Home > Software design >  How to securely have Client Id and Client Secret in Xamarin Forms?
How to securely have Client Id and Client Secret in Xamarin Forms?

Time:04-02

For OAuth 2.0 authentication, need to pass the ClientId and ClientSecret in HttpRequest. So how to securely store and pass it from Xamarin.Forms application?

Bcoz storing it in config file or hardcoded in the .cs file wouldn't be secure enough as anyone can decode/decompile the apk and get the client Id & client secret.

So what is the best approach to have it securely in Xamarin.Forms app?

CodePudding user response:

In general, you can use a key vault to store keys & other secrets. You would use your backend to decide who to give the keys to.

For authentication you would allow unauthenticated users to get your ClientSecret. Then Once they're authenticated, other keys and secrets can become available to them.

Unfortunately something needs to be public for authentication, but at least this way you can regularly change the key without updating the app.

If there is a better way I'd love to know!

https://azure.microsoft.com/en-us/services/key-vault/

CodePudding user response:

You can use Secure Storage from Essentials.

https://docs.microsoft.com/xamarin/essentials/secure-storage?context=xamarin/android&tabs=android

  • Related