Auth0.swift: Save and Renew Tokens
When an authentication is performed with the offline_access scope included, it will return a Refresh Token that can be used to request a new token without asking for credentials again.
Credentials Manager
Auth0.swift provides a utility class to streamline the process of storing and renewing credentials. You can access the accessToken or idToken properties from the Credentials instance. This is the preferred method to manage user credentials.
First import the Auth0 module:
import Auth0
Next present the Universal Login page:
let credentialsManager = CredentialsManager(authentication: Auth0.authentication())
Auth0
.webAuth()
.scope("openid profile offline_access")
.audience("https://{yourDomain}/userinfo")
.start {
switch $0 {
case .failure(let error):
// Handle error
case .success(let credentials):
// Pass the credentials over to the Credentials Manager
credentialsManager.store(credentials: credentials)
}
}Was this helpful?
The Keychain items do not get deleted after your app is uninstalled. We recommend to always clear all of your app's Keychain items on first launch.
Credentials Check
It can be useful to perform a quick confidence check to ensure that you have valid credentials stored in the manager. If not, the user can then be directed to authenticate.
guard credentialsManager.canRenew() else {
// Present login screen
}Was this helpful?
Retrieving User Credentials
You can retrieve the user's credentials as follows:
credentialsManager.credentials { error, credentials in
guard error == nil, let credentials = credentials else {
// Handle error, present login page
}
// Valid credentials; you can access token properties such as `idToken`, `accessToken`.
}Was this helpful?
Renewing a user's credentials works exactly the same way if the token has expired. The Credentials Manager will automatically renew the credentials, store the renewed credentials to the Keychain, then return them in the closure.
Alternative Method - SimpleKeychain
If you are familiar with Lock v1, you may already be using the SimpleKeychain SDK to handle iOS Keychain read/write access. This section is for developers who would prefer to keep using the SimpleKeychain and not upgrade to the preferred Credentials Manager.
The first thing you will do is store the tokens you need. In this case, you will store the access_token and refresh_token in the Keychain after a successful authentication.
let keychain = A0SimpleKeychain(service: "Auth0")
Auth0
.webAuth()
.scope("openid profile offline_access")
.audience("https://{yourDomain}/userinfo")
.start {
switch $0 {
case .failure(let error):
// Handle error
case .success(let credentials):
guard let accessToken = credentials.accessToken,
let refreshToken = credentials.refreshToken else {
// Handle error
return
}
keychain.setString(accessToken, forKey: "access_token")
keychain.setString(refreshToken, forKey: "refresh_token")
// You might want to route to a user profile screen at this point
}
}Was this helpful?
Once you have those stored, you can at any point request a fresh Credentials instance.
Renewing User Credentials
let keychain = A0SimpleKeychain(service: "Auth0")
Auth0
.authentication()
.renew(withRefreshToken: refreshToken)
.start { result in
switch(result) {
case .success(let credentials):
// If you have Refresh Token Rotation enabled, you get a new Refresh Token
// Otherwise you only get a new Access Token
guard let accessToken = credentials.accessToken,
let refreshToken = credentials.refreshToken else {
// Handle error
return
}
// Store the new tokens
keychain.setString(accessToken, forKey: "access_token")
keychain.setString(refreshToken, forKey: "refresh_token")
case .failure(let error):
keychain.clearAll()
// Handle error
}
}Was this helpful?