Comment on page
Session Reference
Passage.js methods for managing user sessions on the client.
The
Session
class manages the auth token for the current user.All methods are a part of the
Session
class which should be used as follows:import { Passage } from '@passageidentity/passage-js';
const passage = new Passage('YOUR_APP_ID');
const session = passage.getCurrentSession();
const authToken = await session.getAuthToken();
.getAuthToken()
Gets an active authentication token for the current authenticated user. The token is refreshed when it expires and is no longer active.
Parameters
Returns
None. Checks local storage for a
psg_auth_token
to determine if an active authentication token is available. Checks local storage for a psg_refresh_token
to determine if the authentication token can be refreshed.Promise<string>
Returns an active authentication token.
.signOut()
Signs out the current authenticated user by clearing authentication tokens and revoking refresh tokens.
Parameters
Returns
None. Revokes the refresh token associated with the device or browser in use.
Promise<boolean>
Returns
true
if the refresh token was successfully revoked.
.refresh()
Gets a new authentication token for the current authenticated user. In most use cases,
.getAuthToken()
should be preferred as a faster method, since it returns the same authentication token until the token expires.Parameters
Returns
None. Checks local storage for a
psg_refresh_token
to determine if the authentication token can be refreshed.Promise<string>
Returns a new authentication token.
.authGuard()
Checks if the current user has a valid JWT and be used as a route guard in a frontend application.
IMPORTANT: this does not fully verify the user's authentication and is not intended as a secure method to be used when make authorization decisions. This method should be used to provide a basic route guard that can improve user experience. To securely check if a user is properly authenticated, use the
.userInfo()
method.
Parameters
Returns
None. Uses JWT provided during initialization or checks local storage for a
psg_auth_token
to determine the current user.boolean
true
is the JWT is valid and false
otherwise.Last modified 2mo ago