SDK
revokeSession
Revoke a session key from a wallet onchain. After confirmation, the session's next execute attempt reverts at validation. Effect is global and immediate. No off-chain coordination required.
// `client`, `wallet`, `admin`, and `session` from earlier
await client.revokeSession({ wallet, signer: admin, session });You can also pass just the session's public key:
const sessionPublicKey = "0x04..." as `0x${string}`;
await client.revokeSession({ wallet, signer: admin, session: sessionPublicKey });Keystore impact
Revocation calls Keystore directly, not the Controller. The call is gated onchain by onlyKeyOwnerOrValidator, so only the wallet itself (executing inside its own userOp) or a designated validator can revoke a key. A random caller reverts at the modifier.
Revocation is monotonic: once a key is revoked, it cannot be reactivated. To restore session access for a wallet, grant a new session with a fresh keypair.
Parameters
client.revokeSession(opts: ClientRevokeSessionOptions): Promise<ExecuteResult>;
type ClientRevokeSessionOptions = {
wallet: Wallet;
signer: Signer; // the wallet's admin signer
session: Session | Hex; // the Session object or just its public key
feeToken?: Address;
chainId?: number; // defaults to the client's default chain
};What lands onchain
In a single userOp:
- The session is revoked in Keystore. Any tool reading
getActiveKeyswill no longer see it. - The session's authority on the wallet's smart account is pulled.
Both atomic. After the userOp confirms, the session is dead everywhere simultaneously.
Notes
- Revocation does not require the session signer, only the wallet's admin signer.
- You can keep just the session's public key in your records for revocation purposes, then discard the rest of the
Sessionobject once granted.