Auth0 Swift - How to get credentials when offline and token is expired?

I’m trying to get a full offline experience when the user doesn’t have an Internet connection.

The issue is CredentialsManager.credentials() triggers an error when the access_token is expired.
I guess that’s the standard behavior but as there is no an internet connection I can’t access to the credentials anymore.
I’m using Auth0 to store the tokens.

How can I make it work?
Do I need to store the credentials on the app instead of relying on Auth0?

Hey there @erwan welcome to the community!

This is indeed expected behavior as even if the tokens are expired and CredentialsManager has a refresh token to use, it won’t be able to refresh the tokens against the authorization server (Auth0) without an internet connection.

The SDK can’t generate new valid tokens locally without contacting the server because the tokens are signed by the server using a secret key that only the server knows. This is a key aspect of how these tokens are secure, and it prevents tokens from being tampered with.

You would need to implement this outside of Auth0 in your app to achieve any sort of functionality with a expired tokens and no internet connection to renew them. The only workarounds I can really think of may be to allow some functionality to work offline taking advantage of cached data, secure local storage, etc. regardless of token validity. The other option I might recommend is using longer-lived tokens to begin with. This of course all needs to be weighed against the potential security implications.

Hope this helps!

Thank you for the quick answer.

I understand we can’t renew the tokens but there is no way to get the old data back?

I don’t care if the tokens are expired but:

  • I’d like to keep the same flow
  • I also have the user id and some other important information in the credentials

If I need to know the real error when there is no network, I have to do this:
((error.cause as? Auth0.AuthenticationError)?.cause as? NSError)?.code

Is that right?
It seems pretty confusing/complex

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.