Order the response to the List an Identity's Sessions endpoint by authenticated_at/issued_at desc

[BrandonNoad]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

We need to cache the last login date for our users in our own db. So we've set up an after login webhook that sends the following payload: { identityId }.

The webhook handler fetches the identity associated with the identityId. This response, however, does not include the last login value. So, to be completely accurate, we should fetch all of the identity's sessions, find the most recent one, and store its authenticated_at date in our db. But an identity may have many pages of sessions, and they don't appear to be ordered in any particular way. So this task is not trivial. If the response was ordered by authenticated_at desc, then we could simply fetch a single page.

I suspect this endpoint's results not being ordered may have caused the following bug: #294. The UI may have decided to use only the active sessions because that would be a much smaller set, but it results in a bug when there are no active sessions.

On a related note, the "List All Sessions" endpoint should be ordered in a similar manner. Currently, the Sessions table in the Ory Network "Activity" tab is basically unusable since you can't sort or filter the results and there doesn't appear to be any ordering.

Describe your ideal solution

The response for the List an Identity's Sessions endpoint (GET https://{project}.projects.oryapis.com/admin/identities/{id}/sessions) should be ordered by authenticated_at descending.

Workarounds or alternatives

Fetch all the results and order them myself.

Version

Ory Network

Additional Context

No response

[kmherrmann]

Thanks for filing the issue - agree that we should order this way, and I'm adding this to our backlog.
@jonas-jonas FYI as this also affects the display in console

[jonas-jonas]

Agreed, we should fix this. We have an API "spec" for flexible sorting/filtering in endpoints, it just needs to be implemented.

[kmherrmann]

can we change the default order before adding explicit sort as a parameter?

[jonas-jonas]

Should be possible, too. I'll have a look.