Session store for svelte (currently only for JWT)

import { derived } from 'svelte';
import { Session, login } from 'svelte-session-manager';

// use localStorage as backing store
let session = new Session(localStorage);

// session may still be valid
if(!session.isValid) {
  await login(session, 'https://mydomain.com/authenticate', 'a user', 'a secret');
}

session.isValid; // true when auth was ok or localStorage token is still valid


export const values = derived(
  session,
  ($session, set) => {
    if (!session.isValid) {
      set([]); // session has expired no more data
    } else {
      fetch('https://mydomain.com/values', {
        headers: {
          ...session.authorizationHeader
        }
      }).then(async data => set(await data.json()));
    }
    return () => {};
  }
,[]);

// $values contains fetch result as long as session has not expired

export BROWSER=safari|chrome|...
npm|yarn test

The test runs the following requests against the server

• successful auth

curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbnRpdGxlbWVudHMiOiJhLGIsYyIsImlhdCI6MTYwNDY2NDI0NywiZXhwIjoxNjA0NjY0MjYyfQ.qyjeoCuXO0iyYwSxM2sM02_BVhaZobRmEWam1M8Hzkx51nbsAuTR8G1rNgz1COo_KvbCU7LwZt7qnSEFB1tcwyDA1eBxwc2Wb7JxWgQ50m1IWkr2JCgY1seWRJRcwZBXiTRtiPqhzofP-l3S-CBluzU48cd4yzoPayczLkKuPK4"}

• invalid credentials

curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'

{"message":"Unauthorized"}

live example

• login
  • Parameters
• handleFailedResponse
  • Parameters
• SessionData
  • Properties
• Session
  • Parameters
  • Properties
  • clear
  • save
  • authorizationHeader
  • isValid
  • invalidate
  • hasEntitlement
    • Parameters
  • subscribe
    • Parameters

Bring session into the valid state by calling the authorization endpoint and asking for a access_token. Executes a POST on the endpoint url expecting username, and password as json

• session Session to be opened
• endpoint string authorization url
• username string id of the user
• password string user credentials
• tokenmap object token names in response to internal known values (optional, default {access_token:"access_token",refresh_token:"refresh_token"})

Returns string error message in case of failure or undefined on success

Extract error description from response

• response FetchResponse

Returns string

Data as preserved in the backing store

Type: Object

• username string user name (id)
• access_token string JWT token
• refresh_token string JWT token

User session To create as session backed by browser local storage

let session = new Session(localStorage);

or by browser session storage

let session = new Session(sessionStorage);

• data SessionData

• entitlements Set<string>
• subscriptions Set<Object> store subscriptions
• expirationDate Date
• access_token string token itself
• refresh_token string refresh token
• store SessionData backing store to use for save same as data param

Invalidate session data.

Persist into the backing store.

Http header suitable for fetch.

Returns Object header The http header.

Returns string header.Authorization The Bearer access token.

As long as the expirationTimer is running we must be valid.

Returns boolean true if session is valid (not expired)

Remove all tokens from the session and the backing store.

Check presence of an entilement.

• name string of the entitlement

Returns boolean true if the named entitlement is present

Fired when the session changes.

• subscription Function

With npm do:

npm install svelte-session-manager

BSD-2-Clause