getAuthStateWithoutRefresh() is a synchronous method that reads the cached auth state without
making any network calls. Use it any time you need to check whether a user is authenticated from
outside the main app foreground context.
How it works
getAuthState() async— the standard method. Waits for the SDK to be ready and may trigger a token refresh. Do not call this from a background process.getAuthStateWithoutRefresh()— synchronous. Reads cached state only. Safe for background tasks,BGTaskhandlers, backgroundURLSessioncallbacks, and app extensions.
Implementation
CallgetAuthStateWithoutRefresh() on the Privy instance you obtained from
PrivySdk.initialize(config:):
AuthState cases
| Case | Meaning | What to do |
|---|---|---|
.authenticated(user) | Fully verified session | Safe to proceed with background work |
.authenticatedUnverified | Cached session, not yet verified | Defer token-dependent work to foreground |
.unauthenticated | No session | Nothing to do |
.notReady | SDK not initialized in this process | Do not proceed |
Key caveats
Do not calluser.getAccessToken() in a background process. It will attempt a network refresh
and is as unsafe as getAuthState(). Only call it once the app has returned to the foreground.
.authenticatedUnverified is the most common background case. The user’s session is present in
Keychain but hasn’t been confirmed with Privy’s backend. This is expected — it occurs when there is
no network connectivity or when the background task runs before a foreground refresh has completed.
Treat it as “probably logged in, verify later.”
.notReady indicates the SDK was never initialized in the current process context. This is
common in app extensions that hold a reference to a Privy instance but never called
PrivySdk.initialize(config:). Handle this case gracefully and do not attempt any SDK operations.
Returning to the foreground
When the app returns to the foreground, verify the session and promote state from.authenticatedUnverified to .authenticated if the session is still valid:
privy.onNetworkRestored() to trigger re-verification once
connectivity is available.
