How long does SyncUser.current last?


#1

Hi,

For context, I am building a mobile app using Swift.

I am using SyncUser.current in my viewDidLoad method to evaluate whether to show the user the login screen on launch the primary view of my app (i.e. requires a user to be authenticated).

I see that there is a system realm titled “_password.” One of the properties of this realm is “expires.” With this info, I have a few questions:

  1. Does the “expires” property define how long SyncUser.current lasts?

  2. What will happen when the expire date occurs?

  3. Is there a way to extend this expire date? I don’t want users to ever have to login outside of the first time they sign up.

Thanks,

Chase


#2

The passwords are not expire, you dont need to use that data.
To be true, i dont even know how do you can access that…


#3

The passwords do not expire. The field that you’re looking at in the /__password Realm belongs to the EmailConfirmationRequest class and is not related to the passwords of users. The persisted user’s lifetime is tied to the time to live of the refresh token that is issued on login, which is 10 years by default. After that, the user will be invalidated and they’ll need to reenter their credentials.


#4

@nirinchev thank you for the information. 10 years is quite a long time for default. Do most people using Realm stick to the 10 year default or adjust it?


#5

10 years is an arbitrary number used to represent “infinity”. Since these tokens are stored on the device in a secure location, we’re not worried about expiring them and besides, it would be annoying to force users to have to re-authenticate. I want to clarify though, that the 10 year time to live applies to the refresh tokens. These tokens are only used to obtain access tokens, which are short lived (6 minutes) and are used to authenticate when synchronizing with the server Realm.


#6

@nirinchev that make sense. I agree that re-authenticating would be annoying for users. That was my initial motivation to ask this question. I want to make sure a user who logs in will always have an ID associated when I call SyncUser.current and that I do not have to do anything special to ensure that happens. From your responses, it sounds like there is nothing I will need to do code-wise to ensure SyncUser.current always holds a value so long as a user has logged in. Please correct me if I’m wrong in anything I said and again, thanks so much for your help.


#7

No worries! You’re correct - once a user logs in, you’ll be able to use SyncUser.current for the next 10 years.