()
| 70 | * enrollment completion would otherwise still read the old cached token). |
| 71 | */ |
| 72 | export function clearTrustedDeviceToken(): void { |
| 73 | if (!isGateEnabled()) { |
| 74 | return |
| 75 | } |
| 76 | const secureStorage = getSecureStorage() |
| 77 | try { |
| 78 | const data = secureStorage.read() |
| 79 | if (data?.trustedDeviceToken) { |
| 80 | delete data.trustedDeviceToken |
| 81 | secureStorage.update(data) |
| 82 | } |
| 83 | } catch { |
| 84 | // Best-effort — don't block login if storage is inaccessible |
| 85 | } |
| 86 | readStoredToken.cache?.clear?.() |
| 87 | } |
| 88 | |
| 89 | /** |
| 90 | * Enroll this device via POST /auth/trusted_devices and persist the token |
no test coverage detected