Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve security for storing current user profile and access token in client app #250

Closed
carmenlau opened this issue Sep 6, 2018 · 1 comment
Closed

Improve security for storing current user profile and access token in client app #250

carmenlau opened this issue Sep 6, 2018 · 1 comment
Assignees
@carmenlau
Labels
area/User Auth section/Core skygear server/plugins/sdk

Comments

@carmenlau
Copy link
Contributor

Description

Currently ios is using UserDefaults, android is using SharedPreferences , and js is using local storage. To improve the security, we should use a more secured store for current user data.

Some reference:

iOS keychain services: https://developer.apple.com/documentation/security/keychain_services
example: https://developer.apple.com/library/archive/samplecode/GenericKeychain/Listings/GenericKeychain_KeychainPasswordItem_swift.html#//apple_ref/doc/uid/DTS40007797-GenericKeychain_KeychainPasswordItem_swift-DontLinkElementID_7
Android keystore system: https://developer.android.com/training/articles/keystore

Scenario

Put list of Scenario how developers will use this API

Portal Design

Remove this section if the feature have no Portal

API Design

Remove this section if the feature have no API

Open Questions

Put a list of open questions here before a complete design / specification is decided

Related Issues

  • Server Issues
  • Client Issues
  • Guides Issues
@chpapa chpapa added area/User Auth section/Core skygear server/plugins/sdk vote/2 labels Sep 6, 2018
@chpapa
Copy link
Contributor

chpapa commented Sep 6, 2018

👍 for this.

@carmenlau carmenlau mentioned this issue Sep 18, 2018
Merged
@carmenlau carmenlau mentioned this issue Sep 21, 2018
Merged
Steven-Chan added a commit to SkygearIO/skygear-SDK-Android that referenced this issue Sep 24, 2018
@Steven-Chan
Encrypt current user data when storing into SharedPreferences
c5077ea 
Refs SkygearIO/features#250.
@Steven-Chan Steven-Chan mentioned this issue Sep 24, 2018
Merged
Steven-Chan added a commit to SkygearIO/skygear-SDK-iOS that referenced this issue Sep 26, 2018
@Steven-Chan
Store access token and current user record in keychain
3f33f63 
Refs SkygearIO/features#250.
This was referenced Sep 27, 2018
Merged
Merged
@tensiuyan tensiuyan reopened this Sep 28, 2018
carmenlau added a commit to SkygearIO/skygear-SDK-iOS that referenced this issue Oct 2, 2018
@carmenlau
Store access token and current user record in keychain
3ef2b24 
Refs SkygearIO/features#250.
carmenlau added a commit to SkygearIO/skygear-SDK-Android that referenced this issue Oct 2, 2018
@carmenlau
Encrypt current user data when storing into SharedPreferences
1734129 
Refs SkygearIO/features#250.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carmenlau carmenlau

Labels
area/User Auth section/Core skygear server/plugins/sdk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chpapa @carmenlau @tensiuyan