Interface: StoredRefreshToken
Defined in: oauthServerTypes.ts:124
A persisted refresh token, stored by its hash (never the plaintext value) so
a store compromise does not leak usable tokens. Owned by the
RefreshTokenStore; minted and rotated by createRefreshRotation.
Properties
clientId
clientId:
string
Defined in: oauthServerTypes.ts:128
The client_id the token was issued to.
consumedAt?
optionalconsumedAt?:number
Defined in: oauthServerTypes.ts:140
Unix timestamp (milliseconds) when the token was rotated (consumed). A consumed token that is presented again signals reuse (theft or a replay) and triggers revocation of the owner's whole token set.
expiresAt
expiresAt:
number
Defined in: oauthServerTypes.ts:134
Unix timestamp (milliseconds) after which the token is invalid.
scopes
scopes:
string[]
Defined in: oauthServerTypes.ts:132
The scopes granted to this token.
subject
subject:
string
Defined in: oauthServerTypes.ts:130
The authenticated end-user subject identifier.
tokenHash
tokenHash:
string
Defined in: oauthServerTypes.ts:126
SHA-256 hash (hex) of the opaque refresh token. Plaintext is never stored.