Comment on page
Token Management
How the Android SDK manages your user's tokens
When you create an instance of
Passage
you also get an instance of PassageTokenStore
, unless you choose to opt out of this functionality (see Manage tokens yourself).You can access the current auth token this way:
val token = passage.tokenStore.authToken
If you've setup refresh tokens in your app (strongly recommended), the Passage Token Store handles refreshing the auth token for you before it expires. If you have short lived auth tokens, it is highly recommended you use the
getValidAuthToken
suspend method instead of the above property, so you don't have to worry about using an expired token.suspend fun exampleGetRequest() {
val token = passage.tokenStore.getValidAuthToken()
// Use token
}
Your user's auth token and refresh token are both stored on device using Android's own Encrypted Shared Preferences library. When you sign out your user, the tokens are revoked on the server and removed from the device.
If you would prefer to manage tokens yourself and not use Passage Token Store, simply copy and paste this into your app's
strings.xml
file:<string name="use_passage_store">false</string>
Note that you will not be able to access
passage.tokenStore
when you set this.Any successful authentication call you make (see Passkey Authentication and Email/SMS Authentication) returns a
PassageAuthResult
which contains your user's auth token and refresh token.For example:
suspend fun login() {
try {
val authResult = passage.loginWithPasskey()
val authToken = authResult.authToken // String
val refreshToken = authResult.refreshToken // String?
val expiration = authResult.refreshTokenExpiration // Int?
} catch (e: LoginWithPasskeyException) {
// ..
}
}
You can then store and mange them however you choose.
To make a request on a
PassageUser
like user.changeEmail(newEmail)
you'll first need to provide that auth token to the Passage
class.Passage.setAuthToken(YOUR_TOKEN)
val user = passage.getCurrentUser()
user.changeEmail("[email protected]")
You can use the
PassageToken
methods to refresh or revoke tokens like this:suspend fun getNewTokens(oldRefreshToken: String) {
try {
val authResult = PassageToken.refreshAuthToken(oldRefreshToken)
val newAuthToken = authResult.authToken
val newRefreshToken = authResult.refreshToken
val newExpiration = authResult.refreshTokenExpiration
} catch(e: PassageTokenException) {
when (e) {
is PassageTokenUnauthorizedException -> {
// Refresh token is no longer valid
}
}
}
}
suspend fun revokeToken(refreshToken: String) {
try {
passage.revokeRefreshToken(refreshToken)
} catch (e: PassageTokenException) {
// ..
}
}
Last modified 4d ago