feat: add signOut() scopes option

hf · hf · commit 36190962bf6f · 2023-07-03T09:58:12.000+02:00
diff --git a/src/GoTrueAdminApi.ts b/src/GoTrueAdminApi.ts
@@ -55,10 +55,14 @@ export default class GoTrueAdminApi {
   /**
    * Removes a logged-in session.
    * @param jwt A valid, logged-in JWT.
+   * @param scope The logout sope.
    */
-  async signOut(jwt: string): Promise<{ data: null; error: AuthError | null }> {
+  async signOut(
+    jwt: string,
+    scope: 'global' | 'local' | 'others' = 'global'
+  ): Promise<{ data: null; error: AuthError | null }> {
     try {
-      await _request(this.fetch, 'POST', `${this.url}/logout`, {
+      await _request(this.fetch, 'POST', `${this.url}/logout?scope=${scope}`, {
         headers: this.headers,
         jwt,
         noResolveJson: true,
diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
@@ -51,6 +51,7 @@ import type {
   SignInWithPasswordlessCredentials,
   SignUpWithPasswordCredentials,
   SignInWithSSO,
+  SignOut,
   Subscription,
   SupportedStorage,
   User,
@@ -1075,15 +1076,17 @@ export default class GoTrueClient {
    *
    * For server-side management, you can revoke all refresh tokens for a user by passing a user's JWT through to `auth.api.signOut(JWT: string)`.
    * There is no way to revoke a user's access token jwt until it expires. It is recommended to set a shorter expiry on the jwt for this reason.
+   *
+   * If using others scope, no `SIGNED_OUT` event is fired!
    */
-  async signOut(): Promise<{ error: AuthError | null }> {
+  async signOut({ scope }: SignOut = { scope: 'global' }): Promise<{ error: AuthError | null }> {
     const { data, error: sessionError } = await this.getSession()
     if (sessionError) {
       return { error: sessionError }
     }
     const accessToken = data.session?.access_token
     if (accessToken) {
-      const { error } = await this.admin.signOut(accessToken)
+      const { error } = await this.admin.signOut(accessToken, scope)
       if (error) {
         // ignore 404s since user might not exist anymore
         // ignore 401s since an invalid or expired JWT should sign out the current session
@@ -1092,9 +1095,11 @@ export default class GoTrueClient {
         }
       }
     }
-    await this._removeSession()
-    await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
-    await this._notifyAllSubscribers('SIGNED_OUT', null)
+    if (scope !== 'others') {
+      await this._removeSession()
+      await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
+      await this._notifyAllSubscribers('SIGNED_OUT', null)
+    }
     return { error: null }
   }
 
diff --git a/src/lib/types.ts b/src/lib/types.ts
@@ -1010,3 +1010,17 @@ export type PageParams = {
   /** Number of items returned per page */
   perPage?: number
 }
+
+export type SignOut = {
+  /**
+   * Determines which sessions should be
+   * logged out. Global means all
+   * sessions by this account. Local
+   * means only this session. Others
+   * means all other sessions except the
+   * current one. When using others,
+   * there is no sign-out event fired on
+   * the current session!
+   */
+  scope?: 'global' | 'local' | 'others'
+}
