I would highly recommend you use the keychain - it's exactly what Facebook do for storing their session tokens.

我强烈建议你使用钥匙串——这正是 Facebook 用来存储他们的会话令牌的方法。

NSUserDefaultsis not secure or encrypted - it can be easily opened and read, both on device and when synced to a Mac. So whilst user defaults is a good place for things like preferences and config info, it's not a good place for anything sensitive, like passwords.

NSUserDefaults不安全或不加密 - 无论是在设备上还是同步到 Mac 时，都可以轻松打开和阅读。因此，虽然用户默认值是首选项和配置信息等内容的好地方，但它不是任何敏感内容的好地方，例如密码。

Session tokens should almost always treated the same as passwords, so you should store them securely in the keychain, where they'll be encrypted. Apple have some sample code (GenericKeychain) that shows a basic implementation, and you'll find other examples by searching StackOverflow. Hope that's helped you out.

会话令牌几乎总是与密码一样对待，因此您应该将它们安全地存储在钥匙串中，并在那里加密。Apple 有一些示例代码 ( GenericKeychain) 显示了基本实现，您可以通过搜索 StackOverflow 找到其他示例。希望对你有所帮助。

NSUserDefaults can be used without any problems (for tokens!). Please check documentation https://developer.apple.com/documentation/security/keychain_services

NSUserDefaults 可以毫无问题地使用（对于令牌！）。请检查文档https://developer.apple.com/documentation/security/keychain_services

Keychain Services are invented to “secrets” that the user explicitly cares about, i.e. passwords, private keys or even secure notes, i.e. clear credentials. But access tokens are temporary hashes generated after user entered password and have limited time. And even if stolen, the malefactor cannot completely stole the account - the owner can login on another device and previous access token will be reset. So, formally there is no forbiddance to store access tokens in UserDefaults.

钥匙串服务被发明为用户明确关心的“秘密”，即密码、私钥或什至安全笔记，即清晰的凭证。但是访问令牌是用户输入密码后生成的临时哈希，时间有限。即使被盗，犯罪者也不能完全盗取帐户 - 所有者可以在另一台设备上登录，之前的访问令牌将被重置。因此，从形式上讲，没有禁止在 UserDefaults 中存储访问令牌。

The data from UserDefaults can be stolen only if the device is stolen itself, but I think the security level of the content is much lower than the physical device itself. I think user would not worry about the token in that case, but about the device.

UserDefaults 的数据只有在设备本身被盗的情况下才能被盗，但我认为内容的安全级别远低于物理设备本身。我认为在这种情况下用户不会担心令牌，而是担心设备。

However, it's a good practice to store it in Keychain, but it's just an excessive (!) usage of security and usually recommended by random users in the Internet and it's not required by Apple. There is no documentation by Apple there they say that tokens must be stored in Keychain (if you can find one, then please comment one below).

但是，将它存储在 Keychain 中是一个很好的做法，但这只是对安全性的过度（！）使用，通常由 Internet 上的随机用户推荐，Apple 不要求这样做。Apple 没有提供任何文档，他们说令牌必须存储在钥匙串中（如果你能找到一个，请在下面评论一个）。

So, the answer is - you can use both. However, if you app is operating with content that costs a lot in contrast to stolen iPhone, then it's better to use Keychain, but it's just a recommendation.

所以，答案是 - 您可以同时使用两者。但是，如果您的应用使用的内容与被盗 iPhone 相比成本更高，那么最好使用 Keychain，但这只是一个建议。

All sensitive data should be stored in the keychain. UserDefaultsis for small pieces of data like user preferences.

所有敏感数据都应存储在钥匙串中。 UserDefaults用于小块数据，如用户偏好。