如何在React Native应用程序中确保客户端JSON Web令牌安全? [英] How to keep client JSON web token secure in a React Native app?

问题描述

我们正在为iOS开发一个React Native应用，并且正在使用基于node + express + jsonwebtoken构建的内部API.

We are building a React Native app for iOS and we are using an internal API built on node + express + jsonwebtoken.

当用户使用用户名/密码登录时，服务器会验证这些凭据并将其发送回客户端JSON Web令牌，然后必须将其与每个API请求一起发送.因此，React本机应用程序必须存储此令牌.

When the user logs in with username/password, the server validates those credentials and sends the client back a JSON web token that they must then send along with every API request. So the React native app must store this token.

如何在React本机应用程序中安全地存储此客户端令牌?除了将令牌存储在变量中之外，是否还需要采取其他任何步骤?

How do I securely store this client token in the React native app? Is it necessary to take any additional steps besides just storing the token in a variable?

推荐答案

要与应用无关，我将使用

To be app agnostic, I would store it using ASyncStorage. In fact I am testing this on a new project.

这篇关于如何在React Native应用程序中确保客户端JSON Web令牌安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！