# Managing access tokens

This topic explains how to perform the following access token management tasks:

# Refreshing access tokens

The LINE SDK stores the user's valid access token after successful authorization and uses it to make API requests. You can get the expiration date of access tokens as below:

LineSDKAccessToken * accessTokenObject = [apiClient currentAccessToken];
NSString * accessTokenString = accessTokenObject.expiresIn;

When making an API request through a LineSDKAPI object, the LINE SDK automatically refreshes any expired access token. However, the refresh operation fails if the token has been expired for a long time. In that case, an error occurs and you need to have the user log in again.

It is not recommended to refresh access tokens by yourself. Automatic access token management by the LINE SDK is easier and safer for future upgrading. However, you can manually refresh access tokens as below:

[apiClient refreshTokenWithCompletion:^(LineSDKAccessToken * _Nullable accessToken, NSError * _Nullable error) {
     
    if (error){
         
        // The token refresh failed.
        NSLog(@"Error occurred when refreshing the access token: %@", error.description);
 
    } else {
 
        // The token refresh succeeded so we can get the refreshed access token.
        NSString * newAccessToken = accessToken.accessToken;       
         
    }
     
}];

If the call succeeds, a new access token is returned in the accessToken argument and the error argument is nil. Otherwise, you can get information about the failure from the error argument.

# Getting the current access token

When building a client-server application, use access tokens to send user information between your app and the server.

If you obtain an access token in your app and send it to a server, you can then make LINE Login API calls from that server.

To learn more, see the LINE Login v2.1 API reference.

To get the access token that the LINE SDK has saved in your app, call the currentAccessToken method as shown below. The access token is saved in the accessToken property of the LineSDKAccessToken object.

LineSDKAccessToken * accessTokenObject = [apiClient currentAccessToken];
NSString * accessTokenString = accessTokenObject.accessToken;

You can also get the access token saved by the LINE SDK in the LineSDKAPI object's accessToken object.

NSString * accessToken = apiClient.currentAccessToken.accessToken;
Note

When sending access tokens to your server, we recommend encrypting the token and using SSL to send the encrypted data. You should also verify that the access token received by your server matches the access token used to call LINE Login and that the channel ID matches the one for your channel.

# Verifying access tokens

To verify the validity of the current access token, call the verifyTokenWithCompletion method. This method checks whether the stored token is valid. This method returns a LineSDKVerifyResult object that contains the result. If verification succeeds, properties such as channelID, permissions, and expiresIn are returned as a response. Otherwise, the token is invalid, revoked, or expired, and an error is returned.

[apiClient verifyTokenWithCompletion:^(LineSDKVerifyResult * _Nullable result, NSError * _Nullable error) {
     
    if (error) {
        // Token is invalid
        NSLog(@"Token is Invalid: %@", error.description);
    } else {
        // Token is Valid
    }
}];

You can get a list of permissions that are associated with the access token from the permissions property of the LineSDKVerifyResult object. The following example demonstrates how to display a list of an access token’s permissions in a dialog.

[apiClient verifyTokenWithCompletion:^(LineSDKVerifyResult * _Nullable result, NSError * _Nullable error) {
     
    if (error) {
        // Token is invalid
        NSLog(@"Token is Invalid: %@", error.description);
    } else {
        NSMutableString * text = [[NSMutableString alloc]initWithString:@"Access Token is Valid and contains the following permissions: "];
 
        for (NSString* permission in result.permissions){
            [dialog appendFormat:@"%@, ", permission];
        }
 
        NSString * label = @"Access Token is Valid";
        UIAlertController *alertController;
        alertController = [UIAlertController alertControllerWithTitle:label message:text preferredStyle:UIAlertControllerStyleAlert];
 
        UIAlertAction* ok = [UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil];
        [alertController addAction:ok];
 
        [self presentViewController:alertController animated:YES completion:nil];
    }
}];

# Executing the completion block in a different queue

The verifyTokenWithCompletion method executes its completion block in the main queue. To execute the completion block in a different queue, specify the queue by calling the verifyTokenWithCallbackQueue method.

[apiClient verifyTokenWithCallbackQueue:dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0)
    completion:^(LineSDKVerifyResult * _Nullable result, NSError * _Nullable error) {
...
}];