Represents an authenticated session with Supabase's Auth service.

A session contains the tokens and metadata necessary for authenticating subsequent API requests. It is returned after a successful sign-in or sign-up operation and can be refreshed using Supabase.Auth.refresh_session/2.

Fields

• access_token - JWT token used for API authorization (required)
• refresh_token - Token used to obtain a new access token when it expires (required)
• expires_in - Number of seconds until the access token expires (required)
• expires_at - Unix timestamp (in seconds) when the token expires
• token_type - Type of token, usually "bearer" (required)
• provider_token - OAuth provider-specific token (if applicable)
• provider_refresh_token - OAuth provider-specific refresh token (if applicable)
• user - The authenticated user's profile information (Supabase.Auth.User)

Usage

# Store the session securely after sign-in
{:ok, session} = Supabase.Auth.sign_in_with_password(client, credentials)

# Use the session for authenticated requests
{:ok, user} = Supabase.Auth.get_user(client, session)

# Refresh the session before it expires
{:ok, refreshed_session} = Supabase.Auth.refresh_session(client, session.refresh_token)

Security Notes

• The access_token contains sensitive information and should be secured appropriately
• Sessions should be refreshed before they expire to maintain authentication
• For web applications, it's recommended to store session tokens in HTTP-only cookies