-1

I am looking into building an iOS application and using an internally built API to access data. My API has some authentication endpoints that takes in a username and password and, if the login is successful, it spits out a JWT.

My question is, what are best practices for iOS logins such as this? I've been doing some research and have not been able to find anything that answers this particular question.

Improve this question

1 Answer 1

Reset to default
1

The JWT token should remain in memory (if each time you use your app you get a new one). Assuming the session persists between app launches, then you need to store it, the correct place for tokens / credentials is the KeyChain.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.