2

Almost all answers about access token says you need to store it in keychain, however the access token I am implementing is only valid for 5 minutes after a user login. The access token is returned by the login API.

Right now the implementation is it is being stored in keychain which then creates problems for customers since the access token is not cleared in keychain when the OS suspends or terminates the app, this happens when a user signs in and never signs out. There is no 100% way to detect this.

Due to a bad design, we have na existing API that is called in pre-login or post login, and will have different response that depends if you pass an access token, the invalid access token gets passed and the user sees an error even if he just launched the app.

Since the access token is short-lived, I want to fix this issue by not saving it in keychain and just keep it in memory/singleton variable so that it only lives for as long as the app is active/running.

Any thoughts on this?

James Reed
  • 21
  • 2
  • Why use storage at all? – lorem ipsum Jul 17 '23 at 19:33
  • It seems like the previous developer of the app just google where to store tokens and just store them in keychain without realising that it is pointless. – James Reed Jul 18 '23 at 02:35
  • 1
    @JamesReed The lifetime of a token will be set by the authorisation server. So, the app developer can't say how long it is valid. If there is benefit in storing an access token persistently, storing it in the KeyChain is definitely the right approach. – CouchDeveloper Jul 18 '23 at 10:31
  • 1
    Usually, you pair an access token with a _refresh token_. The refresh token has much longer lifetime. When you get a 401 from the server, you interrupt the resource request, fetch a new access token from the authorisation server with sending the refresh token, then update your resource request, and retry it. – CouchDeveloper Jul 18 '23 at 10:35

1 Answers1

1

If the data is exclusively used while running, there is no benefit to storing it in the keychain. One might imagine cases where there were a benefit due to clearing the token when not in use, but it is incredibly difficult to actually clear data from memory (and especially in Swift), so this is unlikely to be useful. You're going to have somewhere between "just as good" and better data protection by only storing it in memory. You certainly won't make things worse.

Rob Napier
  • 286,113
  • 34
  • 456
  • 610
  • Thanks, I cannot confirm if the app that is put into a suspended state without being terminated by the OS will clear a global variable when the user relaunches the app. Any idea on this? – James Reed Jul 18 '23 at 02:41
  • 1
    If it is suspended, all of its memory will be preserved. If it's terminated, its memory will be freed. A program couldn't resume from suspension if random parts of its memory were cleared without warning. There are some specific exceptions (see things like NSPurgeableData), and some memory is actually stored outside the process (often related to URLSessions), but these aren't going to be surprises. The system is not going to drop a global variable you define without dropping your whole application. – Rob Napier Jul 18 '23 at 12:44