authlogic & iOS, should I be saving password or tokens, and how?

Question

I'm very new to writing web apps and writing iPhone apps. I have a simple web app ready to go which uses authlogic to have users sign in / register.

I want to allow users of the iPhone app to sign in and register. In order to do this, I am planning to use ASIHTTP. I am doing that based off of this stackoverflow topic: Authlogic and iPhone app login

Is that the best of way of going about it or are there better/easier methods of doing it? I wanted to try to use ObjectiveResource, but unfortunately I cannot access the iphoneonrails.com website.

Now, assuming I can get the system hooked up, how do I save passwords on the device? I want the user to have to log in just once. Do I save some authlogic token or should I be saving the username/password to the keychain in iOS? To me it seems to make sense to save the single use token.

Answer 1

The accepted answer is not secure. You should not save sensitive information in NSUserDefaults; use the Keychain instead.

See: iOS: How to store username/password within an app?

Answer 2

You can use NSUserDefaults to store the simple information like username and passwords

NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];

[prefs setObject:username.text forKey:@"username"];
[prefs setObject:password.text forKey:@"password"];
[prefs synchronize];

For Retrieving the data you can use

NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];

NSString *u = [prefs stringForKey:@"username"];
NSString *p = [prefs stringForKey:@"password"];

Update:

There is a better way to store credentials in Cocoa, please see @Pius Uzamere answer for storing credentials. Please see this link for example code: http://iosdevelopertips.com/core-services/using-keychain-to-store-username-and-password.html