How to fetch, store, refresh access tokens?

Hi,

I am consuming a bunch of OAuth REST endpoints in a mobile app. For each REST API request, I am hitting the access token endpoint. I am sure there is a better way considering there aren't any session variables in mobile app. Please suggest.

Regards,

Prasanna CS

Store the tokens in local database?
Or in JavaScript variables (as the mobile applications are one page applications)? 

Prasanna Selvaraj wrote:

Hi,

I am consuming a bunch of OAuth REST endpoints in a mobile app. For each REST API request, I am hitting the access token endpoint. I am sure there is a better way considering there aren't any session variables in mobile app. Please suggest.

Regards,

Prasanna CS

Hi Prasanna Selvaraj,
Did u solve the same?


Hello Selvaraj,

A few approaches that are possible.

1) Local database. 

Create a local entity and store & retrieve it 

2) Javascript variables 

  They would be available as long as your app is running. Not persisted across logins 

3) Forge has plugins like 

   KeyStore Plugin : This plugin allows your application to securely store secrets such as usernames, passwords, tokens, certificates or other sensitive information (strings) on iOS & Android phones. This component is published by OutSystems R& D Team.  (My recommendation)

 Alternatives 

    SharedPreferences (published by me) , Android IOS Shared USer Preferences 

    These plugins store key, value pairs and this is presisted across logins.


Regards

Amal

Amal Raj wrote:

Hello Selvaraj,

A few approaches that are possible.

1) Local database. 

Create a local entity and store & retrieve it 

2) Javascript variables 

  They would be available as long as your app is running. Not persisted across logins 

3) Forge has plugins like 

   KeyStore Plugin : This plugin allows your application to securely store secrets such as usernames, passwords, tokens, certificates or other sensitive information (strings) on iOS & Android phones. This component is published by OutSystems R& D Team.  (My recommendation)

 Alternatives 

    SharedPreferences (published by me) , Android IOS Shared USer Preferences 

    These plugins store key, value pairs and this is presisted across logins.


Regards

Amal

Thanks Amal,
Can you share the approach for fetch & refresh token from inApp

Kindly.


Prasanna Selvaraj wrote:

Hi,

I am consuming a bunch of OAuth REST endpoints in a mobile app. For each REST API request, I am hitting the access token endpoint. I am sure there is a better way considering there aren't any session variables in mobile app. Please suggest.

Regards,

Prasanna CS


You can use javascript localStorage:

  1. localStorage.setItem("key", "value");
  2. var somevar = localStorage.getItem("key");
  3. localStorage.removeItem("key");

Nice way to do it is have a structure with token (+ other attributes, ie: timestamp, exp date etc.) serialized into a string (+compress +encrypt) and then save it.

assif_tiger wrote:

Amal Raj wrote:

Hello Selvaraj,

A few approaches that are possible.

1) Local database. 

Create a local entity and store & retrieve it 

2) Javascript variables 

  They would be available as long as your app is running. Not persisted across logins 

3) Forge has plugins like 

   KeyStore Plugin : This plugin allows your application to securely store secrets such as usernames, passwords, tokens, certificates or other sensitive information (strings) on iOS & Android phones. This component is published by OutSystems R& D Team.  (My recommendation)

 Alternatives 

    SharedPreferences (published by me) , Android IOS Shared USer Preferences 

    These plugins store key, value pairs and this is presisted across logins.


Regards

Amal

Thanks Amal,
Can you share the approach for fetch & refresh token from inApp

Kindly.


Hello Assif

Can you explain what you mean by inApp. 

Do you mean, the refresh token that typically is sent in the callback url ?

Will need to investigate, In the past I used Auth0 end points to get the tokens and refresh tokens. 

Regards


Amal Raj wrote:

assif_tiger wrote:

Amal Raj wrote:

Hello Selvaraj,

A few approaches that are possible.

1) Local database. 

Create a local entity and store & retrieve it 

2) Javascript variables 

  They would be available as long as your app is running. Not persisted across logins 

3) Forge has plugins like 

   KeyStore Plugin : This plugin allows your application to securely store secrets such as usernames, passwords, tokens, certificates or other sensitive information (strings) on iOS & Android phones. This component is published by OutSystems R& D Team.  (My recommendation)

 Alternatives 

    SharedPreferences (published by me) , Android IOS Shared USer Preferences 

    These plugins store key, value pairs and this is presisted across logins.


Regards

Amal

Thanks Amal,
Can you share the approach for fetch & refresh token from inApp

Kindly.


Hello Assif

Can you explain what you mean by inApp. 


Regards


Sorry for typo*, it's inAppBrowser Plugin.
I am planning to open a web-view * then get respective token after SSO procedure.
Perhaps what Arley Silveira wrote above can be done!!
What do you think?


Amal Raj wrote:

assif_tiger wrote:

Amal Raj wrote:

Hello Selvaraj,

A few approaches that are possible.

1) Local database. 

Create a local entity and store & retrieve it 

2) Javascript variables 

  They would be available as long as your app is running. Not persisted across logins 

3) Forge has plugins like 

   KeyStore Plugin : This plugin allows your application to securely store secrets such as usernames, passwords, tokens, certificates or other sensitive information (strings) on iOS & Android phones. This component is published by OutSystems R& D Team.  (My recommendation)

 Alternatives 

    SharedPreferences (published by me) , Android IOS Shared USer Preferences 

    These plugins store key, value pairs and this is presisted across logins.


Regards

Amal

Thanks Amal,
Can you share the approach for fetch & refresh token from inApp

Kindly.


Hello Assif

Can you explain what you mean by inApp. 

Do you mean, the refresh token that typically is sent in the callback url ?

Will need to investigate, In the past I used Auth0 end points to get the tokens and refresh tokens. 

Regards


Hi 

Found this article 

https://medium.com/@jlchereau/stop-using-inappbrowser-for-your-cordova-phonegap-oauth-flow-a806b61a2dc5 


Regards