xkit.js is a client-side library, so it only authenticates in the context of a single end-user.
Once you log in, xkit.js creates a user session and it will manage refreshing access tokens as needed so that your xkit.js instance will be able to access protected function calls.
Once the user session expires, the end-user will be redirected to the login redirect URL configured in the settings. Alternatively, you can pass a TokenCallback to the login function to provide a new valid token which will be used to create a new user session.
User session can be manually invalidated using the logout function.