Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically secure tokens for react-native apps - don't use async storage #10474

Closed
2 tasks
bearsworth opened this issue Oct 13, 2022 · 2 comments
Closed
2 tasks

Automatically secure tokens for react-native apps - don't use async storage #10474

bearsworth opened this issue Oct 13, 2022 · 2 comments
Assignees
@cwomack
Labels
Auth Related to Auth components/category feature-request Request a new feature pending-response Issue is pending response from the issue requestor React Native React Native related issue

Comments

@bearsworth
Copy link

Is this related to a new or existing framework?

React Native

Is this related to a new or existing API?

Authentication

Is this related to another service?

No response

Describe the feature you'd like to request

For react native apps, Amplify will default to using react native async storage for storing of tokens. I believe this is a vulnerability, but for now I am requesting this as a feature request.

In your API, it appears there is a way to change this:
https://docs.amplify.aws/lib/auth/manageusers/q/platform/js/#managing-security-tokens

But by default, token storage should not be unencrypted.

Describe the solution you'd like

Find a package such as the few recommended from React-Native and implement token storage for app developers automatically. Leave the ability for them to change the package as you have done, but by default do not use unencrypted storage for tokens.

Describe alternatives you've considered

There should not be an alternative in this case. Please implement secure token storage by default for React Native apps. Please do not use async storage or future updates of async storage to secure tokens.

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change
@bearsworth bearsworth added the feature-request Request a new feature label Oct 13, 2022
@tannerabread tannerabread added Auth Related to Auth components/category React Native React Native related issue labels Oct 14, 2022
@haverchuck haverchuck added the pending-triage Issue is pending triage label Oct 24, 2022
@cwomack cwomack self-assigned this Dec 1, 2022
@cwomack
Copy link
Contributor

cwomack commented Dec 1, 2022

Hey @bearsworth, is there a specific feature request that's separate from the scope of #3436 that you were looking to have covered in this issue?

I know you left a recent comment on that one regarding opening this ticket for a feature request, but ideally we'd like to keep any suggestions/context from the community and context within one issue for efficiency as we work on a fix/solution.

@cwomack cwomack added pending-response Issue is pending response from the issue requestor and removed pending-triage Issue is pending triage labels Dec 1, 2022
@bearsworth
Copy link
Author

@cwomack They are related, and I will be closing this. I just hope you guys can implement this as it seems like a very important item among the more important ones you guys are already doing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwomack cwomack

Labels
Auth Related to Auth components/category feature-request Request a new feature pending-response Issue is pending response from the issue requestor React Native React Native related issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@haverchuck @bearsworth @tannerabread @cwomack