Token Expire Error Flutter

I keep receiving a token expire message when trying to login with flutter.
I set up secure login. I receive a token from my server. Then I do the following:

final token = await AmityUserTokenManager(
    endpoint: AmityRegionalHttpEndpoint.US,
    apiKey: SocialJawn.amityApiKey,
    displayname: user.socialInfo!.username,
  final u = await AmityCoreClient.login(

Yet I always either receive a token expire message or Parameters validation error! error for the login function as an exception.
I am using amity_sdk: ^0.21.0

Hi @socialjawn ,

Apologies if already implied but just to confirm, you log in immediately after receiving the token correct?

Amity Support

Yes I long in right after

@amitysupport It would be nice to have a full working example we could follow and not just small code snippets.

@amitysupport if I turn off secure mode and try to login without the authToken it will log me in.

Hi @socialjawn ,

Sincere apologies for the delayed response.

The current usage of secured mode is incorrect. The method createUserToken is intended for obtaining a user access token, not an authentication token.

To obtain an authentication token, follow these steps:

  1. Your front-end (FE) should make a call to retrieve the authentication token.
  2. On the back-end (BE) side, invoke the authentication API (Amity API ) using the userId obtained in step 1 and the securely stored serverKey on the BE side.
  3. Pass the token received from the authentication API back to the front-end.
  4. Utilize the authentication token for logging in."

Amity Support

@amitysupport that is what I am doing

@socialjawn ,

Can you please help share a screenshot of the error received? Thank you

It has always been the token expired message.

Hello, could you please double-check your code if you follow the steps we have provided here: Token Expire Error Flutter - #6 by amitysupport

If you confirm that you have these precise steps implemented, please help share your current code.

Additionally, please refer to this section for more detail on how to implement with the secure mode on:

This is my code to create the token which it does.

const AMITY_KEY = Deno.env.get('AMITY_KEY')!

serve(async (req) => {
  const { userId } = await req.json()
  const request = new Request(``, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'x-server-key': AMITY_KEY
    body: JSON.stringify({
      'userId': userId,

  const response = await fetch(request)
  const data = await response.json()
  console.log(`Response: ${data}`);

  return new Response(
    { headers: { "Content-Type": "application/json" } },

The issue comes when I try to use the code right after it is created in the application.

Thank you for providing the code, we’ve passed it to our team to help check.

@amitysupport thanks.
Also it would be nice if the Flutter amity package sdk dependences were updated as with the latest Flutter stable release we can no longer run the application. Mainly the Dio package.

Thank you for bringing this to my attention. I have some good news to share – we are actively working on updating the library in our upcoming version, which we are aiming to deploy in the next release :slightly_smiling_face:

1 Like

After the team investigated the token issue, they confirmed that it is functioning as expected. However, it is important to ensure that the auth token is provided.

Here’s the sample code:

import 'package:amity_sdk/amity_sdk.dart';
import 'package:flutter/material.dart';

void main() async {
  runApp(const MyApp());
  await AmityCoreClient.setup(
      option: AmityCoreClientOption(
          apiKey: "",
          httpEndpoint: AmityRegionalHttpEndpoint.SG),
      sycInitialization: true);
  await AmityCoreClient.login("johnwick6")
      .then((value) {

Did you receive any error when you call AmityCoreClient.login ?

Yes when I provide the auth token I generated it would receive an error that the token has expired. If I turned off secured mode and didn’t use the authToken I was logged right in.

Hello, could you please verify if your server key is up to date and has not been revoked?

Additionally, please ensure that the user for whom you generated the token is the same user who is attempting to log in.

@amitysupport yes the key is the current key. Yes the user is the current user. I am following the instructions correctly.