How to secure secret key in ionic angular app


#1

Hi, I’m new to Ionic and Angular, we are using oAuth to access our application services and passing in client secret key part of every call. I would like to secure the client secret key in the angular or read from external storage. Any suggestions?


#2

You can use localStorage to save data, which is what I’ve done to store user specific tokens in my apps. The localStorage values persist even after the app closes and is reopened, making it an ideal place to store small amounts of data. If you need to store lots of data, you probably want to use the filesystem through Cordova.


#3

Yes, this is a perfect solution especially because the local storage is so safe for keeping secret data …

anushareddyak, have some links:

http://www.nczonline.net/blog/2010/04/13/towards-more-secure-client-side-data-storage/


#4

Thank you for reply, but my situation is not how to store the token, we are already storing oAuth token in localStorage in angular. There is client secret key associated to oAuth model of authentication, and we invoke oAuth URL from angular passing the secret key, but I want to secure that secret key in some external storage and then bundle with mobile app.


#5

You can’t securely store anything in your app bundle file (apk, ipa) or even on the phone itself. Someone with the right knowledge could find it by dissecting your app.

A client secret is meant to be kept on a server, not in the browser. To be truly secure, you’ll need to reconsider how you are leveraging oAuth and probably have a server to handle the authentication since it can store a secret key safely.