I’m looking to build an app that interfaces with an API. The API will return an access_token as is common these days
What is the best way of securely storing this token? I can see in the FuseCloud demo it stores it in a file, but this can be read by another app. I’m thinking for Keychain on iOS and Keystore for Android.
Is this possible in fusetools code or would I need a native module using Uno?
Thanks!
P.S - Sorry if this has been answered already! I tried searching but couldn’t find anything
An OAuth2-style client token that you get after a successful username/password exchange, is usually insensitive enough for it to be stored, as you say, “in a file”.
I might be wrong (and I invite others to correct me), but I believe that each application gets its own place to put files, so you shouldn’t worry about other apps getting access to your files.
If you want to use Keychain and Keystore, you will of course need to use foreign code.
Ah, thanks! Good point - it’ll be authenticated then a token stored. I might be a bit paranoid over the security of the token though
Would you recommend Storage or FileSystem?
Thanks again! I’m very new to using fusetools so got a lot to learn!
Uldis wrote:
An OAuth2-style client token that you get after a successful username/password exchange, is usually insensitive enough for it to be stored, as you say, “in a file”.
I might be wrong (and I invite others to correct me), but I believe that each application gets its own place to put files, so you shouldn’t worry about other apps getting access to your files.
If you want to use Keychain and Keystore, you will of course need to use foreign code.