After validating and storing a users credentials in the keychain, how often do I need to check if they are still there or still valid? Should I call a method on each ViewDidAppear and check if they are bad or don't exist then show the login modal?
Note : Once you stored users credentials in the keychain successfully then keyChain credentials persist after your app is deleted. So need to worry about checking if they are still there or still valid
Also don't forget remove users credentials from the keychain before application gets uninstalled
Refer keychain demo link.
Related
I store the token received from an API sign in process in the user's keychain. Then for all further requests to the API I get the token from the keychain to send to the API. This happens with each request made to the API. As I have understood the keychain is the right place to store sensitive information, so I'm not storing the token in the user defaults.
On iOS everything works as expected, but on macOS, there's an alert appearing that the App wants access to the keychain. The user can then select to allow it once or to allow it always. This has two major issues:
if the user chooses "once" the dialog will appear over and over again with each request the App does.
if the user chooses "always" the dialog will not appear for some time, but after a while it will reappear nevertheless.
Why is this behavior totally different between iOS and macOS? Or did I forgot to configure something?
From a security point of view, would it be okay to read the token once at the start of the app and store it in a property?
Although the Keychain on iOS and macOS share lots of similarities, there is one big difference between the two. iOS only has a single Keychain, whereas macOS can create any amount of Keychains. You can find more info on that here.
This means that we will have to tell the macOS Keychain to behave like the iOS Keychain, which we can via the kSecUseDataProtectionKeychain key, documented here. Setting this flag to true should solve your issue.
As a tester, I want to test the credentials which saved in IOS keychain.
scenarios which App can not contact the keychain, Crashed credentials (how to crash?), does the correct credentials use in all the times, Does the credentials remove when the app close and uninstall... etc. How do I do that as a tester?
thanks
I have an application already in the store that use Keychain to store passwords.
I want to publish an update of the application, the problem is that I don't have the original certificate anymore (it was expired and I created another).
Reading Apple's documentation it says:
Note: On iPhone, Keychain rights depend on the provisioning profile
used to sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application.
If I edit my provisioning profile with a different certificate, will my users lose their passwords when I will upgrade the application?
Thanks
if you can upload the app into the store (so update the old one), the users will not recognize anything of this ;)
What's saved in their keychain will be bound to the Bundle an stays at least until the application is deleted.
You can revoke and re-create your cert, and assign it to your provisioning profile without any further consequences.
May be it will be a too startup question.
We have developed an iPhone application and its uploaded in the Appstore. We have our own login mechanism, facabook login, and twitter login. Our users reporting an issue that, when the app is started and the iphone device is restarted (switched off), the application is also logged out. And users needs to login again. We have checked Facebook app. It keeps logged in when the device is restarted (switched off). We also want to do like that. Can you have suggest mechanism to do like that.
Store the Username and password in the keychain. When the app starts up, then grab the username and password from the keychain and execute the method for login.
John
You can can Store your acessToken (facebook) with NSUserDefaults, CoreData or FileSystem. I will not suggest you to save your login/password inside your app. If you need to do this, its better save data user(name,address,celphone...) but not the access, like login/password. Its more safe. Of course, you can use KeyChain, but will each in what are you thinking doing with the app.
NSUserDefaults
Save string to the NSUserDefaults?
File System - apple guide
http://developer.apple.com/library/mac/#documentation/FileManagement/Conceptual/FileSystemProgrammingGUide/FileSystemOverview/FileSystemOverview.html
Core Data
Save and Load Data - CoreData
What is the best/most secure way for my iPhone app to remember Username and Password credentials, so that the user will not have to reenter them every time they use my app? (My app will be logging in to a server using these credentials and returning some data).
Thanks!
The best place would be the keychain. It is automatically encrypted and backed up. However, on older iOS versions, the backup would not be accessible after a restore. See the Keychain Services Programming Guide and Keychain Services Reference.
Try this SFHFKeychainUtils https://github.com/ldandersen/scifihifi-iphone/tree/master/security
It's drop dead simple and works like NSUserDefaults
There are two ways to store user/pass.
keychain api
NSUserDefaults
To learn more about it,open the iOS developer library on http://developer.apple.com