Comment on page
Token Management
How the iOS SDK manages your user's tokens
When you create an instance of
Passage
you also get an instance of PassageStore
, unless you choose to opt out of this functionality (see Manage tokens yourself). Anytime your user successfully registers or logs in, their auth token and refresh token (if applicable) are stored securely on their device.You can access the current auth token this way:
let passage = PassageAuth("YOUR_APP_ID")
let authToken = try? await passage.getAuthToken()
You can check if the auth token is expired like this:
let isExpired = PassageTokenUtils.isTokenExpired(token: authToken)
If you've setup refresh tokens in your app (strongly recommended), you can refresh your auth token like this:
try? await passage.refresh()
Note that calling
passage.refresh()
will store your new auth token on the device.When you call
passage.signOut()
, the user's tokens are removed from the device.try? await passage.signOut()
Your user's auth token and refresh token are both stored on device using Apple's Keychain API. When you sign out your user, the refresh token is revoked on the server and both tokens are removed from the device.
If you would prefer to manage tokens yourself and not use Passage Token Store, you can use the
PassageAuth
static methods instead.Any successful authentication call you make (see Passkey Authentication and Fallback Authentication) returns an
AuthResult
which contains your user's auth token and refresh token.For example:
let authResult = try? await PassageAuth.loginWithPasskey()
let authToken = authResult?.authToken
let refreshToken = authResult?.refreshToken
let expiration = authRestul?.refreshTokenExpiration
You can then store and mange them however you choose.
To make an authenticated Passage user request, simply use the
PassageAuth
static methods and pass the token. For example, to initiate a user email change:let magicLink = try? await PassageAuth.changeEmail(token: authToken, newEmail: "[email protected]")
You can use the
PassageToken
methods to refresh or revoke tokens like this:// Refresh
let authResult = try? await PassageAuth.refresh(refreshToken: refreshToken)
// Revoke
try? await PassageAuth.singOut(refreshToken: refreshToken)
Last modified 4d ago