问题
We are building a React Native app for iOS and we are using an internal API built on node + express + jsonwebtoken.
When the user logs in with username/password, the server validates those credentials and sends the client back a JSON web token that they must then send along with every API request. So the React native app must store this token.
How do I securely store this client token in the React native app? Is it necessary to take any additional steps besides just storing the token in a variable?
回答1:
For iOS, you'd store that in the keychain... https://auth0.com/docs/libraries/lock-ios/save-and-refresh-jwt-tokens
Here's a couple ways of doing that in react native that I found. There may be others. There may be better options. This is just what I found quickly.
https://github.com/search?utf8=%E2%9C%93&q=react-native+keychain
For Android, you'd store that in either the SharedPreferences or maybe even better the KeyStore since it's encrypted there.
回答2:
To be app agnostic, I would store it using ASyncStorage. In fact I am testing this on a new project.
来源:https://stackoverflow.com/questions/34870330/how-to-keep-client-json-web-token-secure-in-a-react-native-app