Nativescript storing user tokens

Question

Is it a good practice or am i missing something? I wan't to store user access and refresh token returned from a Web API in application-settings or do we have password vault equivalent in nativescript or do we use sql lite My requirement is that my tokens should not be allowed to access by other apps installed on device. Thanks for the help in advance Regards

Emil Oberg · Answer 1 · 2020-03-20T15:49:25.120

21

If you just want to store a simple string, only accessible by the app itself (and no other app), using the Application Settings is the way to go.

var appSettings = require('application-settings');

// Trying to get a string which is not set yet
var token = appSettings.getString('token', 'defaultValue');
console.log(token); // defaultValue

// Setting the string
appSettings.setString('token', 'abc123');

// Getting the string
token = appSettings.getString('token', 'defaultValue');
console.log(token); // abc123

There's no vault (yet?).

If you want to store some more database-like data, there's a sqlite module available, however, for only storing a simple string or two, this would be way overkill and I'd go for the application-settings way described above.

https://www.npmjs.com/package/nativescript-sqlite

edited Mar 20 '20 at 15:49

answered Aug 27 '15 at 08:12

Emil Oberg

4,006
18
30

1

What is the life cycle of value stored in application-setting module? Is it store once is it available all the time even if user close the app and start it again? – Atul Chaudhary Aug 27 '15 at 12:05
2

Yup. Stored until the user removes the application from the device. – Emil Oberg Aug 27 '15 at 14:14
3

Application settings uses Shared preferences in Android which is not secure and can be accessed by other applications. It can be even viewed by a simple text editor in plain text if the phone has root access. DO NOT USE application settings to save user tokens – itaintme Nov 29 '18 at 02:29
There's a new link: https://docs.nativescript.org/ns-framework-modules/application-settings – Alexander Kim Feb 21 '19 at 13:33
@itaintme what do you suggest instead? There are plenty of apps which don't require user to login every time its started. – Andrej Oct 20 '20 at 22:55
2

@Andrej you can use `nativescript-secure-storage` https://github.com/EddyVerbruggen/nativescript-secure-storage or use an encrypted database. These are way better than plaintext application settings – itaintme Oct 21 '20 at 16:38

Nativescript storing user tokens

1 Answers1