When deleting the app,accessToken still exist in the keychain.

telenordigital / connect-ios-sdk

Docs 📒👉

https://telenordigital.github.io/id-docs.telenordigital.com/integrate-ios-sdk.html

Apache License 2.0

9 stars 8 forks source link

When deleting the app,accessToken still exist in the keychain. #22

Closed thihaaung6245 closed 8 years ago

thihaaung6245 commented 8 years ago

Assume I am sign in user and my accessToken is just new. I deleted the app and install again.So,Its not doing sign in process again because I still got AccessToken in the keychain.

I used Apple keychain service before means it will not delete data which are store in it when user delete the app.Only NSUserDefault delete data when the app is deleted and its not secure like keychain.

So,I solve like that,hope this help

if (NSUserDefaults.standardUserDefaults().objectForKey("FirstTime") == nil){
            NSUserDefaults.standardUserDefaults().setValue("Yes", forKey: "FirstTime")
            // Clear your keychain data here.
        }

I inserted this code at didFinishLaunchingWithOptions at AppDelegate.Any help for clearing accessToken when user delete the app?

jorunfa commented 8 years ago

I'm guessing you saw the same Stack Overflow question I did?

See the bottom answer:

There is no trigger to perform code when the app is deleted from the device. Access to the keychain is dependant on the provisioning profile that is used to sign the application. Therefore no other applications would be able to access this information in the keychain.

It does not help with you aim to remove the password in the keychain when the user deletes application from the device but it should give you some comfort that the password is not accessible (only from a re-install of the original application).

So I think you will have to do it the way you are doing now.

thihaaung6245 commented 8 years ago

Would you implement support which clear all the keychain data which was used by the app and I will use above way to clear all keychain data when user delete the app.I am requesting you because I really don't know which name of keychain data you are working with.

jorunfa commented 8 years ago

If you call oauth2Module?.revokeAccess(…) this will clear the elements in your KeyChain. The method calls self.oauth2Session.clearTokens(), and through the KeychainWrap class this clears all the tokens.

thihaaung6245 commented 8 years ago

Ok thanks for your support...

Best Regards, Telenor Myanmar - Self Care iOS Developer.