revokeAllRefreshTokens method

Future<List<UuidValue>> revokeAllRefreshTokens(Session session, { required UuidValue authUserId, Transaction? transaction, })

Revokes all refresh tokens for the given authUserId.

Returns the list of IDs of the deleted tokens.

Active access tokens will continue to work until their expiration time is reached.

Automatically registers authentication revocation via session.messages.authenticationRevoked when tokens are deleted. If this behavior is not desired, use JwtAdmin.deleteRefreshTokens instead.

Implementation

Future<List<UuidValue>> revokeAllRefreshTokens(
  final Session session, {
  required final UuidValue authUserId,
  final Transaction? transaction,
}) async {
  final auths = await admin.deleteRefreshTokens(
    session,
    authUserId: authUserId,
    transaction: transaction,
  );

  if (auths.isEmpty) return const [];

  await session.messages.authenticationRevoked(
    authUserId.uuid,
    RevokedAuthenticationUser(),
  );

  return auths.map((final auth) => auth.refreshTokenId).toList();
}