destroyRefreshToken static method

Future<void> destroyRefreshToken(
  1. Session session, {
  2. required UuidValue refreshTokenId,
  3. Transaction? transaction,
})

Removes a specific refresh token.

This does not affect the user's other authentications.

Any access tokens associated with this refresh token will continue to work until they expire.

Implementation

static Future<void> destroyRefreshToken(
  final Session session, {
  required final UuidValue refreshTokenId,
  final Transaction? transaction,
}) async {
  final refreshToken = (await RefreshToken.db.deleteWhere(
    session,
    where: (final row) => row.id.equals(refreshTokenId),
    transaction: transaction,
  ))
      .firstOrNull;

  if (refreshToken == null) {
    return;
  }

  // Notify the client about the revoked authentication for the specific
  // refresh token.
  await session.messages.authenticationRevoked(
    refreshToken.authUserId.uuid,
    RevokedAuthenticationAuthId(authId: refreshTokenId.toString()),
  );
}