Refresh Tokens Table
Component Detail
Data Layer
medium complexity
backend
0
Dependencies
2
Dependents
0
Entities
0
Integrations
Description
Stores rotating refresh tokens linked to sessions. Each token rotation invalidates the previous token; revocation of a session cascades to all its refresh tokens. Role promotions encoded in new access tokens after the next refresh.
refresh-tokens-table
Responsibilities
- Persist hashed rotating refresh tokens with expiry timestamps
- Cascade revocation from parent session to all child refresh tokens
- Support admin-initiated token invalidation for forced role re-evaluation
- Track token rotation history for security audit
Interfaces
createRefreshToken(sessionId: string, hashedToken: string, expiresAt: Date): RefreshToken
rotateToken(oldToken: string, newHashedToken: string): RefreshToken
revokeBySession(sessionId: string): void
findByToken(hashedToken: string): RefreshToken | null
Relationships
Dependents (2)
Components that depend on this component