getAccessToken
method from the usePrivy
hook. This method will also automatically refresh the user’s access token if it is nearing expiration or has expired.getAccessToken
method:PrivyProvider
has rendered before invoking the method.
Whenever possible, you should retrieve getAccessToken
from the usePrivy
hook.@privy-io/server-auth
library or using a third-party library for managing tokens.
string
to the PrivyClient
’s verifyAuthToken
method:verifyAuthToken
will return an AuthTokenClaims
object with additional information about the request, with the fields below:Parameter | Type | Description |
---|---|---|
appId | string | Your Privy app ID. |
userId | string | The authenticated user’s Privy DID. Use this to identify the requesting user. |
issuer | string | This will always be 'privy.io' . |
issuedAt | string | Timestamp for when the access token was signed by Privy. |
expiration | string | Timestamp for when the access token will expire. |
sessionId | string | Unique identifier for the user’s session. |
verifyAuthToken
will throw an error and you should not consider the requesting user authorized. This generally occurs if the token has expired or is invalid (e.g. corresponds to a different app ID).verifyAuthToken
method will make a request to Privy’s API to fetch the verification key for your app. You can avoid this API request by copying your verification key from the Configuration > App settings page of the Dashboard and passing it as a second parameter to verifyAuthToken
:jose
:jose.importSPKI
:jose.jwtVerify
, verify that the JWT is valid and was issued by Privy!payload
. For example, you can use payload.sub
to get the user’s Privy DID.If the JWT is invalid, this method will throw an error.'invalid auth token'
error, we recommend calling the getAccessToken
method with a time-based backoff until the user’s access token is refreshed with an updated expiration time.getAccessToken
in your client.