From bee767308517d5ad6e69038fca5ec3c381def40c Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Wed, 30 Oct 2024 12:20:52 -0500
Subject: [PATCH] auth: delete the bunker private key when an access token is
 revoked

---
 src/reducers/auth.ts | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/reducers/auth.ts b/src/reducers/auth.ts
index 9d55a1520..bb34609df 100644
--- a/src/reducers/auth.ts
+++ b/src/reducers/auth.ts
@@ -123,15 +123,15 @@ function importCredentials(auth: SoapboxAuth, accessToken: string, account: Acco
 function revokeNostr(accessToken: string): void {
   const { connections, revoke } = useBunkerStore.getState();
 
-  /** User pubkey from token. */
-  const pubkey = connections.find((conn) => conn.accessToken === accessToken)?.pubkey;
-
-  // Revoke the Bunker connection.
-  revoke(accessToken);
-
-  // Revoke the private key, if it exists.
-  if (pubkey) {
-    keyring.delete(pubkey);
+  for (const conn of connections) {
+    if (conn.accessToken === accessToken) {
+      // Revoke the Bunker connection.
+      revoke(accessToken);
+      // Revoke the user's private key.
+      keyring.delete(conn.pubkey);
+      // Revoke the bunker's private key.
+      keyring.delete(conn.bunkerPubkey);
+    }
   }
 }