Token Management
How the Android SDK manages your user's tokens
Use Passage Token Store
When you create an instance of Passage
you also get an instance of PassageTokenStore
, unless you choose to opt out of this functionality (see Manage tokens yourself).
Get auth token
You can access the current auth token this way:
Get refreshed auth token
If you've setup refresh tokens in your app (strongly recommended), the Passage Token Store handles refreshing the auth token for you before it expires. If you have short lived auth tokens, it is highly recommended you use the getValidAuthToken
suspend method instead of the above property, so you don't have to worry about using an expired token.
How are tokens stored?
Your user's auth token and refresh token are both stored on device using Android's own Encrypted Shared Preferences library. When you sign out your user, the tokens are revoked on the server and removed from the device.
Manage tokens yourself
If you would prefer to manage tokens yourself and not use Passage Token Store, simply copy and paste this into your app's strings.xml
file:
Note that you will not be able to access passage.tokenStore
when you set this.
Get tokens from auth methods
Any successful authentication call you make (see Passkey Authentication and Email/SMS Authentication) returns a PassageAuthResult
which contains your user's auth token and refresh token.
For example:
You can then store and mange them however you choose.
Authenticate PassageUser requests
To make a request on a PassageUser
like user.changeEmail(newEmail)
you'll first need to provide that auth token to the Passage
class.
Refresh and revoke tokens
You can use the PassageToken
methods to refresh or revoke tokens like this:
Last updated