Persist tokens for a session + federation. Production implementations
MUST encrypt refreshToken at rest. Plaintext persistence is supported
only as an explicit opt-in — the built-in redis adapter exposes this via
encryption.mode = "allow-plaintext" (with a startup warning), and the
built-in in-memory adapter is plaintext by design because the process
boundary already contains it. Both opt-outs are intended for
development / testing use only. See spec Section 5.
Delete a specific (sid, federationName) entry. Idempotent.
Remove all federation entries for a session. Idempotent.
Verb-aligned with sibling session stores
(UserSessionStore, SessionRPRegistry,
SessionFamilyIndex, SessionFederationIndex) which all
expose removeBySid(sid) for the same "bulk-remove records scoped to
a session id" responsibility.
Renamed from deleteBySession in v0.5.1 (AS-3); the old name is no
longer accepted because FederationTokenStore was new in v0.5.0
and the v0.5.1 hotfix policy explicitly permits this rename for
interfaces that have had no external consumers.
Atomic replace. Called after a successful federation refresh.
Adapter primitive for federation token storage.