Question #264MediumFlutter BasicsImportant

how to securely store the access token , refresh token or any key in android , ios device ?

#android#ios

Answer

Secure Token Storage

Storing access tokens securely is critical for app security.

Android Secure Storage

dart
import 'package:flutter_secure_storage/flutter_secure_storage.dart';

final _storage = FlutterSecureStorage();

// Write token
Future<void> saveToken(String token) async {
  await _storage.write(key: 'access_token', value: token);
}

// Read token
Future<String?> getToken() async {
  return await _storage.read(key: 'access_token');
}

// Delete token
Future<void> deleteToken() async {
  await _storage.delete(key: 'access_token');
}

iOS Secure Storage

iOS Keychain (same API as Android)

dart
// Same code works on iOS
// Uses iOS Keychain under the hood
await _storage.write(key: 'refresh_token', value: refreshToken);

Best Practices

  • Never store tokens in SharedPreferences (not encrypted)
  • Use FlutterSecureStorage (encrypted)
  • Implement token refresh logic
  • Clear tokens on logout
  • Use HTTPS only
  • Implement certificate pinning
dart
// Token refresh example
Future<String> getValidToken() async {
  String? token = await _storage.read(key: 'access_token');
  
  if (_isTokenExpired(token)) {
    token = await _refreshToken();
    await _storage.write(key: 'access_token', value: token!);
  }
  
  return token!;
}

Never: Store passwords, only tokens.

Previous
What are all the common design patterns used in flutter projects ?
Next
How flutter secure storage plugin stores the key in both android and iOS ?

Related Questions

#1

Data types in flutter or dart

Easy
#2

Diff btw final & const

Medium
#3

Diff btw var vs dynamic

Medium
#5

Oops concept

Medium
#6

Lifecycle of stateful widget and explain everything

Medium