IsolatedStorageFile vs Android Shared Preferences and iOS equivalent for storing OAUTH tokens

Looking at recommended practices it's recommended to store OAUTH tokens in the Android Shared Preferences.... I was reading up on ways to do cross platform storage and came across IsolatedStorageFile.GetUserStoreForApplication()

Reviewing the post here

It appears that GetUserStoreForApplication is sandboxed so it seems like that would be ok to use but I'm just trying to vet this and understand the differences with using GetUserStoreForApplication vs device specific recommendations

I'm also thinking that I might be asking the wrong question when it comes to this :-) And it's more about how you store it then it is where... And to just put it wherever and focus more on encrypting


  • adamkempadamkemp USInsider, Developer Group Leader mod

    If you want to store data securely on iOS then you should just use the keychain, which can store small pieces of data in addition to passwords and certificates. On Android I don't think you can't store data in the keychain, but you can store an encryption key and use that to encrypt the data that you store in your sandbox.

  • ShaneNeuvilleShaneNeuville USUniversity ✭✭

    Perfect :-) thank you for the good info

  • adamkempadamkemp USInsider, Developer Group Leader mod

    I just remembered there is also a component that does authentication and credential storage for you: Xamarin.Auth. This blog post describes how to use it in Xamarin.Forms.

  • ShaneNeuvilleShaneNeuville USUniversity ✭✭
    edited January 2015

    Hey lookie there :-)

    "The library is cross-platform, so once you learn it on iOS, you're all set on Android."

    Why I gotta start with iOS? :neutral_face:

    I'm not sure if that'll work in my scenario as I'm using Bearer tokens generated from my server and not a 3rd party credential provider... So the login mechanism is all in app and not the website flow. But it's a good thing to know about

    It's also good to have the source for that code to reference to see how they store the tokens...

    I had also found this sample for interacting with the KeyChain I was working through

  • adamkempadamkemp USInsider, Developer Group Leader mod

    I think you might be able to use credential storage part of Xamarin.Auth without using the OAuth part. You can either put your own password/key in the CookieContainer or in the dictionary of extra data ("properties"). Look at the Account class and this Getting Started page.

  • ShaneNeuvilleShaneNeuville USUniversity ✭✭

    Yea this seems to work well :-)

        Xamarin.Auth.Account accounts = AccountStore.Create (Context).FindAccountsForService ("MyApplication")
                        .Where(x=> x.Username == "RandomUserName")
                        .FirstOrDefault ();
                    if (accounts == null)
                        accounts = new Xamarin.Auth.Account ("RandomUserName");
                    accounts.Properties [key] = value;
                    AccountStore.Create (Context).Save (accounts, "MyApplication");
Sign In or Register to comment.