I'm implementing a login auth in my app. For now I'm using an IOC interface which stores my email and password in the device storage (It uses the SharedPreferences in Android and the NSUserDefault class in iOS). When I go to the login screen I must put my email and my password, then I send that data to the server API. The server response is an authentication token, set in the request "Set-Cookie" header. I must set this auth token in every request that I make to the server API. The token expires after certain amount of time, value which comes also in the request header. Basically everything is working OK now, but the issue is that as we know, saving sensitive data like the user email and password in the SharedPreferences/NSUserDefaults is not a good idea. So I was wondering if I can achieve this using Xamarin.Auth. AFAIK Xamarin.Auth only works with identity providers such as Facebook, Google, OAuth, etc.
Is this possible? Can I user Xamarin.Auth to securely save this values?
This should definitely work, take a look at the GitHub repository of Xamarin.Auth.
The "getting started" page states that you can easily extend/customize Xamarin.Auth to work with your endpoint:
Xamarin.Auth includes OAuth 1.0 and OAuth 2.0 authenticators, providing support for thousands of popular services. For services that use traditional username/password authentication, you can roll your own authenticator by deriving from FormAuthenticator.
If you want to authenticate against an ostensibly unsupported service, fear not – Xamarin.Auth is extensible! It's very easy to create your own authenticators – just derive from any of the existing authenticators and start overriding methods.