Expand description
Server-side token state: refresh-token rotation, pending MFA challenges, and the per-user device/session index used for “log out everywhere” and back-channel revocation (Phase 4).
Structs§
- Memory
Challenge Store - Memory
Refresh Store - Memory
Session Index - Pending
Challenge - After a correct password on an MFA-enrolled account, the engine parks a short-lived challenge and returns its id; the second-factor step redeems it.
- Session
Record - One authenticated session/device row surfaced to the user for review/revoke.
Traits§
- Challenge
Store - Refresh
Store - Persists the live
jtiof each refresh token so rotation can atomically invalidate the old one. Backed by Redis with per-key TTL in production. - Session
Index - Tracks active sessions per user for management + back-channel logout.