iOS Swift Where to Store User Logged In Data or OAuth Token?

Question

Things aren't as clear as they could be on the best practice to store logged in data on the users phone. Some suggest that data such as userID = 123 and loggedIn = true type data should be stored in the NSUSerDefaults data. Yet from my understanding, this data can be easily manipulated with very little, according to this article, https://www.andyibanez.com/nsuserdefaults-not-for-sensitive-data/

So the question being: What is the best way to persist logged in data as the user is navigating various screens. The only data that needs to be stored is the userID or OAuth Token along with a few other custom bits about the status of this user's account. What is the most secure way of storing this data to make sure that someone cannot simply fake being another user when data is being pulled from the server?

Regards, Michael

Answer 1

NSUserDefaults APIs is a bad place to store REST token and any kind of secret data.
Because it is not a secure method, there is no encryption. Moreover it can be easily opened and read by reverse engineer.

I would suggest you to store it in a keychain. A keychain is way better solution because it is more secure and has encryption. Take a look at iOS Keychain Services Task reference for more details about implementation of keychain backed storage.

Also please note that it is a pretty time consuming task and you might be interested in 3-rd party libs, keychain wrappers. I would recommend you SSKeychain library or GenericKeychain Apple sample project as a starting point.