# Managing access tokens

This topic explains how to perform the following access token management tasks:

Creating a secure login process

For general recommendations on how to securely handle user registration and login, see Creating a secure login process between your app and server.

# Refreshing access tokens

The LINE SDK stores the user's valid access token after successful authorization and uses it to make API requests. You can get the expiration date of access tokens as below:

LineAccessToken accessToken = lineApiClient.getCurrentAccessToken().getResponseData();
Log.i(TAG, accessToken.getExpiresInMillis());

When making an API request, the LINE SDK automatically refreshes any expired access token through the LineApiClient interface. However, the refresh operation fails if the token has been expired for a long time. In that case, an error occurs and you need to have the user log in again.

It is not recommended to refresh access tokens by yourself. Automatic access token management by the LINE SDK is easier and safer for future upgrading. However, you can manually refresh access tokens as below:

LineAccessToken newAccessToken = lineApiClient.refreshAccessToken().getResponseData();

# Getting the current access token

When building a client-server application, use access tokens to send user data between your app and the server. If you obtain an access token in your app and send it to a server, you can then make LINE Login API calls from that server. To learn more, see the LINE Login v2.1 API reference.

To get the access token that the LINE SDK has saved in your app, call the getCurrentAccessToken() method.

String accessToken = lineApiClient.getCurrentAccessToken().getResponseData().getTokenString();
Note

We recommend that you encrypt your access tokens before sending them to your server via an SSL connection.

Verify that these conditions are true before using an access token on your server.

  • The server has received the same access token that is used to make LINE Login API calls.
  • The channel ID used to make LINE Login API calls matches your own channel ID.

# Verifying access tokens

Call the verifyToken() method in your app to verify that the access token saved by the LINE SDK is valid. This method returns a LineApiResponse object that contains the result. You can then call the isSuccess() method to check if the token is valid.

If the isSuccess() method returns true, the token is valid. Otherwise, the access token is either invalid or expired, or a LINE Login API call in the LINE SDK failed for some reason.

If the isSuccess() method returns false, you can use the LineApiResponse.getErrorData() method to determine why the verifyToken() method failed. In this case, the getResponseData() method returns null.

LineApiResponse verifyResponse = lineApiClient.verifyToken();
 
if (verifyResponse.isSuccess()) {

    Log.i(TAG, "getResponseData: " + verifyResponse.getResponseData().toString());
    Log.i(TAG, "getResponseCode: " + verifyResponse.getResponseCode().toString());
 
    return true;
} else {

    Log.i(TAG, "getResponseCode: " + verifyResponse.getResponseCode());
    Log.i(TAG, "getErrorData: " + verifyResponse.getErrorData());
 
    return false;
 
}

To get a list of scopes that are associated with the access token, call LineApiResponse.getResponseData().getScopes(). The following example demonstrates how to display a list of scopes in a toast.

protected void onPostExecute(LineApiResponse response){
    if (response.isSuccess()){
        LineCredential lineCredential = response.getResponseData();
        List<Scope> scopes = lineCredential.getScopes();
        String scopesString = Scope.join(scopes);
        Toast.makeText(getApplicationContext(), scopesString, Toast.LENGTH_SHORT).show();
    }
}