发表新帖
发表新帖

How to keep client JSON web token secure in a React Native app?

前端 未结
关注
3 1900
谎友^
谎友^ 2021-02-05 17:25

We are building a React Native app for iOS and we are using an internal API built on node + express + jsonwebtoken.

When the user logs in with username/password, the ser

相关标签:
3条回答
  • 迷失自我
    2021-02-05 18:07

    I recently built a keychain manager in react-native so I may be able to help you.

    NOTE: This solution does require that your app be running on expo.

    To encrypt and store your tokens locally on the device you can use a package called expo-secure-store.

    This will give you easy access to the iOS keychain and android keystore system and can be implemented as below:

    import * as SecureStore from "expo-secure-store";

/**
 * Saves the value to the ios keychain or Android keystore
 * @param {string} key => the key you want to save the value for
 * @param {any} value => the value you want to encrypt
 * @return => A promise that will reject if value cannot be stored on the device.
 */
SecureStore.setItemAsync(key, value);

/**
 * Fetches the value from the keychain/keystore for the specified key
 * @param {string} key => the key you set for the value
 * @returns {any} => A promise that resolves to the previously stored value, or null if there is no entry for the given key.
 * The promise will reject if an error occurred while retrieving the value.
 */
SecureStore.getItemAsync(key);

/**
 * Saves the value to the ios keychain or Android keystore
 * @param {string} key => the key you want to save the value for
 * @param {any} value => the value you want to encrypt
 * @return => A promise that will reject if value cannot be stored on the device.
 */
SecureStore.deleteItemAsync(key);
    0 讨论(0)
  • 别那么骄傲
    2021-02-05 18:15

    To be app agnostic, I would store it using ASyncStorage. In fact I am testing this on a new project.

    0 讨论(0)
  • 说谎
    2021-02-05 18:17

    For iOS, you'd store that in the keychain... https://auth0.com/docs/libraries/lock-ios/save-and-refresh-jwt-tokens

    Here's a couple ways of doing that in react native that I found. There may be others. There may be better options. This is just what I found quickly.

    https://github.com/search?utf8=%E2%9C%93&q=react-native+keychain

    For Android, you'd store that in either the SharedPreferences or maybe even better the KeyStore since it's encrypted there.

    0 讨论(0)
 看不清?
提交回复
热议问题