如何在 React Native 应用程序中保持客户端 JSON Web 令牌的安全? [英] How to keep client JSON web token secure in a React Native app?

问题描述

我们正在为 iOS 构建一个 React Native 应用程序，我们正在使用基于 node + express + jsonwebtoken 构建的内部 API.

We are building a React Native app for iOS and we are using an internal API built on node + express + jsonwebtoken.

当用户使用用户名/密码登录时，服务器会验证这些凭据并向客户端发回 JSON Web 令牌，然后客户端必须将其与每个 API 请求一起发送.所以 React 原生应用必须存储这个令牌.

When the user logs in with username/password, the server validates those credentials and sends the client back a JSON web token that they must then send along with every API request. So the React native app must store this token.

如何将这个客户端令牌安全地存储在 React 本机应用程序中?除了将令牌存储在变量中之外，是否需要采取任何其他步骤?

How do I securely store this client token in the React native app? Is it necessary to take any additional steps besides just storing the token in a variable?

推荐答案

对于 iOS，您可以将其存储在钥匙串中...https://auth0.com/docs/libraries/lock-ios/save-and-refresh-jwt-tokens

For iOS, you'd store that in the keychain... https://auth0.com/docs/libraries/lock-ios/save-and-refresh-jwt-tokens

在我发现的 react native 中，有几种方法可以做到这一点.可能还有其他人.可能有更好的选择.这正是我很快发现的.

Here's a couple ways of doing that in react native that I found. There may be others. There may be better options. This is just what I found quickly.

https://github.com/search?utf8=%E2%9C%93&q=react-native+钥匙串

对于 Android，您可以将其存储在 SharedPreferences 或者更好的 KeyStore 因为它是加密的那里.

For Android, you'd store that in either the SharedPreferences or maybe even better the KeyStore since it's encrypted there.

这篇关于如何在 React Native 应用程序中保持客户端 JSON Web 令牌的安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！