Live Auth Info Stored Unencrypted

liveservices / LiveSDK-for-iOS

LiveSDK library for integrating with Live Connect

MIT License

138 stars 84 forks source link

Live Auth Info Stored Unencrypted #73

Open karimatiyeh opened 9 years ago

karimatiyeh commented 9 years ago

The Live authentication stores the client credentials unencrypted on the filesystem inside the app container at Library/LiveService_auth.plist. The offending code is in LiveAuthStorage.m.

Logging out of a Live account leaves your Live app client id on disk in the same location.

This code should be modified to store these credentials in the Keychain.

cc @wooster

aclev commented 9 years ago

Hi @karimatiyeh We are aware of this issue and are getting ready to release a new SDK that targets our new API. The new SDK stores the authentication credentials in the keychain and not in a file.