revokeAllSessions method

Future<List<UuidValue>> revokeAllSessions(Session session, { required UuidValue authUserId, String? method, Transaction? transaction, })

Signs out a user from the server and ends all user sessions managed by this module.

This means that all sessions connected to the user will be terminated. Returns the list of IDs of the deleted sessions.

Note: The method will not do anything if no authentication information is found for the user.

Automatically registers authentication revocation via session.messages.authenticationRevoked when sessions are deleted. If this behavior is not desired, use AuthSessionsAdmin.deleteSessions instead.

Implementation

Future<List<UuidValue>> revokeAllSessions(
  final Session session, {
  required final UuidValue authUserId,
  final String? method,
  final Transaction? transaction,
}) async {
  // Delete all sessions for the user
  final auths = await ServerSideSession.db.deleteWhere(
    session,
    where: (final row) => row.authUserId.equals(authUserId),
    transaction: transaction,
  );

  if (auths.isEmpty) return const [];

  await session.messages.authenticationRevoked(
    authUserId.uuid,
    RevokedAuthenticationUser(),
  );

  return [
    for (final auth in auths)
      if (auth.id != null) auth.id!,
  ];
}