Valid user login

I have a clarification question. I’m developing an iOS app with Backendless in the background and I want to regularly check whether the login is still valid. I then use the Backendless.shared.userService.isValidUserToken function in a view and get a valid here. Later in the function an API is used and I get the error 14008 Access denied. Why do I first get a valid and then access is denied?

Hello @Gerrit_Marttila,

what API is used where you getting this error?

It is a custom API where I send the order to Backendless.

Do you mean Cloud Code API Service?
Could you please be more specific, it will help me to understand where exactly the error came from.

Yes, I wrote my own API that accepts an order containing several objects and processes it in the backend.
If the user is now logged in on the iPad and for some reason uses the password reset function on another device, then if you want to use this API on the first iPad you will get the message Access Denied.
But first I check whether the UserToken is still valid and here I get a valid one.
However, if the user logs in again and uses this custom API, then it works.

Thanks, now it’s more clear. Could you please also specify which SDK do you use?

I use the Backendless iOS SDK

Thanks. Our engineer will take a look into your issue and will contact you here once we have any questions or results.

1 Like

Hello @Gerrit_Marttila,
iOS-SDK is deprecated for years now and not supported anymore.
If you’re using Swift-SDK, could you please provide the version of you use?

Yes, I use the SwiftSDK. I didn’t know there was another SDK. I’m developing an app using Swift and SwiftUI. The version number of the SDK is 6.5.3

The 6.5.3 version is kinda old. There was a user token fix in v 6.7.2.
Please update to the latest version (7.0.0) to achieve all new features and bug fixes.

For now (v 7.0.0) token validation works as expected.

The correct behaviour for two devices is:

  1. login user on the device1 and device2
  2. call the isValidUserToken method - it should return true on both devices
  3. restore password on the device2
  4. call the isValidUserToken method - it should return false on both devices

After step 4 both devices will ask you to relogin because token is expired after the password restoration.

So I updated the framework to version 7.0.0 but the behavior is still the same.

I am logged into the app and then start the password request so that I receive an email with which I can reset the password. If I activated the function using a button, then I still get a valid one with the isValidUserToken function (I only received the email, but I haven’t reset the password yet). But when I then want to send the order to Backendless via custom API, I get 14008 access denied.

The user token will expire even if you call the restorePassword function without clicking the button in the email.

Unfortunately, I cannot reproduce this behaviour

logged into the app and then start the password request
If I activated the function using a button, then I still get a valid one

I described the behaviour from my app here.

Please provide a simple code sample (you can hide your AP Key and provide only your APP ID for safety).
Also please describe the steps we can follow to reproduce this problem (e.g. what credentials we can use to login).

Okay first I check if the Key is Valid:
Backendless.shared.userService.isValidUserToken(responseHandler: {
isValid in
print(“checkValidLogin success”)
}, errorHandler: {
fault in
print(“Error checkValidLogin: (fault.message ?? “”)”)
showInvalidLoginAlert = true

I then get the valid message in the console:

Then I call the custom function:

Backendless.shared.customService.invoke(serviceName: “Orders”, method: “postOrder”, parameters: parameters, responseHandler: responseHandler, errorHandler: errorHandler)

And here the errorHandler is fired with the fault code 14008 access denied.


Backendless.shared.userService.isValidUserToken(responseHandler: {
isValid in
print(“checkValidLogin success”)

The isValid value not always means success. Server returns boolean true/false.
If server returned isValid = false - token is not valid.

ah okay I see, I thought then the errorHandler would be triggered. That was my mistake in thinking.
Great, thank you very much for the quick help!

1 Like