search

Authentication

Most of the features in the SDK require the SDK to be authenticated with any type of authentication token. The SDK provides several mechanism to perform authentication. The SDK will cache the authentication information until they expire or new information will be provided by a re-authentication call.

circle-exclamation

Only re-authenticate the SDK, if you have not yet authenticated the SDK or if the current authentication information are not valid anymore. You don't need to re-authenticate the SDK after every initialization. If you want to check, if an authentication is required you can use the the modules get_current_user_profile() method to verify, if the SDK is currently successfully authenticated with any known method. If the return value is None , you have not yet authenticated the SDK or the existing authentication information are not valid anymore. Too many re-authentications might result in API endpoints to rate limit the request.

hashtag
Supported Authentication Methods

hashtag
OpenID Connect

See OpenID Connect Authentication.

hashtag
Authentication with Opaque Token

In this mode, the SDK will not perform any authentication token validation and will just pass it to the endpoints which will then know how to validate it.

As the SDK internally manages authentication tokens per each user in a separate storage session, the app would need to provide a userId under which the SDK should internally store this token. This can also be any random string.

try kapeSDKManager.identity().authenticateWithOpaqueToken(
    userId: "user_1234", 
    token:"ANYTOKEN")

hashtag
Authentication with Legacy XV Authentication

This mode is used by legacy ExpressVPN apps and uses a JWT Access Token.

circle-exclamation

It's the responsibility to call this method whenever the current access token expired and a fresh one needs to provided.

let credentials = AuthCredentials(
  accessToken: "<ACCESS TOKEN>", 
  //not needed
  refreshToken:"", 
  //not needed
  idToken: "")
try kapeSDKManager.identity().authenticateWithXvLegacyAuthCredentials(
  authCredentials:credentials
)

hashtag
Apple InApp Receipt Authentication

In this mode, you will provide an Apple InApp Receipt to authenticate the SDK using the Authentication with Opaque Token method.

hashtag
SDK Methods

hashtag
Getting the currently logged in User

hashtag
UserProfile

Name
Type
Description

user_id

Option<String>

Contains the user id of the currently logged in user, None, if no user is logged in

email

Option<String>

Contains the email of the currently logged in user, None, if no user is logged in. This field is only populated when using OpenID authentication.

authentication_method

AuthenticationMethod

Current Authentication Method being used, can be one of None OpenID LegacyXV Opaque

hashtag
Getting the last known logged in User

This method will return the last successfully authenticated User Profile.

hashtag
Logging out a User

This method will reset the SDK cache, including all cached tokens. This method will not logout from any OpenID Session! You need to implement OpenID Logout on the client side.

PreviousSDK ModulesNextOpenID Connect Authentication

Last updated