Things aren't as clear as they could be on the best practice to store logged in data on the users phone. Some suggest that data such as userID = 123
and loggedIn = true
type data should be stored in the NSUSerDefaults
data. Yet from my understanding, this data can be easily manipulated with very little, according to this article, https://www.andyibanez.com/nsuserdefaults-not-for-sensitive-data/
So the question being: What is the best way to persist logged in data as the user is navigating various screens. The only data that needs to be stored is the userID
or OAuth Token
along with a few other custom bits about the status of this user's account. What is the most secure way of storing this data to make sure that someone cannot simply fake being another user when data is being pulled from the server?
Regards, Michael
And this, kids, is how OAuth works, in case you didn't know. After your frontend received the token, it will be attached to every single HTTP request you make in the future. So you need to store it somewhere. The easiest is to put it into the application state.
There is no need to store it. You can validate it and get the data from it that you required. If your app needs to call APIs on behalf of the user, access tokens and (optionally) refresh tokens are needed. These can be stored server-side or in a session cookie.
Where should I store my tokens in the front-end? There are two common ways to store your tokens. The first is in localStorage and the second is in cookies. There is a lot of debate over which one is better with most people leaning toward cookies as they are more secure.
NSUserDefaults
APIs is a bad place to store REST
token and any kind of secret data.
Because it is not a secure method, there is no encryption. Moreover it can be easily opened and read by reverse engineer.
I would suggest you to store it in a keychain. A keychain is way better solution because it is more secure and has encryption. Take a look at iOS Keychain Services Task reference for more details about implementation of keychain backed storage.
Also please note that it is a pretty time consuming task and you might be interested in 3-rd party libs, keychain wrappers. I would recommend you SSKeychain library or GenericKeychain Apple sample project as a starting point.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With