Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Access Token Lifecycle


(error)

Danger

Programmable Chat has been deprecated and is no longer supported. Instead, we'll be focusing on the next generation of chat: Twilio Conversations. Find out more about the EOL process here(link takes you to an external page).

If you're starting a new project, please visit the Conversations Docs to begin. If you've already built on Programmable Chat, please visit our Migration Guide to learn about how to switch.

Twilio access tokens have a lifetime determined by your server when you generate the token, with a minimum of 3 minutes and a maximum of 24 hours. When an access token in your application expires, you must update the token with your client(s) to continue using Twilio's services.


Client Initialization

initialization page anchor

After the initial start of your application on iOS, Android or in the browser, your access token needs to be passed to the instance of Programmable Chat SDK. You can then either register a lambda or implement a listener method to handle the token refresh events depending on your platform.

Initializing Programmable Chat SDK

initializing-programmable-chat-sdk page anchor
Node.js
Java
Objective-C
Swift

_11
const Chat = require('twilio-chat');
_11
_11
// Make a secure request to your backend to retrieve an access token.
_11
// Use an authentication mechanism to prevent token exposure to 3rd parties.
_11
_11
const accessToken = '<your accessToken>';
_11
_11
Chat.Client.create(accessToken)
_11
.then(client => {
_11
// Use Programmable Chat client
_11
});


Token Update

update page anchor

Programmable Chat SDK also offers a method to provide updated tokens over the lifetime of the client. For uninterrupted access to Twilio's services, you should provide renewed tokens to your Twilio client SDKs before expiration with the client's updateToken method.

Updating Chat Access Token

updating-chat-access-token page anchor
Node.js
Java
Objective-C
Swift

_10
chatClient.updateToken(accessToken);

(information)

Info

Using multiple client SDKs

If you are using multiple Twilio client SDKs in your project at the same time, and share a common access token with multiple service grants (e.g. Chat, Sync, Voice, Video) you should instead implement external token lifecycle management using AccessManager component.


Token Renewal Events

renewal page anchor

Programmable Chat SDK has a built-in access token lifecycle management to support this renewal process.

When an access token is in its final three minutes, the token about to expire event is triggered. If the token was not updated before its expiry, a token expired event will trigger. You should use one of these methods to fetch a new access token and set it on the Chat SDK instance. The client will then validate the update you provided and refresh the token for all internal components to use it for subsequent operations. Additionally, a token error event may surface if there is a problem with the token provided to SDK.

The implementation of this mechanism varies by platform and is described in detail below.

Note: If the provided token is valid with less than three minutes remaining until expiry, the token about to expire event will trigger immediately. If the supplied token is already expired, the error event will trigger and the client will close connection.

Responding to Token Renewal Events

responding-to-token-renewal-events page anchor
Node.js
Java
Objective-C
Swift

_10
chatClient.on('tokenAboutToExpire', function() {
_10
// Implement fetchToken() to make a secure request to your backend to retrieve a refreshed access token.
_10
// Use an authentication mechanism to prevent token exposure to 3rd parties.
_10
fetchToken(function(updatedToken) {
_10
chatClient.updateToken(updatedToken);
_10
});
_10
});

Regardless of the way you choose to update your client's access token, renewing the token prior to expiry is important for ensuring that your chat application is a great user experience.

Next: Best practices using Chat SDK


Rate this page: