Reputation: 53
Best way to store OAuth token iOS?
I am writing an iOS app that uses Twitch.tv's API to allow my app to access their users content. They use the OAuth 2.0 protocol for authentication. I need to use this access token every time I make a request to access a users info.
My question is where should I store it?
Should I make a class that has it as a property? In that class I could also store my Redirect URI and Client_ID to keep things in one place.
I thought about NSUserDefaults, but I read it's not very secure.
What is the best design pattern for this approach on iOS?
Thanks.
Upvotes: 3
Views: 1152
Answers (1)
Reputation: 37581
The way your question is worded you seem to be confusing the use of the word store to mean two entirely different things. If you use NSUSerDefaults then the token would be stored to file and would persist if the app is killed. If you make it a property of a class it is being temporarily stored in memory and would not persist if the app is killed. Your question is therefore asking should I use Apples or Oranges.
If you need persistent storage for sensitive data then you should not use NSUserDefaults, instead use the iOS keychain.Use of the keychain is a bit too lengthy to describe here. The keychain is encrypted but only using the user's 4 digit pin code, which could potentially be brute forced cracked. So you could also potentially encrypt it.
Upvotes: 1
Related Questions
- Access Tokens Persistence Best Practices (iOS)
- OIDC Access Token - Where to store?
- Best practices for storing a Token in iOS app
- any best practices for storing and accessing oAuth access_token?
- OAuth-server, storing user tokens
- How to Store Client ID/Client Secret Strings in iOS
- Best Practice of saving an access token in iOS
- Where to store authentication token in iPhone
- Best practice in storing and using a OAuth2 Token in Android?
- Storing authentication token on iOS