Search code examples
c++oauth-2.0native

How to securely store api credentials in a native appliaction in a cross-platform manner


I have a program that interacts with an api using the oauth2 flow. In order not to bother the user every time the program is launched to enter their login and password. I want to store the refresh token somewhere securely in a cross-platform manner. Is this the right approach?. What is the best way to do that in c++?

This topic seems to be discussed a lot but only from the perspective of websites, where they can use cookies to store the refresh token.


Solution

  • Each operating system has its own secure storage with distinct APIs. On desktop operating systems you can use these APIs:

    • macOS keychain
    • Windows credential manager
    • Linux libsecret

    And on mobile these APIs provide per application storage:

    • iOS keychain
    • Android shared preferences or DataStore

    These libraries show the type of approach you can use: