Is it safe to store token as password with blank username.
See original GitHub issueIn the begining I stored my token by AsyncStorage
, but as I found in https://github.com/facebook/react-native/issues/1032, keychain could be much safer to do it.
So I’m wondering if it’s safe to store my token like this:
var server = 'http://facebook.com';
Keychain
.setInternetCredentials(server, '', token)
.then(function() {
console.log('Credentials saved successfully!');
});
Since the API will only return a token, there’s no username here.
Issue Analytics
- State:
- Created 7 years ago
- Comments:6
Top Results From Across the Web
Is it ok to store user credentials in the JWT - Stack Overflow
Nowhere does the JWT website say "you can store passwords in the token". Authentication can be done in other ways, without password. –...
Read more >security - Is it good idea to save user/password and get token ...
No, it is not a good idea to store the user's password. Saving the password is easy to get wrong and creates another...
Read more >How really to store and check passwords (and API tokens ...
There's no reason you can't do both. You can start by hashing the passwords users give you to signup, and then before storing...
Read more >JWT authentication: Best practices and when to use it
We only store enough information to identify the user in the jwt token. It can be the user's id, email, or even another...
Read more >Token Storage - Auth0
Learn how and where to store tokens used in token-based authentication. ... Auth0 recommends storing tokens in browser memory as the most secure...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Agreed here! Any updates on this?
Hey, ideally we don’t want to store the username and password combo on the device, but an encrypted token. From what I’ve seen this library is referenced as the secure solution to store the token but I can’t see anywhere on the library of an example of how to do this.
Currently, I’m toying with the idea of using the
setGenericPassword
with the username and token combination and explaining this in the code comments however it doesn’t seem like the best solution. Any thoughts on this? I feel asetAuthToken
or something similar may be beneficial with a good example? Has anyone stored an auth token using this library.