> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Keeping your user logged in with Auth0.swift

# Auth0.swift: Save and Renew Tokens

When an authentication is performed with the `offline_access` scope included, it will return a <Tooltip tip="Refresh Token: Token used to obtain a renewed Access Token without forcing users to log in again." cta="View Glossary" href="/docs/glossary?term=Refresh+Token">Refresh Token</Tooltip> that can be used to request a new token without asking for credentials again.

## Credentials Manager

[Auth0.swift](https://github.com/auth0/Auth0.swift) provides a utility class to streamline the process of storing and renewing credentials. You can access the `accessToken` or `idToken` properties from the [Credentials](https://github.com/auth0/Auth0.swift/blob/master/Auth0/Credentials.swift) instance. This is the preferred method to manage user credentials.

First import the `Auth0` module:

`import Auth0`

Next present the <Tooltip tip="Universal Login: Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity." cta="View Glossary" href="/docs/glossary?term=Universal+Login">Universal Login</Tooltip> page:

```swift lines theme={null}
let credentialsManager = CredentialsManager(authentication: Auth0.authentication())

Auth0
    .webAuth()
    .scope("openid profile offline_access")
    .start { result in
        switch result {
        case .success(let credentials):
            // Pass the credentials over to the Credentials Manager
            credentialsManager.store(credentials: credentials)
        case .failure(let error):
            // Handle error
        }
}
```

<Warning>
  The Keychain items do not get deleted after your app is uninstalled. We recommend to always clear all of your app's Keychain items on first launch.
</Warning>

### Credentials Check

It can be useful to perform a quick check on app startup to ensure that you have renewable credentials stored in the manager. If not, the user can then be directed to authenticate.

```swift lines theme={null}
guard credentialsManager.canRenew() else {
    // Present login page
}
```

### Retrieving User Credentials

You can retrieve the user's credentials as follows:

```swift lines theme={null}
credentialsManager.credentials { result in 
    switch result {
    case .success(let credentials):
        // Valid credentials; you can access token properties such as
        // `idToken`, `accessToken`
    case .failure(let error):
        // Handle error, present login page
    }
}
```

Renewing a user's credentials works exactly the same way if the token has expired. The Credentials Manager will automatically renew the credentials, store the renewed credentials in the Keychain, then return a `Result` containing either the credentials or an error.

## Alternative Method - SimpleKeychain

This section is for developers who would prefer not to use the Credentials Manager. We include the SimpleKeychain utility –a light wrapper over the system Keychain– that can be used to store the tokens securely.

First import the `SimpleKeychain` module:

`import SimpleKeychain`

Next create an instance and store the tokens you need. In this case, you will store the `access_token` and `refresh_token` in the Keychain after a successful authentication.

```swift lines theme={null}
let keychain = SimpleKeychain(service: "Auth0")

Auth0
    .webAuth()
    .scope("openid profile offline_access")
    .start { result in
        switch result {
        case .success(let credentials):
            guard let refreshToken = credentials.refreshToken else { 
                // Handle error 
                return
            }
            // Store the tokens
            do {
                try keychain.set(credentials.accessToken, forKey: "access_token")
                try keychain.set(refreshToken, forKey: "refresh_token")
            } catch {
                // Handle error
            }
            // You might want to route to your app's main flow at this point
        case .failure(let error):
            // Handle error
        }
}
```

Once you have those stored, you can at any point request a fresh [Credentials](https://github.com/auth0/Auth0.swift/blob/master/Auth0/Credentials.swift) instance.

### Renewing User Credentials

```swift lines expandable theme={null}
let keychain = SimpleKeychain(service: "Auth0")

Auth0
    .authentication()
    .renew(withRefreshToken: refreshToken)
    .start { result in
        switch(result) {
        case .success(let credentials):
            // If you have Refresh Token Rotation enabled, you get a 
            // new refresh token
            // Otherwise you only get a new access token
            guard let refreshToken = credentials.refreshToken else { 
                // Handle error 
                return
            }
            // Store the new tokens
            do {
                try keychain.set(credentials.accessToken, forKey: "access_token")
                try keychain.set(refreshToken, forKey: "refresh_token")
            } catch {
                // Handle error
            }
        case .failure(let error):
            // Handle error
        }
}
```