Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserDefaults Storage – Security Concern #64

Open
floschliep opened this issue Apr 1, 2024 · 1 comment
Open

UserDefaults Storage – Security Concern #64

floschliep opened this issue Apr 1, 2024 · 1 comment

Comments

@floschliep
Copy link

Hi there,

I was glancing through the implementation of SuperTokensURLProtocol and noticed that you're using UserDefaults to store various sensitive user data (access token, refresh token, etc).

UserDefaults is generally not considered secure storage on Apple Platforms and it's best practice use use Keychain Services for this.

Is this a known issue to you and are you planning on fixing this?
@rishabhpoddar
Copy link
Contributor

Hey @floschliep thanks for this issue. It's a valid concern. We will add it to our timelines to fix it, but it's unknown at the moment. This issue may not be that serious cause the access token's lifetime is generally small, we use rotating refresh tokens to detect refresh token theft.

That being said, we are open to accepting PRs :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@floschliep @rishabhpoddar