Options
All
  • Public
  • Public/Protected
  • All
Menu

Class InvalidationStrategy<Device, Location>

Invalidation strategy for JWT Access Tokens.

Type parameters

  • Device: DeviceBase

    Type of the device.

  • Location

    Type of the location.

Hierarchy

  • InvalidationStrategy

Constructors

Methods

Constructors

constructor

  • Type parameters

    • Device: DeviceBase

    • Location

    Parameters

    • options: InvalidationStrategyOptions<Device, Location>

      Options object.
      It should not be modified after, as it will be used by strategy without being cloned.

    Returns InvalidationStrategy<Device, Location>

Methods

generateRefreshToken

  • generateRefreshToken(subject: string, context: UserSessionOperationContext<Device, Location>, refreshTokenTtl?: number): Promise<AnchorableRefreshToken>

  • Generates anchorable refresh token.

    Parameters

    • subject: string

      Subject of the access token.
      Usually this is the user/account id.

    • context: UserSessionOperationContext<Device, Location>

      User session creation context.

    • Optional refreshTokenTtl: number

      TTL of the refresh token. When given, has precedence over default one.

    Returns Promise<AnchorableRefreshToken>

    Anchorable refresh token.

getActiveUserSessions

  • getActiveUserSessions(subject: string): Promise<ReadonlyMap<string, UserSessionMetaData<Device, Location>>>

  • Get all of the active user sessions.

    Parameters

    • subject: string

      Subject sessions of which need to be retrieved.

    Returns Promise<ReadonlyMap<string, UserSessionMetaData<Device, Location>>>

    Active user sessions with their refresh tokens.

invalidateAccessToken

  • Invalidates JWT Access Token, so that it can't be longer used, despite it's not expired yet.
    Notice that session associated with jwtAccessToken won't be invalidated, meaning that user can obtain another access token with the help of refresh token.

    Parameters

    Returns void

invalidateAccessTokensFromAllSessions

  • invalidateAccessTokensFromAllSessions(subject: string, jwtAccessTokenTtl: number): void

  • Invalidates all JWT Access Tokens that were issued up to current timestamp from all existing user sessions.
    Notice that associated user sessions won't be invalidated, meaning that the user can obtain another access tokens from them by using their refresh tokens.

    Parameters

    • subject: string

      Subject.

    • jwtAccessTokenTtl: number

      Ttl of the issued before access tokens to subject;

    Returns void

invalidateAllSessions

  • invalidateAllSessions(subject: string): Promise<number>

  • Invalidate all user sessions.

    Parameters

    • subject: string

      Subject.

    Returns Promise<number>

    Number of invalidated sessions.

invalidateSession

  • invalidateSession(subject: string, refreshToken: string): Promise<void>

  • Invalidate user session associated with refresh token.

    Parameters

    • subject: string

      Subject of the session.

    • refreshToken: string

      Refresh token.

    Returns Promise<void>

isAccessTokenStillValid

  • Check whether JWT Access Token is still valid.
    Do not confuse it with expiration, as the token might not be expired, but it was forcibly invalidated.

    Parameters

    Returns boolean

refreshSessionAccessToken

  • refreshSessionAccessToken(subject: string, refreshToken: string, context: UserSessionOperationContext<Device, Location>): Promise<string>

  • Refreshes access token to user session.

    throws

    {Exception} When: - refresh token doesn't exist. - device from refresh context differs from user session metadata device (in case default InvalidationStrategyOptions.refreshAccessTokenHook is used).

    Parameters

    • subject: string

      Subject whose session needs to be refreshed.

    • refreshToken: string

      Refresh token of the subject.

    • context: UserSessionOperationContext<Device, Location>

      Refresh context.

    Returns Promise<string>

    Anchor to refresh token.