SDK.whatever()method, that's either fired through
this.$apior on the
apiobject directly after it being imported.
The Directus API returns a JWT token on successful login. This token will always expire in 5 minutes. There are also static tokens for each user, though because these tokens don't change they should be used with caution. You can learn more about both of these types of tokens in API Reference: Authentication.
The application forwards the credentials to the SDK, which will make the request for the token and start an internal interval.
The SDK keeps the user logged in forever. To logout of the application, the
logout method has to be fired on the SDK. This will delete the token locally and cancel the refresh interval. Checkout the SDK implementation for the actual inner working of this.
The SDK uses Emittery under the hood. The SDK is "connected" to the store via these events. For example:
commit a login mutation to the store, setting the
loggedIn flag in the store to true. Likewise,
logout will set this flag to false. The store is only used to reflect the current loggedin state of the SDK. The application has no further involvement in keeping the user logged in.
SDK.login()with the credentials
SDK.login() method returns a promise. The promise will resolve on a successful login. Therefore, the application can navigate away from the login page on a resolve of this promise.
Keeps the access token in the SDK and the application store in sync. The token in the store gets saved and retrieved to/from localstorage so the user isn't logged out on refresh.
If the user re-opens the page when there is an invalid token in the store, the SDKs loggedIn flag will be false and the application will logout immediately.