Token Management

How the iOS SDK manages your user's tokens

Use Passage Token Store

When you create an instance of Passage you also get an instance of PassageStore , unless you choose to opt out of this functionality (see Manage tokens yourself). Anytime your user successfully registers or logs in, their auth token and refresh token (if applicable) are stored securely on their device.

Get auth token

You can access the current auth token this way:

let passage = PassageAuth("YOUR_APP_ID")
let authToken = try? await passage.getAuthToken()

Check if auth token is expired

You can check if the auth token is expired like this:

let isExpired = PassageTokenUtils.isTokenExpired(token: authToken)

Refresh auth token

If you've setup refresh tokens in your app (strongly recommended), you can refresh your auth token like this:

try? await passage.refresh()

Note that calling passage.refresh() will store your new auth token on the device.

Sign out user and remove tokens from device

When you call passage.signOut(), the user's tokens are removed from the device.

try? await passage.signOut()

How are tokens stored?

Your user's auth token and refresh token are both stored on device using Apple's Keychain API. When you sign out your user, the refresh token is revoked on the server and both tokens are removed from the device.

Manage tokens yourself

If you would prefer to manage tokens yourself and not use Passage Token Store, you can use the PassageAuth static methods instead.

Get tokens from auth methods

Any successful authentication call you make (see Passkey Authentication and Fallback Authentication) returns an AuthResult which contains your user's auth token and refresh token.

For example:

let authResult = try? await PassageAuth.loginWithPasskey()
let authToken = authResult?.authToken
let refreshToken = authResult?.refreshToken
let expiration = authRestul?.refreshTokenExpiration

You can then store and mange them however you choose.

Authenticate Passage requests

To make an authenticated Passage user request, simply use the PassageAuth static methods and pass the token. For example, to initiate a user email change:

let magicLink = try? await PassageAuth.changeEmail(token: authToken, newEmail: "[email protected]")

Refresh and revoke tokens

You can use the PassageToken methods to refresh or revoke tokens like this:

// Refresh
let authResult = try? await PassageAuth.refresh(refreshToken: refreshToken)

// Revoke
try? await PassageAuth.singOut(refreshToken: refreshToken)

Last updated