Session Revocation Service
Component Detail
Service Layer
medium complexity
backend
3
Dependencies
1
Dependents
6
Entities
0
Integrations
Description
Backend service that implements soft-deletion of refresh tokens by setting a revoked_at timestamp, cascading invalidation to all child tokens in the refresh chain. Supports both single-session and bulk (all sessions for a user) revocation as atomic database operations. Every revocation action is written to the audit log.
session-revocation-service
Responsibilities
- Revoke a single session by setting revoked_at on the refresh_tokens row and cascading to child tokens
- Bulk-revoke all sessions for a user in a single atomic transaction
- Validate that the calling user holds Org Admin or Global Admin role before executing
- Write a structured audit log entry for every revocation (who, what session, timestamp, reason)
- Return a typed result so the API layer can surface the revocation outcome to the client immediately
Interfaces
revokeSession(sessionId: string, actorId: string): Promise<RevocationResult>
revokeAllSessionsForUser(userId: string, actorId: string): Promise<BulkRevocationResult>
getActiveSessions(orgId: string, userId?: string, page: number): Promise<SessionPage>
validateRevocationPermission(actorId: string, targetOrgId: string): Promise<boolean>
Relationships
Dependencies (3)
Components this component depends on
Related Data Entities (6)
Data entities managed by this component