Managing/removing/renewing Realm device sync access/refresh tokens

I’ve been trying to understand the details of how Realm device sync authorization token is managed in the system keychain.

Our applications need to gracefully handle the use case where the refresh token is invalidated or expired, and navigate the user back to a login UI to re-authenticate if their token is expired or invalidated. It is very difficult to test this functionality other than to wait the 60 days until expiration occurs and then see if we got it right!

Several questions related to this to start:

  • Does RealmApp.RealmUser.logOut() remove the current tokens from the keychain?
  • Is there a direct function call we can use to remove the current tokens from the keychain?
  • Is there any way to query whether the current token is expired, other than saving the creation time in persistent storage and comparing that to the current time (checking it ourselves)?
  • Would deleting the “metadata realm” be useful to us to delete current user login tokens?

Thanks!
-Mark

1 Like