The actor a user wants to authenticate with.
OptionalscopeA yet undefined property detailing what operations the session grants the user to perform. For example, to allow a user to read private messages from a particular set of channels or to allow the user to write object matching a particular schema.
This object contains information that
sources can use to verify that a user has permission to operate a particularactor. This object is required of all Graffiti methods that modify objects and is optional for methods that read objects.At a minimum the
sessionobject must contain theactorURI the user wants to authenticate with. However it is likely that thesessionobject must contain other implementation-specific properties. For example, a Solid implementation might include afetchfunction. A distributed implementation may include a cryptographic signature.As to why the
sessionobject is passed as an argument to every method rather than being an internal property of the Graffiti instance, this is primarily for type-checking to catch bugs related to login state. Graffiti applications can expose some functionality to users who are not logged in with Graffiti.get and Graffiti.discover but without type-checking thesessionit can be easy to forget to hide buttons that trigger other methods that require login. In the future,sessionobject may be updated to include scope information and passing thesessionto each method can type-check whether the session provides the necessary permissions.Passing the
sessionobject per-method also allows for multiple sessions to be used within the same application, like an Email client fetching from multiple accounts.