# User object

When a user is signed in, tiun exposes them to your app as a **user object**. It's the canonical "who is this person and what can they use" record on the client.

***

## Reading the user

Call `tiun.getUser()` to read the current state. It returns an object shaped like:

```javascript
{ isAuthenticated, user }
```

When someone is signed in, `user` is the user object. When they're not, `user` is `null` and `isAuthenticated` is `false`.

The same payload is also available on every [`userChange`](/sdk/reference/events.md) event, so you rarely call `getUser()` directly — listening to `userChange` keeps your UI in sync. For one-off reads, the quick-access properties `tiun.user` and `tiun.isAuthenticated` are also available. See [SDK properties](/sdk/reference/properties.md).

***

## Shape

| Field           | Type       | Description                                                                                                       |
| --------------- | ---------- | ----------------------------------------------------------------------------------------------------------------- |
| `userId`        | `string`   | Stable identifier for this user in tiun.                                                                          |
| `email`         | `string`   | Email on the account; used for receipts and identification.                                                       |
| `productAccess` | `string[]` | Product IDs the user currently has active access to. See [Product access](/reference/checkout/product-access.md). |

***

## Typical payloads

**Unauthenticated:**

```javascript
{ isAuthenticated: false, user: null }
```

**Authenticated, no purchases:**

```javascript
{
  isAuthenticated: true,
  user: {
    userId: 'u-abc123',
    email: 'user@example.com',
    productAccess: []
  }
}
```

**Authenticated with active subscriptions:**

```javascript
{
  isAuthenticated: true,
  user: {
    userId: 'u-abc123',
    email: 'user@example.com',
    productAccess: ['p-live-light', 'p-live-pro']
  }
}
```

***

## When the user object updates

The user object is populated and refreshed at several points:

* After a successful **checkout** (`event: 'checkout'`)
* After a successful **login** (`event: 'login'`)
* After **session restore** on page load (`event: 'init'`)
* After **logout**, where `user` becomes `null` (`event: 'logout'`)
* When **entitlements change** — for example a subscription expires, removing its product ID from `productAccess`

Listen to `userChange` so your UI reflects each of these moments. For UI gating patterns built on top of this state, see [Protecting content](/reference/authentication/protecting-content.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tiun.io/reference/authentication/user-object.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.