Skip to main content

TokenManager

The TokenManager class provides a simple, built-in solution for managing OAuth tokens with automatic expiration tracking.

Overview

The TokenManager handles:
  • Storing access tokens, refresh tokens, and ID tokens
  • Tracking token expiration with a 60-second buffer
  • Automatic expiration checking
  • Token lifecycle management
The TokenManager stores tokens in memory. For production use with persistent storage, implement custom token storage using the SDK’s callbacks (onTokensReceived, onTokensRefreshed, onTokensRevoked).

Usage

Basic Setup

Complete Flow

Properties

accessToken

accessToken
string | null
The current access token. null if no token is stored.

idToken

idToken
string | null
The current OpenID Connect ID token. null if not available.

refreshToken

refreshToken
string | null
The current refresh token. null if not available.

tokenType

tokenType
string
default:"Bearer"
The token type. Always 'Bearer' for OAuth 2.1.

expiresAt

expiresAt
number | null
Timestamp (in milliseconds) when the access token expires. Includes a 60-second buffer. null if no token is stored.

scopes

scopes
string | null
Space-separated list of granted scopes. null if no token is stored.

Methods

setTokens()

Store tokens from an OAuth response.
tokenResponse
TokenResponse
required
OAuth token response object
Returns: void
What it does:
  • Stores access token, refresh token, and ID token
  • Calculates expiration time with a 60-second buffer
  • Stores token type and scopes
Token Response Format:

isExpired()

Check if the access token is expired. Returns: boolean - true if expired or no token, false if valid
Expiration Logic:
  • Returns true if no token is stored
  • Returns true if no expiration time is set
  • Returns true if current time >= expiration time
  • Returns false if token is still valid
The expiration check includes a 60-second buffer to prevent using tokens that are about to expire.

getAccessToken()

Get the current access token. Throws an error if the token is expired. Returns: string - The access token Throws: Error if token is expired
Best Practice: Always check isExpired() before calling getAccessToken() to avoid exceptions:

clear()

Clear all stored tokens and reset the manager. Returns: void
What it clears:
  • accessToken
  • idToken
  • refreshToken
  • expiresAt
  • scopes

Complete Examples

Example 1: Basic Usage

Example 2: Automatic Token Refresh

Example 3: Token Lifecycle Management

Example 4: Monitoring Token Expiration

When to Use TokenManager vs Custom Storage

Use TokenManager when:

  • Building a simple CLI tool or script
  • Prototyping or testing
  • Single-user, single-session applications
  • Short-lived processes

Use Custom Storage when:

  • Building production web applications
  • Supporting multiple users
  • Need persistent storage across sessions
  • Require encrypted token storage
  • Need distributed session management

Example: Custom Storage Implementation

Best Practices

Next Steps

AgentSDK Methods

Learn about all SDK methods

Utilities

PKCE, JWT parsing, and helper utilities

Configuration

SDK configuration options

Examples

See complete examples