User Session

Read the current user, check authentication state, and understand how token rotation works.

Read the current user

getUser() returns the authenticated user synchronously, or null if not signed in.

typescript

const user = Auther.getUser();

if (user) {
  console.log(user.id);            // UUID
  console.log(user.email);         // 'jane@example.com'
  console.log(user.expiresAt);     // epoch ms — access token expiry
  console.log(user.refreshExpiresAt); // epoch ms — refresh token expiry
}

Check authentication state

typescript

if (Auther.isAuthenticated()) {
  // user is logged in and token is not expired
}

Automatic token rotation

Access tokens are short-lived (15 minutes). The SDK automatically calls the refresh endpoint 60 seconds before expiry — in the background, without any action from you or the user.

If a request to your backend returns a 401, the SDK also refreshes reactively and retries the request once. Sessions stay alive silently for up to 30 days.

No action required

You never need to manage tokens, call refresh manually, or handle expiry. The SDK handles the entire lifecycle. Your onAuthStateChange callback fires only on actual login or logout — not on background refreshes.