Fix revoke_session by including authorization headers (#283)

* Fix `revoke_session` by including authorization headers

* Rubocop

lib/workos/user_management.rb

@@ -510,14 +510,17 @@ def get_logout_url(session_id:)
       # @param [String] session_id The session ID can be found in the `sid`
       #   claim of the access token
       def revoke_session(session_id:)
-        execute_request(
+        response = execute_request(
           request: post_request(
             path: '/user_management/sessions/revoke',
             body: {
               session_id: session_id,
             },
+            auth: true,
           ),
         )
+
+        response.is_a? Net::HTTPSuccess
       end
 
       # Get the JWKS URL

spec/lib/workos/user_management_spec.rb

@@ -1145,4 +1145,33 @@
       end
     end
   end
+
+  describe '.revoke_session' do
+    context 'with valid payload' do
+      it 'revokes session' do
+        VCR.use_cassette 'user_management/revoke_session/valid' do
+          result = described_class.revoke_session(
+            session_id: 'session_01HRX85ATNADY1GQ053AHRFFN6',
+          )
+
+          expect(result).to be true
+        end
+      end
+    end
+
+    context 'with a non-existant session' do
+      it 'returns an error' do
+        VCR.use_cassette 'user_management/revoke_session/not_found' do
+          expect do
+            described_class.revoke_session(
+              session_id: 'session_01H5JQDV7R7ATEYZDEG0W5PRYS',
+            )
+          end.to raise_error(
+            WorkOS::APIError,
+            /Session not found/,
+          )
+        end
+      end
+    end
+  end
 end