Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is it safe to store token as password with blank username.

See original GitHub issue

In the begining I stored my token by AsyncStorage, but as I found in https://github.com/facebook/react-native/issues/1032, keychain could be much safer to do it.

So I’m wondering if it’s safe to store my token like this:

var server = 'http://facebook.com';
Keychain
  .setInternetCredentials(server, '', token)
  .then(function() {
    console.log('Credentials saved successfully!');
  });

Since the API will only return a token, there’s no username here.

Issue Analytics

State:
Created 7 years ago
Comments:6

Top GitHub Comments

3reactions

sauhardarcommented, Jul 14, 2020

Agreed here! Any updates on this?

3reactions

Parrryycommented, Aug 13, 2019

Hey, ideally we don’t want to store the username and password combo on the device, but an encrypted token. From what I’ve seen this library is referenced as the secure solution to store the token but I can’t see anywhere on the library of an example of how to do this.

Currently, I’m toying with the idea of using the setGenericPassword with the username and token combination and explaining this in the code comments however it doesn’t seem like the best solution. Any thoughts on this? I feel a setAuthToken or something similar may be beneficial with a good example? Has anyone stored an auth token using this library.