Token API
⚡ 8 min readThe transcodes.token object manages authentication tokens and session state
Methods
getCurrentMember()
Returns the current authenticated member. Extracts member info from the JWT and returns immediately without API calls. Returns null if not authenticated
transcodes.token.getCurrentMember(): Promise<Member | null>Returns: Promise<Member | null> — the member object or null if not authenticated
Example:
const member = await transcodes.token.getCurrentMember();
if (member) {
console.log('Current member:', member.email);
}This method reads member claims from the JWT. For the latest server-side profile, use transcodes.member.get()
getAccessToken()
Returns a valid Access Token. Lookup order: Memory → IndexedDB → New issuance with Attestation Key. Returns null if all are unavailable or expired
transcodes.token.getAccessToken(): Promise<string | null>Returns: Promise<string | null> - The access token or null if not authenticated
Example:
const token = await transcodes.token.getAccessToken();
if (token) {
fetch('https://api.example.com/data', {
headers: {
Authorization: `Bearer ${token}`,
},
});
}Do not validate the access token on the client. Always validate tokens on your server
hasToken()
Synchronously checks if there is a valid token in memory
transcodes.token.hasToken(): booleanReturns: boolean - true if a token exists in memory
Example:
if (transcodes.token.hasToken()) {
console.log('Token exists');
} else {
console.log('No token found');
}This is a synchronous method. Use isAuthenticated() for a more accurate
async check
isAuthenticated()
Checks if the member is authenticated. Performs pure validity check without token issuance. Checks in order: Memory → IndexedDB
transcodes.token.isAuthenticated(): Promise<boolean>Returns: Promise<boolean> - true if authenticated
Important: This method returns a Promise. Always use await!
Example:
const isAuth = await transcodes.token.isAuthenticated();
if (isAuth) {
console.log('Authenticated');
} else {
console.log('Not authenticated');
}Common Mistake:
// WRONG - this will always be truthy (Promise object)
if (transcodes.token.isAuthenticated()) {
// This always runs!
}
// CORRECT - use await
if (await transcodes.token.isAuthenticated()) {
// This correctly checks auth status
}signOut()
Signs out the current member. Removes tokens and keys from storage
transcodes.token.signOut(options?: { webhookNotification?: boolean }): Promise<void>Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
webhookNotification | boolean | No | Send Slack webhook on sign out. Default: false |
Returns: Promise<void>
Example:
async function handleSignOut() {
try {
await transcodes.token.signOut();
console.log('Signed out successfully');
window.location.href = '/';
} catch (error) {
console.error('Sign out failed:', error);
}
}Example with webhook notification:
await transcodes.token.signOut({ webhookNotification: true });Usage Examples
Complete Authentication Check
async function checkAuth() {
const isAuth = await transcodes.token.isAuthenticated();
if (!isAuth) {
console.log('Not authenticated');
return null;
}
const token = await transcodes.token.getAccessToken();
console.log('Access token available:', !!token);
return token;
}Protected API Call
async function callProtectedAPI(endpoint) {
const token = await transcodes.token.getAccessToken();
if (!token) {
throw new Error('Not authenticated');
}
const response = await fetch(`https://api.example.com${endpoint}`, {
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json',
},
});
if (!response.ok) {
throw new Error(`API call failed: ${response.status}`);
}
return response.json();
}Related
- Member API - Member profile from server
- Modal API - Authentication modals
- Events API - Auth state change events
- Types - Type definitions