iOS Objective-C: User Sessions
This tutorial will show you how to handle user sessions and retrieve the user's profile. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
- Before You Start
- Add the SimpleKeychain Dependency
- Save User Credentials When They Log in
- Check for an Access Token When the User Opens Your Application
- Validate the Access Token
- Deal with a Non-Valid Access Token
- Clear the Keychain When the User Logs Out
- Optional: Encapsulate Session Handling
- Get the User Profile
- Show the User Profile Information
- Update the User Profile
- Retrieve User Metadata
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
Before You Start
Before you continue with this tutorial, make sure that you are using the Swift wrapper and the Auth0 library to handle login. For more information, read the Login guide.
Add the SimpleKeychain Dependency
Integrate the SimpleKeychain library for managing user credentials.
If you are using Carthage, add the following to your
If you are using Cocoapods, add the following to your
Save User Credentials When They Log in
When your users log in successfully, save their credentials. You can then log them in automatically when they open your application again.
Import the Swift wrapper and Auth0 library:
Then, present the hosted login screen:
You need a valid Access Token. You can find the token in the
credentials object. To save the Access Token, use an
SimpleKeychain can be a key-value storage.
Check for an Access Token When the User Opens Your Application
When the user opens your application, check for an Access Token. If it exists, you can log the user in automatically and redirect them to the app's main flow without any additional login steps.
First, retrieve the Access Token value from the
accessToken key in the keychain:
Validate the Access Token
Check if the user's Access Token is still valid. Use
Auth0 to fetch the user's profile:
Deal with a Non-Valid Access Token
Decide how to deal with a non-valid Access Token. You can choose between two options:
- Ask users to re-enter their credentials.
.renew(withRefreshToken: refreshToken)with a Refresh Token to obtain a new valid Access Token.
If you want to ask your users to re-enter their credentials, clear all the values stored in the keychain:
The rest of this tutorial shows you how to use a Refresh Token to obtain a new Access Token.
The Refresh Token is a token string stored in the
Credentials object after a successful login. The Refresh Token doesn't expire.
Store the Refresh Token
To get a new Access Token, you need to first save the Refresh Token after the user logs in. Go to the section where you're saving the Access Token and update it as follows:
Use the Refresh Token to obtain a new Access Token
Now, you can use the saved Refresh Token to obtain a new Access Token:
Clear the Keychain When the User Logs Out
When you need to log the user out, remove their credentials from the keychain:
Optional: Encapsulate Session Handling
Handling user sessions is not a straightforward task. You can simplify it by storing token-related information and processes in a class. The class separates the logic for handling user sessions from the View Controller layer.
We recommend that you download the sample project from this tutorial and look at its implementation. Focus on the
SessionManager class, which manages the session handling processes.
Get the User Profile
To get the user profile, you need a valid Access Token.
Auth0 module, call the
userInfo method that allows you to get the user profile:
Show the User Profile Information
To show the information contained in the user profile, access its properties, for example:
You can request more information than returned in the basic profile. To do this, add
userMetadata to the profile.
Update the User Profile
You store additional user information in the user metadata. Perform a
Retrieve User Metadata
user_metadata dictionary contains fields related to the user profile. These fields can be added from client-side (for example, when the user edits their profile).
You can specify the fields you want to retrieve, or use an empty array
 to pull back the complete user profile.
Access the user's metadata. You can choose the key names and types for the