iOS Login Recommendation

Looking for a recommendation on how to implement user login (Simple Authentication) in a iOS app. They way I have it right now is anytime a user successfully logins I set UserDefaults.standard.set( **true** , forKey: "isLoggedIn") and if the users relaunches the app in any subsequent time a ViewController checks the isLoggedIn flag, if true it bypasses the LoginViewController otherwise the users must login to proceed. The issue I’m running with this approach is if the user does not use the app for some time the token expires and user is unable to interact with the particle device. What is the right way to implement user login in na iOS app? Should I save the username/password to keychain and use that to re-login the user every time in the background?

@Raimis hope you can provide some insight on this. Thanks!

Hi,

I think this is discouraged and looked at as bad practice. It's a security risk you may not want to take.

One way out is to do the following:

1. when the user starts the app, the app sends an API query to Particle (you can call getDevices if you want)
2. if the result of that request is 401 unauth, you ask the user to re-login (since credentials may have expired)
3. if the request succeeds, you are in business and life goes on, proceed with the app flow

Hope it helps
Gustavo.

Thanks @gusgonnet I’ll give this a try.

As far as using the keychain location to store passwords I have read that it is an encrypted location designed to store sensitive data but I’m not an iOS expert so you might be right.