Authenticate (shared concepts)#

Session object#

Both @inrupt/solid-client-authn-browser and @inrupt/solid-client-authn-node libraries expose a Session class which represents a stateful user session.

Session information#

Information about the session can be obtained using the info property on a Session instance, exposing the following fields:

`isLoggedIn`	Boolean flag indicating whether the session is currently able to make authenticated requests.
`webId`	The WebID of the user if logged in, undefined otherwise.
`clientAppId`	The application identifier, or a “Public app” identifier if the app does not provide its own. This is undefined until the session is logged in and the app identifier has been verified.
`sessionId`	A unique identifier for the session. This is generated automatically when creating a new session.
`expirationDate`	UNIX timestamp (number of milliseconds since Jan 1st 1970) representing the time until which this session is valid.

Session Lifecycle#

The Session class provides the following methods to drive its authentication lifecycle:

`login`	Initiates the login process, potentially redirecting the user to their identity provider.
`handleIncomingRedirect`	Completes the login process by parsing information sent by the identity provider after successful authentication and a redirection to the application.
`logout`	Terminates the user session.

The server-side, in-browser and script authentication pages provide details about the specifics of each environment.

Session data retrieval#

The Session class exposes a fetch method. When the user session is logged in, the fetch method adds authentication information to the HTTP requests. The fetch method signature mimics the standard fetch API, making it compatible with any code expecting a fetch function.

Session Events#

The Session object exposes an events attribute which can be used to listen to various session-related events. events exposes an isomorphic API similar to the NodeJS EventEmitter class, with methods such as on to register a callback to an event or off to remove the callback.

A Session instance will emit the following events:

`login`	Emitted when a session successfully logs in.
`logout`	Emitted when a session successfully logs out.
`sessionExpired`	Emitted when a session’s token expires and was not refreshed.
`sessionExtended`	Emitted when a session’s token is refreshed, extending its lifetime.
`error`	Fired when an error occurs during session operations.

Typescript types are used to document the arguments passed to the callbacks for each event.

The server-side authentication pages documents events specific to the NodeJS environment.