When an authentication is performed with the offline_access scope included, it will return a that can be used to request a new token without asking for credentials again.
Auth0.swift provides a utility class to streamline the process of storing and renewing credentials. You can access the accessToken or idToken properties from the Credentials instance. This is the preferred method to manage user credentials.First import the Auth0 module:import Auth0Next present the page:
Copy
Ask AI
let credentialsManager = CredentialsManager(authentication: Auth0.authentication())Auth0 .webAuth() .scope("openid profile offline_access") .start { result in switch result { case .success(let credentials): // Pass the credentials over to the Credentials Manager credentialsManager.store(credentials: credentials) case .failure(let error): // Handle error }}
The Keychain items do not get deleted after your app is uninstalled. We recommend to always clear all of your app’s Keychain items on first launch.
It can be useful to perform a quick check on app startup to ensure that you have renewable credentials stored in the manager. If not, the user can then be directed to authenticate.
You can retrieve the user’s credentials as follows:
Copy
Ask AI
credentialsManager.credentials { result in switch result { case .success(let credentials): // Valid credentials; you can access token properties such as // `idToken`, `accessToken` case .failure(let error): // Handle error, present login page }}
Renewing a user’s credentials works exactly the same way if the token has expired. The Credentials Manager will automatically renew the credentials, store the renewed credentials in the Keychain, then return a Result containing either the credentials or an error.
This section is for developers who would prefer not to use the Credentials Manager. We include the SimpleKeychain utility –a light wrapper over the system Keychain– that can be used to store the tokens securely.First import the SimpleKeychain module:import SimpleKeychainNext create an instance and store the tokens you need. In this case, you will store the access_token and refresh_token in the Keychain after a successful authentication.
Copy
Ask AI
let keychain = SimpleKeychain(service: "Auth0")Auth0 .webAuth() .scope("openid profile offline_access") .start { result in switch result { case .success(let credentials): guard let refreshToken = credentials.refreshToken else { // Handle error return } // Store the tokens do { try keychain.set(credentials.accessToken, forKey: "access_token") try keychain.set(refreshToken, forKey: "refresh_token") } catch { // Handle error } // You might want to route to your app's main flow at this point case .failure(let error): // Handle error }}
Once you have those stored, you can at any point request a fresh Credentials instance.
let keychain = SimpleKeychain(service: "Auth0")Auth0 .authentication() .renew(withRefreshToken: refreshToken) .start { result in switch(result) { case .success(let credentials): // If you have Refresh Token Rotation enabled, you get a // new refresh token // Otherwise you only get a new access token guard let refreshToken = credentials.refreshToken else { // Handle error return } // Store the new tokens do { try keychain.set(credentials.accessToken, forKey: "access_token") try keychain.set(refreshToken, forKey: "refresh_token") } catch { // Handle error } case .failure(let error): // Handle error }}
⌘I
Assistant
Responses are generated using AI and may contain mistakes.
