Session store for svelte (currently only for JWT)
import { derived } from 'svelte';
import { Session, login } from 'svelte-session-manager';
// use localStorage as backing store
let session = new Session(localStorage);
// session may still be valid
if(!session.isValid) {
await login(session, 'https://mydomain.com/authenticate', 'a user', 'a secret');
}
session.isValid; // true when auth was ok or localStorage token is still valid
export const values = derived(
session,
($session, set) => {
if (!session.isValid) {
set([]); // session has expired no more data
} else {
fetch('https://mydomain.com/values', {
headers: {
...session.authorizationHeader
}
}).then(async data => set(await data.json()));
}
return () => {};
}
,[]);
// $values contains fetch result as long as session has not expiredexport BROWSER=safari|chrome|...
npm|yarn testThe test runs the following requests against the server
- successful auth
curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbnRpdGxlbWVudHMiOiJhLGIsYyIsImlhdCI6MTYwNDY2NDI0NywiZXhwIjoxNjA0NjY0MjYyfQ.qyjeoCuXO0iyYwSxM2sM02_BVhaZobRmEWam1M8Hzkx51nbsAuTR8G1rNgz1COo_KvbCU7LwZt7qnSEFB1tcwyDA1eBxwc2Wb7JxWgQ50m1IWkr2JCgY1seWRJRcwZBXiTRtiPqhzofP-l3S-CBluzU48cd4yzoPayczLkKuPK4"}
- invalid credentials
curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'{"message":"Unauthorized"}
Bring session into the valid state by calling the authorization endpoint and asking for a access_token. Executes a POST on the endpoint url expecting username, and password as json
-
sessionSession to be opened -
endpointstring authorization url -
usernamestring id of the user -
passwordstring user credentials -
tokenmapObject token names in response to internal known values (optional, defaultdefaultTokenMap)tokenmap.access_tokenstring
Returns Promise<(string | undefined)> error message in case of failure or undefined on success
Extract error description from response.
responseResponse
Data as preserved in the backing store.
Type: Object
Time required to execute a refresh
Type: number
User session. To create as session backed by browser local storage.
let session = new Session(localStorage);or by browser session storage
let session = new Session(sessionStorage);storeSessionData (optional, defaultlocalStorage)
entitlementsSet<string>subscriptionsSet<Object> store subscriptionsexpirationDateDate when the access token expiresaccess_tokenstring token itselfrefresh_tokenstring refresh token
Consume auth response data and reflect internal state.
-
dataObject
Refresh with refresh_token.
Returns Promise<boolean> true if refresh was succcessfull false otherwise
Http header suitable for fetch.
Returns ({Authorization: string} | {}) The Bearer access token.
As long as the expirationTimer is running we must be valid.
Returns boolean true if session is valid (not expired)
Remove all tokens from the session and the backing store.
Check presence of an entitlement.
namestring of the entitlement
Returns boolean true if the named entitlement is present
Fired when the session changes.
subscriptionFunction
Extract and decode the payload.
tokenstring
Returns (Object | undefined) payload object
With npm do:
npm install svelte-session-managerBSD-2-Clause