locked
Recommended Way to Store Oauth ClientID and Secret for Rest Services in a Xaml Metro APP RRS feed

  • Question

  • My Metro App written in C# Xaml, needs to access some web services that requires an Oauth Token.  What is the best way to store the ClientID and ClientSecret that is needed to retrieve that token in a Windows 8 Metro App. 
    Saturday, August 31, 2013 4:13 AM

All replies

  • You can use PasswordVault class.

    private const string RESOURCE_NAME = "OAuth_Token";
    
    private void SaveCredential(string ClientID, string ClientSecret)
    {
        var vault = new PasswordVault();
        var credential = new PasswordCredential(RESOURCE_NAME, ClientID, ClientSecret);
    
        // Permanently stores oauth token in the password vault.
        vault.Add(credential);
    }
    
    private void GetCredential()
    {
        string ClientID, ClientSecret;
    
        var vault = new PasswordVault();
        try
        {
            var credential = vault.FindAllByResource(RESOURCE_NAME).FirstOrDefault();
            if (credential != null)
            {
                // Retrieves the actual ClientID and ClientSecret.
                ClientID = credential.UserName;
                ClientSecret = vault.Retrieve(RESOURCE_NAME, ClientID).Password;
            }
        }
        catch (Exception)
        {
            // If no credentials have been stored with the given RESOURCE_NAME, an exception
            // is thrown.
        }
    }
    
    private void RemoveCredential(string ClientID)
    {
        var vault = new PasswordVault();
        try
        {
            // Removes the credential from the password vault.
            vault.Remove(vault.Retrieve(RESOURCE_NAME, ClientID));
        }
        catch (Exception)
        {
            // If no credentials have been stored with the given RESOURCE_NAME, an exception
            // is thrown.
        }
    }
    

    Saturday, August 31, 2013 5:28 AM
  • Thanks for the response,  there is something I don't understand however.  What mechanism would I use to store those credentials in the first place?  Would I use some other application?  In other words, your SaveCredential(string ClientID, string ClientSecret) method accepts a ClientID and ClientSecret, but where would I keep those credentials in the first place to pass to the password vault to store?

    In this case, the ClientID and ClientSecret is akin to a database connection string for my rest services.  The metro app needs it for all users to get access to different services.  Storing it in the same application in code doesn't seem to be a viable option, nor is storing it into a config file that a smart user can get to [unless perhaps if it is encrypted].

    Saturday, August 31, 2013 3:14 PM