# Managing access tokens

This topic explains how to perform the following access token management tasks:

Creating a secure login process

For general recommendations on how to securely handle user registration and login, see Creating a secure login process between your app and server.

# Refreshing access tokens

The LINE SDK stores the user's valid access token after successful authorization and uses it to make API requests. You can get the expiration date of access tokens as below:

LineAccessToken accessToken = lineApiClient.getCurrentAccessToken().getResponseData();
Log.i(TAG, accessToken.getExpiresInMillis());

When making an API request, the LINE SDK automatically refreshes any expired access token through the LineApiClient interface. However, the refresh operation fails if the token has been expired for a long time. In that case, an error occurs and you need to have the user log in again.

It is not recommended to refresh access tokens by yourself. Automatic access token management by the LINE SDK is easier and safer for future upgrading. However, you can manually refresh access tokens as below:

LineAccessToken newAccessToken = lineApiClient.refreshAccessToken().getResponseData();

# Getting the current access token

If you have a client-server application, you can get the current access token to make API calls from your server. You can call the Social API with the access token. For more information, see the Social API reference.

To get the current access token, call the getCurrentAccessToken() method.

String accessToken = lineApiClient.getCurrentAccessToken().getResponseData().getTokenString();

Note: When sending access tokens to your server, we recommend encrypting the token and using SSL to send the encrypted data. You should also verify that the access token received by your server matches the access token used to call the Social API and that the channel ID matches the one for your channel.

# Verifying access tokens

To verify the validity of the current access token, call the verifyToken() method. This method returns a LineApiResponse object that contains the result. You can then call the isSuccess() method to check whether the token is valid. If the isSuccess() method returns true, the token is valid. Otherwise, the access token is invalid, expired, or the API call failed in some manner.

If the isSuccess() method returns false, use the LineApiResponse.getErrorData() method to get more information about why the verifyToken() method failed. In this case, the getResponseData() method returns null.

LineApiResponse verifyResponse = lineApiClient.verifyToken();
if (verifyResponse.isSuccess()) {
    Log.i(TAG, "getResponseData: " + verifyResponse.getResponseData().toString());
    Log.i(TAG, "getResponseCode: " + verifyResponse.getResponseCode().toString());
    return true;
} else {
    Log.i(TAG, "getResponseCode: " + verifyResponse.getResponseCode());
    Log.i(TAG, "getErrorData: " + verifyResponse.getErrorData());
    return false;

To get a list of permissions that are associated with the access token, call LineApiResponse.getPermission() method. The following example demonstrates how to display a list of permissions in a toast.

protected void onPostExecute(LineApiResponse response){
    if (response.isSuccess()){
        StringBuilder toastStringBuilder = new StringBuilder("Access Token is VALID and contains the permissions: ");
        for (String temp : response.getResponseData().getPermission()) {
            toastStringBuilder.append(temp + ", ");
        Toast.makeText(getApplicationContext(), toastStringBuilder.toString(), Toast.LENGTH_SHORT).show();