Best Practise for storing login data on android device for later reuse?

RainaldSuchan · ‎02-02-2017

In my android app the user has to login with a Named User from Portal for ArcGIS. When the user has logged in once, he shoudn't need to log in any more, when he reuses the app later. So I am looking for a best practise to store the login data somehow on the devise and read it later from the app to use it with the portal. So the user doesn't have to login again when he reuses the app.

Is there a recommended way for this approach?

RainaldSuchan · ‎02-03-2017

Collector for ArcGIS for example has such a functionality. If I already used the Collector app and open it again, I don't have to login again. So the app somehow remenbers my login.
Does anybody know how this is done and how this could be implemented in an own app?

MichaelDavis3 · ‎02-06-2017

I believe you are looking for UserCredentials

RainaldSuchan · ‎02-07-2017

Thanks for your reply. I'm already using the UserCredentials class in the app to access the content of the portal.

In the description of the class I find the hint: "If you wish to store and reuse UserCredentials, the best way of doing this is by serializing them to disk. This should be done to a secure location, and should use some form of encryption if possible."

So I guess the recommendation is to serialize the UserCredentials object to a Byte array, encrypt this byte array and save that to the device.

What would be the best way to encrypt the credentials and to handle encryption keys to avoid security issues?

And what's the best way to store the data to the device? Would you recommend to use the SharedPreferences for that or something else?