Open Closed

.NET MAUI mobile application uses Preferences instead of SecureStorage for JWT Tokens #3714


User avatar
0
improwise created

As I understand it, the MAUI mobile application generated by ABP Suite seem to use Preferences instead of SecureStorage for storing JWT tokens which AFAIK isn't the recommended way of doing it as it is not as secure as SecureStorage. There is even a community post about this

https://community.abp.io/posts/using-abp-client-proxies-in-maui-with-openid-connect-em7x1s8k

private async Task SetTokenCacheAsync(string accessToken, string refreshToken)
{
    await _storage.SetAsync(IssueTrackrConsts.OidcConsts.AccessTokenKeyName, accessToken);
    await _storage.SetAsync(IssueTrackrConsts.OidcConsts.RefreshTokenKeyName, refreshToken);
}

private async Task ClearTokenCacheAsync()
{
    await _storage.RemoveAsync(IssueTrackrConsts.OidcConsts.AccessTokenKeyName);
    await _storage.RemoveAsync(IssueTrackrConsts.OidcConsts.RefreshTokenKeyName);
}

public class DefaultStorage : IStorage, ITransientDependency
{
    public Task<string> GetAsync(string key)
    {
        return Task.FromResult(Preferences.Get(key, string.Empty));
    }

    public Task SetAsync(string key, string value)
    {
        Preferences.Set(key, value);
        return Task.CompletedTask;
    }

    public Task RemoveAsync(string key)
    {
        Preferences.Remove(key);
        return Task.CompletedTask;
    }
}

7 Answer(s)
  • User Avatar
    0
    enisn created
    Support Team .NET Developer

    Hi @improwise

    As mentioned in article, Secure Storage requires platform-specific configuration. Preferences usage is for development purposes. You should replace it for production.

  • User Avatar
    0
    improwise created

    Hi @improwise

    As mentioned in article, Secure Storage requires platform-specific configuration. Preferences usage is for development purposes. You should replace it for production.

    Even so that should probably be highlighted more than it is today, as I would assume that most people would assume that generated code is "best in class" and being ready for production (as ready as anything MAUI can be).

    Just noticed that it was your community post I linked to :)

  • User Avatar
    0
    enisn created
    Support Team .NET Developer

    Thanks for your feedback, We'll make it more visible in the template and documentation.

  • User Avatar
    1
    enisn created
    Support Team .NET Developer

    We completed all the configurations in the template and add a section to the documentation about iOS configuration. With the new version, SecureStorage will be used in startup templates.

  • User Avatar
    0
    improwise created

    We completed all the configurations in the template and add a section to the documentation about iOS configuration. With the new version, SecureStorage will be used in startup templates.

    Great. thanks. Is that expected to make the version 6 release then?

  • User Avatar
    0
    enisn created
    Support Team .NET Developer

    Yes, it'll be included in v6.0 and it'll be released very soon.

  • User Avatar
    0
    improwise created

    Yes, it'll be included in v6.0 and it'll be released very soon.

    Quick question, how do we keep track of changes between versions in the ABP Commercial as I would imagine those are never available via GitHub, neither as Issues nor code? By creating a new ABP Suite project I can see that this changes seem to be included now but would like to be able to track changes more in detail. Thanks.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19