# Managing access tokens

This topic explains how to perform the following access token management tasks:

Creating a secure login process

For general recommendations on how to securely handle user registration and login, see Creating a secure login process between your app and server.

# Refreshing access tokens

The LINE SDK stores the user's valid access token after successful authorization and uses it to make API requests. You can get the expiration date of access tokens as below:

if let token = AccessTokenStore.shared.current {
    print("Token expires at:\(token.expiresAt)")
}

When making an API request through the API type, the LINE SDK automatically refreshes any expired access token. However, the refresh operation fails if the token has been expired for a long time. In that case, an error occurs and you need to have the user log in again. Read Handling errors to learn more.

Access token auto-refresh

Only the methods of the API type automatically refresh the access token. Methods of other types, such as API.Auth, don't trigger access token auto-refresh.

We recommend not refreshing access tokens yourself. It's easier and more future-proof to let LINE SDK automatically manage access tokens. However, if necessary, you can manually refresh access tokens like this:

API.Auth.refreshAccessToken { result in
    switch result {
    case .success(let token):
        print("Token Refreshed: \(token)")
    case .failure(let error):
        print(error)
    }
}

# Getting the current access token

If you have a client-server application, you can get the current access token to make API calls from your server. You can call the Social API with the access token. For more information, see the Social API reference.

To get the current access token, get the current property of the shared AccessTokenStore object as below:

if let token = AccessTokenStore.shared.current {
    print(token.value)
}

Note: When sending access tokens to your server, we recommend encrypting the token and using SSL to send the encrypted data. You should also verify that the access token received by your server matches the access token used to call the Social API and that the channel ID matches the one for your channel.

# Verifying access tokens

To verify the validity of the current access token, call the API.Auth.verifyAccessToken method. This method returns a AccessTokenVerifyResult object that contains the result. If verification succeeds, properties such as channelID, permissions, and expiresIn are returned as a response. Otherwise, the token is invalid, revoked, or expired, and an error is returned.

API.Auth.verifyAccessToken { result in
    switch result {
    case .success(let value):
        print(value.channelID) // Bound channel ID of the token.
        print(value.permissions) // The permissions of this token.
        print(value.expiresIn) // How long it is before the token expires.
    case .failure(let error):
        print(error)
    }
}