Skip to main content
In a background task or app extension, triggering a network refresh is unsafe. iOS can suspend or terminate background processes at any time, and an in-flight token refresh can be interrupted, leaving auth state inconsistent. getAuthStateWithoutRefresh() is a synchronous method that reads the cached auth state without making any network calls. Use it any time you need to check whether a user is authenticated from outside the main app foreground context.

How it works

  • getAuthState() async — the standard method. Waits for the SDK to be ready and may trigger a token refresh. Do not call this from a background process.
  • getAuthStateWithoutRefresh() — synchronous. Reads cached state only. Safe for background tasks, BGTask handlers, background URLSession callbacks, and app extensions.

Implementation

Call getAuthStateWithoutRefresh() on the Privy instance you obtained from PrivySdk.initialize(config:):

AuthState cases

CaseMeaningWhat to do
.authenticated(user)Fully verified sessionSafe to proceed with background work
.authenticatedUnverifiedCached session, not yet verifiedDefer token-dependent work to foreground
.unauthenticatedNo sessionNothing to do
.notReadySDK not initialized in this processDo not proceed

Key caveats

Do not call user.getAccessToken() in a background process. It will attempt a network refresh and is as unsafe as getAuthState(). Only call it once the app has returned to the foreground. .authenticatedUnverified is the most common background case. The user’s session is present in Keychain but hasn’t been confirmed with Privy’s backend. This is expected — it occurs when there is no network connectivity or when the background task runs before a foreground refresh has completed. Treat it as “probably logged in, verify later.” .notReady indicates the SDK was never initialized in the current process context. This is common in app extensions that hold a reference to a Privy instance but never called PrivySdk.initialize(config:). Handle this case gracefully and do not attempt any SDK operations.

Returning to the foreground

When the app returns to the foreground, verify the session and promote state from .authenticatedUnverified to .authenticated if the session is still valid:
If the device was offline, call privy.onNetworkRestored() to trigger re-verification once connectivity is available.