nova_auth_refresh (nova_auth v0.2.0)
View SourceShort-lived access tokens paired with rotating refresh tokens.
generate_pair/2 issues an access token (validated for
access_token_validity_minutes) and a refresh token (valid for
refresh_token_validity_days). The refresh token is single-use: refresh/2
rotates it, marking the old one used and issuing a fresh access+refresh pair
in the same family_id. Presenting an already-used refresh token is treated
as theft — the whole family is revoked (reuse_detected).
Requires the configured token_schema to have family_id (string) and
used_at (utc_datetime) fields in addition to the session-token fields.
Tokens are stored hashed via nova_auth_token.
Summary
Functions
Delete a single access token (logout of one device).
Issue a fresh access + refresh token pair for a user.
Resolve the user for a raw access token, honoring the access TTL.
Rotate a refresh token: on success returns a new access+refresh pair and marks the presented one used. A reused (already-rotated) token revokes the family.
Revoke ALL tokens for a user (e.g. on ban or global logout).
Revoke the refresh-token family that a raw refresh token belongs to.
Types
Functions
Delete a single access token (logout of one device).
Issue a fresh access + refresh token pair for a user.
Resolve the user for a raw access token, honoring the access TTL.
Rotate a refresh token: on success returns a new access+refresh pair and marks the presented one used. A reused (already-rotated) token revokes the family.
Revoke ALL tokens for a user (e.g. on ban or global logout).
Revoke the refresh-token family that a raw refresh token belongs to.