reset static method

void reset()

Causes all AAF Rapid Connect tokens to be forgotten.

The previously seen tokens are tracked to detect replay attacks, where a malicious client resends a previously sent token. Timers are used to automatically discard them, after a suitable time has passed. But this method can be used to immediately discard them all.

This method is normally only invoked when shutting down the program. Since a program might not cleanly finish if there are Timers still running.

Note: this is a static method, since tokens are tracked independently of which ServiceProvider they were processed by. But usually a Web application would only have one ServiceProvider.

Implementation

static void reset() {
  var num = 0;

  while (_seenJti.isNotEmpty) {
    final anyKey = _seenJti.keys.first;
    final theAssociatedTimer = _seenJti.remove(anyKey)!;

    // ignore: cascade_invocations
    theAssociatedTimer.cancel();

    num++;
  }

  _logJwt.finest('reset: $num JTI values forgotten');
}