How does okta-react-native store refresh tokens

I am using the @okta/okta-react-native package. There is a requirement to use refresh tokens for faster login. The @okta/okta-react-native package provides a refreshTokens method that accepts no argument. It simply refreshes the tokens which is great. It seems like when a refresh token is available the @okta/okta-react-native stores it. However there is another requirement that the refreshToken be stored securely in the device’s encrypted keystore (TPM ISO/IEC 11889).

Does the @okta/okta-react-native package in fact store the refresh token on the device?
How and where does @okta/okta-react-native store the refresh token? Is it stored in the device’s encrypted keystore (TPM ISO/IEC 11889)?

As I can see it’s stored in SharedPreference file, as per the comment

/**
 * A implementation of {@link OktaStorage}.
 * The implementation uses SharedPreferences in private mode to save data.
 * The data will be encrypted by the library before saving.
 */

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.