Storing access token with Expo web - react-native

I've recently decided to try and make a universal app with expo supporting ios, android and web altogether.
I knew that there would be many hick ups along the way.. but I found the biggest problem from the start.
I can see that there are few options as where to store the access token for apps such as secure store or asyncStorage, I just simply can't find a way to work with cookies or any client side store to put in the access-token.
As my app should have the stay logged in feature essentially, this will be a critical problem for the web client.
Does anybody know a good workaround this matter, or is there a way to keep the users logged in from the server side using the device / ip detail..?
Please enlighten me guys!

The web support is available in asyncStorage since v1.9.0.
So you can use it in recent versions of asyncStorage.

I've managed to do this with AsyncStorage.
import AsyncStorage from '#react-native-community/async-storage';
/// Then inside your component make an asynchronous set
await AsyncStorage.setItem(['tokenName', tokenValue]);

Related

Setting the User Context App Insights for React Native

We have a React Native app and we are logging to App Insights using the "applicationinsights-react-native package", this all works fine in a sense, but we are trying to start using the monitoring side of things which uses a User ID. Now I'm pretty sure that whatever the User ID that the (app insights) package is using for a user ID won't cause too many problems if we kept it, but it won't be right.
The ApplicationInsights class has a setAuthenticatedUserContext method, however the comments seem to refer to cookies suggesting it's a React package re-purposed and this GitHub post https://github.com/microsoft/appcenter-sdk-react-native/issues/503 suggests we can't use it, however the response is for the React Natve AppCenter package which we are not using. We are using App Insights direct.
So I was wondering if there was a way to set our user_Id/User context if we are using App Insights directly from a React Native app?
It looks like setAuthenticatedUserContext does work if you talk to App Insights directly and not theough Appcenter, it's possible that it works through Appcenter now as well, I have not tested so I am not sure.
If you want to check that this ends up as on the App Insighst side, it appears as a property called user_AuthenticatedId.

Authentication with Vue/Electron Application

I'm building an application with Vue and Electron, and I'm wondering what the best approach is for authenticating users.
I'm using JSStore as a wrapper for IndexedDB as my database. I'm familiar with using bcryptjs as a means for authenticating users when I create Node backend and have traditional /login or /signup routes.
But this is where I'm starting to get confused. Do I need to set up a Node server to start up when my application starts up? Because given that I'm using IndexedDB, I don't know that it makes sense to have a process of Sign Up --> Request to Node Server --> Send data back to browser
Would I be better served using a different type of database? Could I do something such as adding bcryptjs to the Vue prototype, so that's it's accessible where I need it to work with JS Store? Are there security concerns that I should be aware of with an approach like that?
At this point I'm stuck, and have more questions than answers. I've done some looking around for articles, and I find a lot of content about setting up authentication with Vue, but not within the context of an Electron application. I'm not sure how that variable changes things.
Any advice or direction would be greatly appreciated.
JsStore is client side technology, which means if you are setting up authentication in client side, it will be available only to that device.
Let's understand it more by use case -
Say your application named My Awesome app has authenticaion implemented. User register it and then they are able to use it after registration. They are logging out and signing in again with registration data and everything is working normal.
Here is what wrong with this approach -
User buys another pc and installed application My Awesome app, he tries to login but unable to login because registration data does not exist on their new PC.
Due to some issue, user hard disk crashed & he installed new hard disk. Same thing as above he is not able to log in.
So it is recommended to implement the signin on some server & keep data there.

React Native PayPal integration without server dependency?

I have tried with using Web view and having a Node server with paypal-rest-sdk as backend.
The flow seems to be a work around. Is there any way to directly integrate the Paypal with React Native code without any server calls or web views.
This isn't really a React question -- if no server is used, then you would be doing a client-only HTML/JS integration such as this one: https://developer.paypal.com/demo/checkout/#/pattern/client
That's possible to do. It would all be happening in a full mobile web experience, which then becomes the PayPal Checkout.
If your question was whether it's technically possible to do "server"-style REST API calls from a purely native React app, please put that thought out of your mind. Your 'secret' API key should never be in the possession of a client-side App.

How to connect my react native app to existing database using Amplify?

I have react native app that already at the store.
I decided to move my database and my frontend and backend using Amplify.
I would like to connect my react native app using Amplify too, my needs are to check if user is sign in and get access token, refresh token, token expired date, sign out and using the different apis on the backend to get data...
I was looking on different documents like this one but couldn't find a way to connect to exist one, the only option I have seen is to create a new database only for the mobile...
What are my options? I thought maybe I should create login and refreshToken functions in the backend and only call those functions every time I need to log in or refresh a token... or maybe I should use configuration file somewhere? I was thinking about this file awsExports but not sure this is the right one, there's no explanation about it
Thanks in advance

Which one is best way to store user token react-native-keychain or android AccountManager?

I'm developing react native application and I have doubts about some security. what is the best way to store user auth token react-native-keychain or account manager?
react-native-keychain
Thanks
According to me Asyncstorage is safe place to store token because your storage file is created in internal storage inside your application package name folder and internally AsyncStorage uses sharedPreference with private context So no other application can access your application's storage file until and unless the phone is not rooted and not jailbreaked. However, User have physical access to the device so he/she can extract files by connecting the phone to the laptop and see document directory so for that what you can do is encrypt your sensitive data.
react-native-keychain is good to handle your use-case. It uses facebook-conceal encryption algorithm internally.
Happy Coding :)
There is another package react-native-sensitive-info,which has the same easy api with localstorage.