Your new topic does not fit any of the above??? Check first. Then post here. Thanks.

Moderator: igrr

User avatar
By kenibark6
#88750 Hi all,

I am experimenting with an esp8266 (at the moment a wemos d1 mini, but subject to change) and Oauth2.0 flow.
What I want to do is to make an IOT device that transfers sensor data to a platform. This platform is secured and I need to traverse the Oath2.0 flow to obtain an access and refresh token.

Although this is a personal project, I would like to use this as a learning experience for if I would make this a commercial product. So I will make a captive portal, allowing users to enter their Wifi credentials to connect to their wifi network. And enter their username & password for the external system to login through Oauth2.0 flow.

So here is the question I am having: How can I securely store information such as(, but not limited to) the SSID, SSIDPassword and the refreshtoken?

Is it safe to store this in flash memory (using EEPROM), or could this information be potentially obtained when someone would get their hands on one of the units? How do commercial products tackle this?

Note that I have not yet worked with flash memory, so sorry if my question is of low quality.

Thanks!
User avatar
By giannis
#88828 Good point, I had the same thoughts and questions

I was searching the net and found this on reddit
https://www.reddit.com/r/esp8266/commen ... _firmware/

Seems like the esp8266 does not offer encryption on the flash and only the esp32 does.

https://docs.espressif.com/projects/esp ... ption.html

But again i am very new to this to have an informative opinion on the matter and i think some experience programmers should address the questions.

regards


kenibark6 wrote:Hi all,

I am experimenting with an esp8266 (at the moment a wemos d1 mini, but subject to change) and Oauth2.0 flow.
What I want to do is to make an IOT device that transfers sensor data to a platform. This platform is secured and I need to traverse the Oath2.0 flow to obtain an access and refresh token.

Although this is a personal project, I would like to use this as a learning experience for if I would make this a commercial product. So I will make a captive portal, allowing users to enter their Wifi credentials to connect to their wifi network. And enter their username & password for the external system to login through Oauth2.0 flow.

So here is the question I am having: How can I securely store information such as(, but not limited to) the SSID, SSIDPassword and the refreshtoken?

Is it safe to store this in flash memory (using EEPROM), or could this information be potentially obtained when someone would get their hands on one of the units? How do commercial products tackle this?

Note that I have not yet worked with flash memory, so sorry if my question is of low quality.

Thanks!