I have a web app that communicates with an auth server that stores the access & refresh token in an httpOnly cookie when the user logs in, now building an app so what is the best practice for storing those tokens in React-Native (I am using bare react native not expo), I have microservices architecture so what more recommended to create a auth server for the app? or to add more controllers, routes, services in the existing auth server?
Question posted in React native
The official React Native documentation can be found here.
2
Answers
Use React Native Token Storage
Best Practices include
Utilizing secure storage methods in React Native for token storage. Options such as AsyncStorage, SecureStore (Expo), and encrypted storage libraries provide better security for sensitive data like tokens. Avoid using AsyncStorage alone for storing tokens to ensure data is not stored in plain text.
Handling Tokens and Authentication in Microservices Architecture
which you already using by using auth and refreshing a token.
referances:
A Bullet-Proof Approach to Storing Sensitive User Data in React Native, Is React Native’s Async Storage secure?, Safeguarding Your Data in React Native: Secure Storage Solutions, OWASP JWT cheatsheet, JWT Best Practice, How JWT is reliable?, JWT secure approach to web app
I would recommend to use react-native-mmkv with zustand.
Also you can persist it using a middleware.
https://github.com/mrousavy/react-native-mmkv/blob/main/docs/WRAPPER_ZUSTAND_PERSIST_MIDDLEWARE.md