Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

revokeSession

Revoke a session key from a wallet on-chain. After confirmation, the session's next execute attempt reverts at validation. Effect is global and immediate. No off-chain coordination required.

await revokeSession(wallet, admin, session);

You can also pass just the session's public key:

await revokeSession(wallet, admin, sessionPublicKey);

Keystore impact

Revocation calls Keystore directly, not the Controller. The call is gated on-chain by onlyKeyOwnerOrValidator, so only the wallet itself (executing inside its own userOp) or a designated validator can revoke a key. A random caller reverts at the modifier.

Revocation is monotonic: once a key is revoked, it cannot be reactivated. To restore session access for a wallet, grant a new session with a fresh keypair.

Parameters

function revokeSession(
  wallet: Wallet,
  adminSigner: Signer,
  sessionOrPublicKey: Session | Hex,
  config?: { network?: NetworkConfig; feeToken?: Address },
): Promise<ExecuteResult>;

What lands on-chain

In a single userOp:

  1. The session is revoked in Keystore. Any tool reading getActiveKeys will no longer see it.
  2. The session's authority on the wallet's smart account is pulled.

Both atomic. After the userOp confirms, the session is dead everywhere simultaneously.

Notes

  • Revocation does not require the session signer, only the wallet's admin signer.
  • You can keep just the session's public key in your records for revocation purposes, then discard the rest of the Session object once granted.