Skip to content

member_sessions_revoked_self_others

This page is auto-generated from src/auth/stytch-invite.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

member_sessions_revoked_self_others

FunctionSource
encodeMemberSessionsRevokedSelfOthersAuditReasonsrc/auth/stytch-invite.ts:698
FieldTypeRequiredNotes
member_idstringyes
revoked_countnumberyes
scope"single_org" | "all_orgs"no
org_countnumberno

#575 Phase 5 (#616) — scope discriminator extension.

Phase 5 introduces a NEW cross-org variant of this same event: the operator presses “Sign out everywhere” on the /me/security page and we fan revoke calls across every org they belong to, writing ONE aggregate audit row with tenant_id = NULL + actor_account_id NOT NULL (see audit/log.ts + migrations/0056 RLS shape).

To let SIEM saved searches distinguish “single-org self-others revoke” (Phase 1-4 shape: tenant_id = the org, scope omitted) from “cross-org revoke-everywhere” (Phase 5 shape: tenant_id = NULL, scope = ‘all_orgs’), we add an optional scope discriminator and the per-org breakdown is surfaced via org_count. Legacy callers omit the field — JSON.stringify drops undefined so the on-wire envelope stays byte-identical for the /admin/ui/account/* surface, and existing SIEM searches keep matching.

org_count is INCLUDED on the cross-org variant so an auditor can verify the fanout hit the expected breadth (covers the “partial-success across 3 of 9 orgs” UX shape). For single-org calls it’s omitted (the audit_log row’s tenant_id IS the org).

This envelope is stored in audit_log.decision_reason (varchar(256)) as a JSON object with the shape { event, ...ctx }. The audit_log row carries tenant_id, actor_user_id, and timestamp as columns alongside — those are not duplicated in the envelope.