![Svelte v5](https://svelte.dev)
![npm](https://www.npmjs.com/package/svelte-session-manager)
![License](https://spdx.org/licenses/0BSD.html)
![bundlejs](https://bundlejs.com/?q=svelte-session-manager)
![downloads](https://npmjs.org/package/svelte-session-manager)
![GitHub Issues](https://github.com/arlac77/svelte-session-manager/issues)
![Build Status](https://actions-badge.atrox.dev/arlac77/svelte-session-manager/goto)
![Styled with prettier](https://github.com/prettier/prettier)
![Commitizen friendly](http://commitizen.github.io/cz-cli/)
![Known Vulnerabilities](https://snyk.io/test/github/arlac77/svelte-session-manager)
![Tested with playwright](https://playwright.dev)

svelte-session-manager

Session store for svelte (currently only for JWT)

usage

``js import { derived } from 'svelte'; import { Session, login } from 'svelte-session-manager';

// use localStorage as backing store let session = new Session(localStorage);

// session may still be valid if(!session.isValid) { await login(session, 'https://mydomain.com/authenticate', 'a user', 'a secret'); }

session.isValid; // true when auth was ok or localStorage token is still valid

export const values = derived( session, ($session, set) => { if (!session.isValid) { set([]); // session has expired no more data } else { fetch('https://mydomain.com/values', { headers: { ...session.authorizationHeader } }).then(async data => set(await data.json())); } return () => {}; } ,[]);

// $values contains fetch result as long as session has not expired`

`run tests`

`sh export BROWSER=safari|chrome|... npm|yarn test`

The test runs the following requests against the server

* successful auth

`sh curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'`

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbnRpdGxlbWVudHMiOiJhLGIsYyIsImlhdCI6MTYwNDY2NDI0NywiZXhwIjoxNjA0NjY0MjYyfQ.qyjeoCuXO0iyYwSxM2sM02_BVhaZobRmEWam1M8Hzkx51nbsAuTR8G1rNgz1COo_KvbCU7LwZt7qnSEFB1tcwyDA1eBxwc2Wb7JxWgQ50m1IWkr2JCgY1seWRJRcwZBXiTRtiPqhzofP-l3S-CBluzU48cd4yzoPayczLkKuPK4"}

* invalid credentials

`sh curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'`

{"message":"Unauthorized"}

`Live Example`

live example

`API`

`$3`

* login * Parameters * handleFailedResponse * Parameters * SessionData * Properties * msecsRequiredForRefresh * supportedTokenTypes * Session * Parameters * Properties * update * Parameters * refresh * authorizationHeader * isValid * invalidate * hasEntitlement * Parameters * subscribe * Parameters * decode * Parameters

`login`

Bring session into the valid state by calling the authorization endpoint and asking for a access\_token. Executes a POST on the endpoint url expecting username, and password as json

`$3`

* sessionSession to be opened *endpointstring authorization url *usernamestring id of the user *passwordstring user credentials *tokenmap Object token names in response to internal known values (optional, default defaultTokenMap)

* tokenmap.access_token string

Returns Promise<(string | undefined)> error message in case of failure or undefined on success

`handleFailedResponse`

Extract error description from response.

`$3`

* response Response

Returns Promise<string>

`SessionData`

Data as preserved in the backing store.

Type: Object

`$3`

* usernamestring user name (id) *access_tokenstring JWT token *refresh_token string JWT token

`msecsRequiredForRefresh`

Time required to execute a refresh

Type: number

`supportedTokenTypes`

`Session`

User session. To create as session backed by browser local storage.

`js let session = new Session(localStorage);`

or by browser session storage

`js let session = new Session(sessionStorage);`

`$3`

* store SessionData (optional, default localStorage)

`$3`

* entitlementsSet<string> *subscriptionsSet<Object> store subscriptions *expirationDateDate when the access token expires *access_tokenstring token itself *refresh_token string refresh token

`$3`

Consume auth response data and reflect internal state.

#### Parameters

* data Object

* data.entitlementsstring? *data.token_typestring? *data.expires_innumber? *data.access_token string?

`$3`

Refresh with refresh\_token.

Returns Promise<boolean> true if refresh was succcessfull false otherwise

`$3`

Http header suitable for fetch.

Returns ({Authorization: string} | {}) The Bearer access token.

`$3`

As long as the expirationTimer is running we must be valid.

Returns boolean true if session is valid (not expired)

`$3`

Remove all tokens from the session and the backing store.

`$3`

Check presence of an entitlement.

#### Parameters

* name string of the entitlement

Returns boolean true if the named entitlement is present

`$3`

Fired when the session changes.

#### Parameters

* subscription Function

`decode`

Extract and decode the payload.

`$3`

* token string

Returns (Object | undefined) payload object

`install`

With npm do:

`shell npm install svelte-session-manager``

license

BSD-2-Clause

svelte-session-manager

Session store for svelte (currently only for JWT)

usage

``js import { derived } from 'svelte'; import { Session, login } from 'svelte-session-manager';

// use localStorage as backing store let session = new Session(localStorage);

// session may still be valid if(!session.isValid) { await login(session, 'https://mydomain.com/authenticate', 'a user', 'a secret'); }

session.isValid; // true when auth was ok or localStorage token is still valid

// $values contains fetch result as long as session has not expired`

`run tests`

`sh export BROWSER=safari|chrome|... npm|yarn test`

The test runs the following requests against the server

* successful auth

`sh curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'`

* invalid credentials

`sh curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'`

{"message":"Unauthorized"}

`Live Example`

live example

`API`

`$3`

`login`

Bring session into the valid state by calling the authorization endpoint and asking for a access\_token. Executes a POST on the endpoint url expecting username, and password as json

`$3`

* tokenmap.access_token string

Returns Promise<(string | undefined)> error message in case of failure or undefined on success

`handleFailedResponse`

Extract error description from response.

`$3`

* response Response

Returns Promise<string>

`SessionData`

Data as preserved in the backing store.

Type: Object

`$3`

* usernamestring user name (id) *access_tokenstring JWT token *refresh_token string JWT token

`msecsRequiredForRefresh`

Time required to execute a refresh

Type: number

`supportedTokenTypes`

`Session`

User session. To create as session backed by browser local storage.

`js let session = new Session(localStorage);`

or by browser session storage

`js let session = new Session(sessionStorage);`

`$3`

* store SessionData (optional, default localStorage)

`$3`

Consume auth response data and reflect internal state.

#### Parameters

* data Object

* data.entitlementsstring? *data.token_typestring? *data.expires_innumber? *data.access_token string?

`$3`

Refresh with refresh\_token.

Returns Promise<boolean> true if refresh was succcessfull false otherwise

`$3`

Http header suitable for fetch.

Returns ({Authorization: string} | {}) The Bearer access token.

`$3`

As long as the expirationTimer is running we must be valid.

Returns boolean true if session is valid (not expired)

`$3`

Remove all tokens from the session and the backing store.

`$3`

Check presence of an entitlement.

#### Parameters

* name string of the entitlement

Returns boolean true if the named entitlement is present

`$3`

Fired when the session changes.

#### Parameters

* subscription Function

`decode`

Extract and decode the payload.

`$3`

* token string

Returns (Object | undefined) payload object

`install`

With npm do:

`shell npm install svelte-session-manager``

license

BSD-2-Clause