Session store for svelte (currently only for JWT)

usage

import { derived } from 'svelte' ; import { Session, login } from 'svelte-session-manager' ; let session = new Session(localStorage); if (!session.isValid) { await login(session, 'https://mydomain.com/authenticate' , 'a user' , 'a secret' ); } session.isValid; export const values = derived( session, ($session, set ) => { if (!session.isValid) { set ([]); // session has expired no more data } else { fetch( 'https://mydomain.com/values' , { headers : { ...session.authorizationHeader } }).then( async data => set (await data.json())); } return () => {}; } ,[]);

run tests

export BROWSER=safari|chrome|... npm|yarn test

The test runs the following requests against the server

successful auth

curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'

{ "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbnRpdGxlbWVudHMiOiJhLGIsYyIsImlhdCI6MTYwNDY2NDI0NywiZXhwIjoxNjA0NjY0MjYyfQ.qyjeoCuXO0iyYwSxM2sM02_BVhaZobRmEWam1M8Hzkx51nbsAuTR8G1rNgz1COo_KvbCU7LwZt7qnSEFB1tcwyDA1eBxwc2Wb7JxWgQ50m1IWkr2JCgY1seWRJRcwZBXiTRtiPqhzofP-l3S-CBluzU48cd4yzoPayczLkKuPK4" }

invalid credentials

curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'

{ "message" : "Unauthorized" }

API

login

Bring session into the valid state by calling the authorization endpoint and asking for a access_token. Executes a POST on the endpoint url expecting username, and password as json

Parameters

session Session to be opened

to be opened endpoint string authorization url

authorization url username string id of the user

id of the user password string user credentials

user credentials tokenmap object token names in response to internal known values (optional, default {access_token:"access_token",refresh_token:"refresh_token"} )

Returns string error message in case of failure or undefined on success

handleFailedResponse

Extract error description from response.

Parameters

response FetchResponse

Returns string

SessionData

Data as preserved in the backing store.

Type: Object

Properties

username string user name (id)

user name (id) access_token string JWT token

JWT token refresh_token string JWT token

msecsRequiredForRefresh

Time required to execute a refresh

Type: number

Session

User session. To create as session backed by browser local storage.

let session = new Session(localStorage);

or by browser session storage

let session = new Session(sessionStorage);

Parameters

store (optional, default localStorage )

(optional, default ) data SessionData

Properties

entitlements Set[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)

subscriptions Set[Object](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object) store subscriptions

store subscriptions expirationDate Date when the access token expires

when the access token expires access_token string token itself

token itself refresh_token string refresh token

Consume data and reflect internal state.

Parameters

data object

refresh

Refresh with refresh_token.

Returns boolean true if refresh was succcessfull false otherwise

authorizationHeader

Http header suitable for fetch.

Returns Object header The http header.

Returns string header.Authorization The Bearer access token.

isValid

As long as the expirationTimer is running we must be valid.

Returns boolean true if session is valid (not expired)

Remove all tokens from the session and the backing store.

hasEntitlement

Check presence of an entitlement.

Parameters

name string of the entitlement

Returns boolean true if the named entitlement is present

Fired when the session changes.

Parameters

subscription Function

decode

Extract and decode the payload.

Parameters

token string

Returns object payload object

install

With npm do:

npm install svelte-session-manager

license

BSD-2-Clause