xkit.js is a client-side library, so it only authenticates in the context of a single end-user.
You can create an Xkit User Token with the Provision Platform User endpoint, or with a Custom Token Issuer.
Once you have an Xkit User Token, you can use the login function on xkit.js to log in:
await xkit.login(some_user_token)
Once you log in, xkit.js creates a user session and it will manage refreshing access tokens as needed so that your xkit.js instance will be able to access protected function calls.
Once the user session expires, the end-user will be redirected to the login redirect URL configured in the settings. Alternatively, you can pass a TokenCallback to the login function to provide a new valid token which will be used to create a new user session.
User session can be manually invalidated using the logout function.