'How to securely have Client Id and Client Secret in Xamarin Forms?
For OAuth 2.0 authentication, need to pass the ClientId and ClientSecret in HttpRequest. So how to securely store and pass it from Xamarin.Forms application?
Bcoz storing it in config file or hardcoded in the .cs file wouldn't be secure enough as anyone can decode/decompile the apk and get the client Id & client secret.
So what is the best approach to have it securely in Xamarin.Forms app?
Solution 1:[1]
In general, you can use a key vault to store keys & other secrets. You would use your backend to decide who to give the keys to.
For authentication you would allow unauthenticated users to get your ClientSecret. Then Once they're authenticated, other keys and secrets can become available to them.
Unfortunately something needs to be public for authentication, but at least this way you can regularly change the key without updating the app.
If there is a better way I'd love to know!
Solution 2:[2]
You can use Secure Storage from Essentials.
https://docs.microsoft.com/xamarin/essentials/secure-storage?context=xamarin%2Fandroid&tabs=android
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Yon |
| Solution 2 | piotruspan |