Save/Retrieve access token in AndroidKeyStore
from the CommonsWare Community archivesAt August 8, 2019, 10:07am, rd7773 asked:
How to save/retrieve api access token that we usually save in shared preferences after login.
Would really appreciate if you could provide a complete example for this use-case.
At August 8, 2019, 11:02am, mmurphy replied:
Save/Retrieve access token in AndroidKeyStore
Despite the name, the AndroidKeyStore is not a place where you save things. It is the engine behind a javax.crypto implementation that allows you to generate cryptographic keys that can be backed by hardware security. See:
- https://developer.android.com/training/articles/keystore
- https://wares.commonsware.com/app/internal/book/Android/read/chap-keystore
How to save/retrieve api access token that we usually save in shared preferences after login.
Save it to a file on internal storage. Or, save it to SharedPreferences. That will be more than adequate security for most API key cases.
You are certainly welcome to use the javax.crypto APIs to have a hardware-backed encryption key, and use that to encrypt the API key. That will result in a byte[], which then is a better fit for an ordinary file than it is for SharedPreferences. Personally, for an API key, I would consider encryption to be overkill.