Auth0.swift Saving and Renewing Tokens

When an authentication is performed with the offline_access scope included, it will return a refresh token that can be used to request a new user token, without asking for credentials again.

Credentials Manager

Auth0.swift provides a utility class to streamline the process of storing and renewing credentials. You can access the accessToken or idToken properties from the Credentials instance.

First, import the Auth0 module:

import Auth0

Next, present the Login:

let credentialsManager = CredentialsManager(authentication: Auth0.authentication())

Auth0
    .webAuth()
    .scope("openid profile offline_access")
    .audience("https://YOUR_AUTH0_DOMAIN/userinfo")
    .start {
        switch $0 {
        case .failure(let error):
            // Handle the error
        case .success(let credentials):
            // Pass the credentials over to the Credentials Manager
            credentialsManager.store(credentials: credentials)
        }
}

Credentials Check

It can be useful to perform a quick check for valid credentials as the user can then be directed to authenticate.

guard self.credentialsManager.hasValid() else {
    // Present Login Screen
}

Renewing User Credentials

You can retrieve the user's credentials as follows:

self.credentialsManager.credentials { error, credentials in
    guard error == nil, let credentials = credentials else {
        // Handle Error, Route to Login
    }
    // Valid credentials, you can access the token properties e.g. `idToken`, `accessToken`.
}

Renewing a user's credentials works exactly the same way, if the token has expired. The Credentials Manager will automatically renew, store the new credentials to the Keychain and return them in the closure.

SimpleKeychain

If you are migrating from v1, you may already be familiar with using SimpleKeychain to handle iOS Keychain access.

First thing you need to do is store the tokens you need, in this case you will store the access_token and refresh_token in the Keychain after a successful authentication.

let keychain = A0SimpleKeychain(service: "Auth0")

Auth0
    .webAuth()
    .scope("openid profile offline_access")
    .audience("https://YOUR_AUTH0_DOMAIN/userinfo")
    .start {
        switch $0 {
        case .failure(let error):
            // Handle the error
        case .success(let credentials):
             guard let accessToken = credentials.accessToken, let refreshToken = credentials.refreshToken else { // Handle Error }
             keychain.setString(accessToken, forKey: "access_token")
             keychain.setString(refreshToken, forKey: "refresh_token")
             // You might want to route to a user profile screen at this point
        }
}

Once you have those stored, you can at any point request a fresh Credentials instance.

Renewing User Credentials

let keychain = A0SimpleKeychain(service: "Auth0")

Auth0
    .authentication()
    .renew(withRefreshToken: refreshToken)
    .start { result in
        switch(result) {
        case .success(let credentials):
            // Store the new Access Token
            keychain.setString(accessToken, forKey: "access_token")
            // You do not get a new refresh_token, you can still use the one you originally had
        case .failure(let error):
            keychain.clearAll()
            // Handle Error
        }
}