quick poll, do you store access/refresh tokens in ...
# android-architectureu
ursus
02/16/2021, 5:38 AMquick poll, do you store access/refresh tokens in shared prefs or sqlite?
w
Will Shelor
02/16/2021, 5:55 AM(Previous answer was wrong. See longer answer below 🙂 )
j
Joost Klitsie
02/16/2021, 11:17 AMIf you want your token stolen I guess you can use both 😄
Joost Klitsie
02/16/2021, 11:18 AMI would use the new security library for that
Joost Klitsie
02/16/2021, 11:18 AMJoost Klitsie
02/16/2021, 11:19 AManyway if you would use shared prefs make sure you make it async (as you are doing disk i/o)
🙏 1
Joost Klitsie
02/16/2021, 11:23 AMmaybe jetpack datastore is interesting: https://developer.android.com/topic/libraries/architecture/datastore
🙏 1
s
streetsofboston
02/16/2021, 1:05 PMStore them in encrypted shared prefs.
And, depending on our client, guarded by a biometric prompt.
b
Bhaskar
02/16/2021, 2:03 PMI would say use shared pref for faster access compared to sqlite. Plus as per your requirement your value looks like key-value pair, which will keep on getting updated. For adding security use encryption before saving.
u
ursus
02/16/2021, 6:10 PMI have it in shared prefs too, but contemplating putting in sqlite, since I alraedy have it for actual data .. and would get transactions, migrations etc ..not worth it?
w
Will Shelor
02/16/2021, 9:39 PM… actually, I dug into this a bit, and turns out we’re using the AccountManager. We’re not storing the tokens ourselves- we’re letting them be managed by Google, connected to the account we create for the user as part of onboarding.
u
ursus
02/17/2021, 3:11 AMim not really fan of that, unless you have multiple apps using the same account; since that will survive app uninstall
3 Views