Persistent OAuth Tokens in Mobile Apps | Salesforce Developers Blog

If you’ve used Chatter on the iPhone, you might have noticed that you only need to authenticate the first time you run the app; from then on it will automatically reconnect to your account on each startup. What’s happening is that the Chatter app is using OAuth 2.0 to obtain both a short-lived session token for API access and a long-lived refresh token (see Digging Deeper into OAuth 2.0 on for an explanation of OAuth and its various token types), storing the latter securely in the iOS Keychain. I recently added the same functionality to my sample PhoneGap app, leveraging the PhoneGap Keychain plugin.

I’m planning to cover the sample app in more depth in the near future, but here’s a quick video showing the new functionality in action. As always, the source is in GitHub.

Stay up to date with the latest news from the Salesforce Developers Blog