Always revoke active sessions when a user logs out to prevent unauthorized access.
Usage
Parameters
| Parameter | Type | Required | Description |
|---|
params.encryptKey | string | Yes | Owner’s PIN to decrypt wallet private key for signing |
params.wallet | WalletData | Yes | Wallet object with publicKey, encryptedPrivateKey, walletType |
params.sessionPublicKey | string | Yes | Public key of the session to revoke |
bearerToken | string | Yes | Authentication token from your auth provider |
Return Value
| Property | Type | Description |
|---|
revokeSessionKey | function | Trigger revocation (fire-and-forget) |
revokeSessionKeyAsync | function | Trigger revocation (returns Promise with tx hash) |
data | string | Transaction hash of revocation |
isLoading | boolean | Whether revocation is in progress |
isError | boolean | Whether an error occurred |
error | Error | null | Error details if any |
isSuccess | boolean | Whether revocation succeeded |
reset | function | Reset mutation state |
Example Implementation
Secure Logout Handler
Always revoke sessions during logout:
If revocation fails (e.g., network error), the session will still expire at its validUntil timestamp. However, it’s best practice to always attempt revocation.
When to Revoke
| Scenario | Should Revoke? |
|---|
| User logs out | ✅ Yes - always |
| Session expired naturally | ❌ No - already inactive |
| User requests new session | ⚠️ Optional - old session will expire |
| Security concern | ✅ Yes - immediately |
| App uninstall | N/A - Can’t revoke, session expires naturally |
Revocation requires a blockchain transaction which may take 10-30 seconds. Don’t block the logout flow - fire the revocation and continue.