revokeToken method

  1. @override
Future<void> revokeToken(
  1. Session session, {
  2. required String tokenId,
  3. Transaction? transaction,
  4. String? tokenIssuer,
})
override

Revokes a specific token by its ID.

If the tokenId doesn't exist, the operation completes without error. If tokenIssuer is provided, only tokens from that specific token manager will be revoked.

Implementation

@override
Future<void> revokeToken(
  final Session session, {
  required final String tokenId,
  final Transaction? transaction,
  final String? tokenIssuer,
}) async {
  if (tokenIssuer != null && tokenIssuer != tokenIssuerName) return;

  final UuidValue serverSideSessionId;
  try {
    serverSideSessionId = UuidValue.withValidation(tokenId);
  } catch (e) {
    // Silence if the tokenId is not a valid UUID which can happen when
    // interacting with multiple token managers.
    return;
  }

  final deletedSessions = await serverSideSessions.admin.deleteSessions(
    session,
    serverSideSessionId: serverSideSessionId,
    transaction: transaction,
  );

  if (deletedSessions.isEmpty) return;

  if (deletedSessions.length != 1) {
    throw StateError(
      'Expected 1 session to be deleted, but got ${deletedSessions.length}',
    );
  }

  final (:authUserId, :sessionId) = deletedSessions.first;

  await session.messages.authenticationRevoked(
    authUserId.uuid,
    RevokedAuthenticationAuthId(authId: sessionId.uuid),
  );
}