@spec expunge_expired(
  Ash.Resource.t(),
  keyword()
) :: :ok | {:error, any()}

Remove all expired records.

@spec get_token(Ash.Resource.t(), map(), keyword()) ::
  {:ok, [Ash.Resource.record()]} | {:error, any()}

Retrieve a token by token or JTI optionally filtering by purpose.

@spec jti_revoked?(Ash.Resource.t(), String.t(), keyword()) :: boolean()

Has the token been revoked?

Similar to token-revoked?/2..3 except that rather than extracting the JTI from the token, assumes that it's being passed in directly.

@spec revoke(Ash.Resource.t(), String.t(), keyword()) :: :ok | {:error, any()}

Revoke a token.

Extracts the JTI from the provided token and uses it to generate a revocation record.

@spec store_token(Ash.Resource.t(), map(), keyword()) :: :ok | {:error, any()}

Store a token.

Stores a token for any purpose.

@spec token_revoked?(Ash.Resource.t(), String.t(), keyword()) :: boolean()

Has the token been revoked?

Similar to jti_revoked?/2..3 except that it extracts the JTI from the token, rather than relying on it to be passed in.