How long is iOS 11 DeviceCheck token valid for?

Hi, we would like to know more information about the DeviceCheck tokens from iOS 11. Specifically, we would like to know the expiration time of the device token from the call "generateToken" on the client side. The documentation only says "ephemeral". We have tried that the token could work within one minute and more than one time. However, we would like to make sure what is the exact availability is.


Background: we would generate this token from the client side and pass it to our servers which in turn will query/update to Apple servers. Knowing the exact timeout/number of use of these tokens is important to the way we implement our server part.


Thank you in advance! We have reached out to Technical Support however they won't answer any questions related to beta softwares : (

Up vote post of radios Down vote post of radios
3.5k views
Posted by
radios
Reply
Add a Comment

Accepted Reply

The intent is for the device token and transaction ID to be single-use. Since this may not be practical in testing, they can be reused for an unspecified period of time. The one thing to allow for is that the production environment will probably expire these sooner than the sandbox environment.


It doesn't matter how long it takes for your app to get the token to your server, because the time starts when the DeviceCheck web service sees the transaction.


But your production implementation should request a new device token for every DeviceCheck transaction.


--gc

Posted by
gc.
Up vote reply of gc. Down vote reply of gc.
Post marked as solved
Add a Comment

Replies

The intent is for the device token and transaction ID to be single-use. Since this may not be practical in testing, they can be reused for an unspecified period of time. The one thing to allow for is that the production environment will probably expire these sooner than the sandbox environment.


It doesn't matter how long it takes for your app to get the token to your server, because the time starts when the DeviceCheck web service sees the transaction.


But your production implementation should request a new device token for every DeviceCheck transaction.


--gc

Posted by
gc.
Up vote reply of gc. Down vote reply of gc.
Post marked as solved
Add a Comment

"It doesn't matter how long it takes for your app to get the token to your server, because the time starts when the DeviceCheck web service sees the transaction."


In production environment. the token will never invalid if not used by DeviceCheck web service?

Posted by
jiehu5114
Up vote reply of jiehu5114 Down vote reply of jiehu5114
Add a Comment

I called [DCDevice.currentDevice generateTokenWithCompletionHandler:], but it didn't callback for a long time, what it possible reason?

Posted by
h23948hefxo3r
Up vote reply of h23948hefxo3r Down vote reply of h23948hefxo3r
Add a Comment