Automatically secure tokens for react-native apps - don't use async storage #10474
Labels
Auth
Related to Auth components/category
feature-request
Request a new feature
pending-response
Issue is pending response from the issue requestor
React Native
React Native related issue
Is this related to a new or existing framework?
React Native
Is this related to a new or existing API?
Authentication
Is this related to another service?
No response
Describe the feature you'd like to request
For react native apps, Amplify will default to using react native async storage for storing of tokens. I believe this is a vulnerability, but for now I am requesting this as a feature request.
In your API, it appears there is a way to change this:
https://docs.amplify.aws/lib/auth/manageusers/q/platform/js/#managing-security-tokens
But by default, token storage should not be unencrypted.
Describe the solution you'd like
Find a package such as the few recommended from React-Native and implement token storage for app developers automatically. Leave the ability for them to change the package as you have done, but by default do not use unencrypted storage for tokens.
Describe alternatives you've considered
There should not be an alternative in this case. Please implement secure token storage by default for React Native apps. Please do not use async storage or future updates of async storage to secure tokens.
Additional context
No response
Is this something that you'd be interested in working on?
The text was updated successfully, but these errors were encountered: