Skip to main content
Always revoke active sessions when a user logs out to prevent unauthorized access.

Usage

Parameters

ParameterTypeRequiredDescription
params.encryptKeystringYesOwner’s PIN to decrypt wallet private key for signing
params.walletWalletDataYesWallet object with publicKey, encryptedPrivateKey, walletType
params.sessionPublicKeystringYesPublic key of the session to revoke
bearerTokenstringYesAuthentication token from your auth provider

Return Value

PropertyTypeDescription
revokeSessionKeyfunctionTrigger revocation (fire-and-forget)
revokeSessionKeyAsyncfunctionTrigger revocation (returns Promise with tx hash)
datastringTransaction hash of revocation
isLoadingbooleanWhether revocation is in progress
isErrorbooleanWhether an error occurred
errorError | nullError details if any
isSuccessbooleanWhether revocation succeeded
resetfunctionReset mutation state

Example Implementation

Secure Logout Handler

Always revoke sessions during logout:
If revocation fails (e.g., network error), the session will still expire at its validUntil timestamp. However, it’s best practice to always attempt revocation.

When to Revoke

ScenarioShould Revoke?
User logs out✅ Yes - always
Session expired naturally❌ No - already inactive
User requests new session⚠️ Optional - old session will expire
Security concern✅ Yes - immediately
App uninstallN/A - Can’t revoke, session expires naturally
Revocation requires a blockchain transaction which may take 10-30 seconds. Don’t block the logout flow - fire the revocation and continue.