Token Management
How the Flutter SDK manages your user’s tokens
s The Passage Flutter SDK manages your user’s auth tokens for you. Anytime your user successfully registers or logs in, their auth token and refresh token (if applicable) are stored securely on their device or browser.Token functions
Get auth token
You can access the current user’s auth token this way:
try {
String authToken = await passage.tokenStore.getValidAuthToken();
} catch (error) {
if (error is PassageError) {
// Handle error
}
}If the stored auth token is invalid, this method will use the refresh token to get and save a new auth token.
Refresh auth token
If you’ve setup refresh tokens in your app (strongly recommended), you can call passage.tokenStore.refreshAuthToken() to get a new auth token. This method will store the new auth token and return it.
String newAuthToken = passage.tokenStore.refreshAuthToken();Check if auth token is valid
You may want to check if your auth token is valid before using it to make sure you don’t need to refresh the auth token.
// Retrieve auth token
String? authToken = await passage.tokenStore.getValidAuthToken();
// Check if the auth token is valid
bool isValid = await passage.tokenStore.isAuthTokenValid(authToken!);Sign out user and remove tokens from device
When you call passage.currentUser.logout(), the user’s tokens are removed from the device.
await passage.currentUser.logout();Token storage
iOS
Your user’s auth token and refresh token are both stored on device using Apple’s Keychain API. When you sign out your user, the refresh token is revoked on the server and both tokens are removed from the device.
Android
Your user’s auth token and refresh token are both stored on device using Android’s own Encrypted Shared Preferences library. When you sign out your user, the refresh token is revoked on the server and both tokens are removed from the device.
Web
Passage Flutter will store, lookup and clear auth tokens in localStorage and in a cookie using a consistent key value.