)
- Generally this may be considered where requester for this have intention to have a custom user dashboard/service that may manage their profile, devices, and also information on sessions.