Interface: RefreshTokenStore
Defined in: oauthServerTypes.ts:149
App-provided store for refresh tokens, backing OAuth 2.1 rotation. The store
is pure persistence — the rotation mechanics (single-use, expiry, reuse
detection) live in createRefreshRotation. Back it with DynamoDB, Postgres,
in-memory, … The "owner" of a token is the (clientId, subject) pair.
Properties
delete
delete: (
tokenHash) =>void|Promise<void>
Defined in: oauthServerTypes.ts:157
Remove a single refresh token by its hash.
Parameters
| Parameter | Type |
|---|---|
tokenHash | string |
Returns
void | Promise<void>
deleteByOwner
deleteByOwner: (
owner) =>void|Promise<void>
Defined in: oauthServerTypes.ts:162
Remove every refresh token belonging to an owner. Called on reuse detection to revoke the entire chain (the live token included), forcing re-auth.
Parameters
| Parameter | Type |
|---|---|
owner | { clientId: string; subject: string; } |
owner.clientId | string |
owner.subject | string |
Returns
void | Promise<void>
get
get: (
tokenHash) =>StoredRefreshToken|Promise<StoredRefreshToken|undefined> |undefined
Defined in: oauthServerTypes.ts:153
Look up a refresh token by its hash. Return undefined if unknown.
Parameters
| Parameter | Type |
|---|---|
tokenHash | string |
Returns
StoredRefreshToken | Promise<StoredRefreshToken | undefined> | undefined
save
save: (
token) =>void|Promise<void>
Defined in: oauthServerTypes.ts:151
Persist a refresh token, upserting by tokenHash.
Parameters
| Parameter | Type |
|---|---|
token | StoredRefreshToken |
Returns
void | Promise<void>