Comment on page
How the iOS SDK manages your user's tokens
When you create an instance of
Passageyou also get an instance of
PassageStore, unless you choose to opt out of this functionality (see Manage tokens yourself). Anytime your user successfully registers or logs in, their auth token and refresh token (if applicable) are stored securely on their device.
You can access the current auth token this way:
let passage = PassageAuth("YOUR_APP_ID")
let authToken = try? await passage.getAuthToken()
You can check if the auth token is expired like this:
let isExpired = PassageTokenUtils.isTokenExpired(token: authToken)
try? await passage.refresh()
Note that calling
passage.refresh()will store your new auth token on the device.
When you call
passage.signOut(), the user's tokens are removed from the device.
try? await passage.signOut()
Your user's auth token and refresh token are both stored on device using Apple's Keychain API. When you sign out your user, the refresh token is revoked on the server and both tokens are removed from the device.
If you would prefer to manage tokens yourself and not use Passage Token Store, you can use the
PassageAuthstatic methods instead.
Any successful authentication call you make (see Passkey Authentication and Fallback Authentication) returns an
AuthResultwhich contains your user's auth token and refresh token.
let authResult = try? await PassageAuth.loginWithPasskey()
let authToken = authResult?.authToken
let refreshToken = authResult?.refreshToken
let expiration = authRestul?.refreshTokenExpiration
You can then store and mange them however you choose.
To make an authenticated Passage user request, simply use the
PassageAuthstatic methods and pass the token. For example, to initiate a user email change:
You can use the
PassageTokenmethods to refresh or revoke tokens like this:
let authResult = try? await PassageAuth.refresh(refreshToken: refreshToken)
try? await PassageAuth.singOut(refreshToken: refreshToken)