How to keep client JSON web token secure in a React Native app?

依然范特西╮ 提交于 2019-12-20 12:27:27

问题


We are building a React Native app for iOS and we are using an internal API built on node + express + jsonwebtoken.

When the user logs in with username/password, the server validates those credentials and sends the client back a JSON web token that they must then send along with every API request. So the React native app must store this token.

How do I securely store this client token in the React native app? Is it necessary to take any additional steps besides just storing the token in a variable?


回答1:


For iOS, you'd store that in the keychain... https://auth0.com/docs/libraries/lock-ios/save-and-refresh-jwt-tokens

Here's a couple ways of doing that in react native that I found. There may be others. There may be better options. This is just what I found quickly.

https://github.com/search?utf8=%E2%9C%93&q=react-native+keychain

For Android, you'd store that in either the SharedPreferences or maybe even better the KeyStore since it's encrypted there.




回答2:


To be app agnostic, I would store it using ASyncStorage. In fact I am testing this on a new project.



来源:https://stackoverflow.com/questions/34870330/how-to-keep-client-json-web-token-secure-in-a-react-native-app

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!