Managing access tokens

The LINE SDK for iOS contains methods to get the current access token, verify that the token is valid, and refresh the token. The SDK automatically refreshes access tokens that are expired whenever an API is called through an instance of a LineSDKAPI object.

Before you begin

Make sure you have completed the following:

About access tokens

Access tokens are valid for 30 days after being issued. When an access token expires, API calls fail and a corresponding error is returned. Whenever you call a method through the LineSDKAPI object, the SDK automatically verifies the validity of the access token and refreshes the token if it is expired. If the token cannot be refreshed, you must prompt the user to log in again to get a new access token.

Getting the current access token

If you have a client-server application, you can get the current access token to make API calls from your server. Once you get the access token, you can call the Social API. For more information, see API reference.

To retrieve the access token currently being used by the SDK, call the currentAccessToken method. This returns a LineSDKAccessToken object which you can get in a NSString by using the accessToken property in LineSDKAccessToken as shown below.

LineSDKAccessToken * accessTokenObject = [apiClient currentAccessToken];
NSString * accessTokenString = accessTokenObject.accessToken;

You can also get the current access token by using the accessToken object in LineSDKAPI.

NSString * accessToken = apiClient.currentAccessToken.accessToken;

After getting the access token, you can send it to the server to make server-side API calls. If you choose to send the token to the server in this way, we recommend hashing the access token and sending the hash over SSL to the server.

Verifying access tokens

To verify the validity of the access token, call the verifyTokenWithCompletion method. This method returns a LineSDKVerifyResult object that contains the result. Use the error argument to check if the token is valid. If the error argument is nil, the token is valid. Otherwise the token is invalid, expired, or the API failed in some manner. If the error argument is not nil, it will contain an error code and error description.

[apiClient verifyTokenWithCompletion:^(LineSDKVerifyResult * _Nullable result, NSError * _Nullable error) {

    if (error) {
        // Token is invalid
        NSLog(@"Token is Invalid: %@", error.description);
    } else {
        // Token is Valid
    }
}];

You can get a list of permissions that are associated with the access token from the permissions property of LineSDKVerifyResult. The following example demonstrates how to display a list of an access token’s permissions in a dialog.

[apiClient verifyTokenWithCompletion:^(LineSDKVerifyResult * _Nullable result, NSError * _Nullable error) {

    if (error) {
        // Token is invalid
        NSLog(@"Token is Invalid: %@", error.description);
    } else {
        NSMutableString * text = [[NSMutableString alloc]initWithString:@"Access Token is Valid and contains the following permissions: "];

        for (NSString* permission in result.permissions){
            [dialog appendFormat:@"%@, ", permission];
        }

        NSString * label = @"Access Token is Valid";
        UIAlertController *alertController;
        alertController = [UIAlertController alertControllerWithTitle:label message:text preferredStyle:UIAlertControllerStyleAlert];

        UIAlertAction* ok = [UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil];
        [alertController addAction:ok];

        [self presentViewController:alertController animated:YES completion:nil];
    }
}];

Executing the completion block in a different queue

The verifyTokenWithCompletion method executes its completion block on the main queue. To execute the completion block in a different queue, specify the queue by calling the verifyTokenWithCallbackQueue method.

[apiClient verifyTokenWithCallbackQueue:dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0) 
    completion:^(LineSDKVerifyResult * _Nullable result, NSError * _Nullable error) {
...
}];

Refreshing access tokens

To refresh the access token, call the refreshTokenWithCompletion method. This method can be used up to 10 days after the access token has expired. If the method fails, you must prompt the user to log in again.

If the call succeeds, a new access token is returned in the accessToken argument. If the call fails, an error code and error description are returned in the error argument. The error argument is nil if the logout operation succeeds.

[apiClient refreshTokenWithCompletion:^(LineSDKAccessToken * _Nullable accessToken, NSError * _Nullable error) {

    if (error){

        // The token refresh failed.
        NSLog(@"Error occurred when refreshing the access token: %@", error.description);


    } else {


        // The token refresh succeeded so we can get the refreshed access token.
        NSString * newAccessToken = accessToken.accessToken;       

    }

}];

For more information on using the iOS SDK, see the following pages.