How should one manage authentication?

Question

Created Jun ’15

Replies 3

Boosts 0

Participants 2

Our parent application handles the user login, however we are wondering how we should transfer this data over to the WatchKit extension. To clarify, we have a REST API which serves as a primary interface to retrieve all the user data, however to access this API we requires to use an access token. The problem is, how should the WatchKit retrieve this token which should be kept secret (which is acquired at user authentication in the parent app. and saved in the Key Chain). I assume that any method using the Bluetooth/wi-fi to transfer data (such as openParentApplication:Reply method) would be unsafe as anyone with a packet tracer could easily see the data.

Keychain sharing seem like it would not work as I assume in WatchOS2 the iOS and WatchOS file system are seperate.

Boost

Answer 1

Dovico Software OP

Jun ’15

Accepted Answer

After searching for a while in the iOS security guide white paper, it seems the BlueTooth and Wi-Fi transmissions between the WatchKit and the iPhone are encrypted. This should solve most issues

source: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

0

Answer 2

ema78 OP

Jun ’15

Hi,

I am interested in this as well. How did you manage to solve the problem? Could you please post an example of passing the token or how to use the openParentApplication method you mentioned to authenticate the WatchKit Extension?

Thanks a lot.

0

Answer 3

rp1230 OP

Jul ’15

Yes, I would like to know how/if you actually solved this issue. I have been told several time in these forums by Apple staff that you can't share the keychain in WahtchOS 2.0 and the keychain access groups wont work either. I have not found a clear answer as to what the solution might be. Any inshight would be much appreciated. Thanks!

0