I’m currently integrating the auth0_flutter package into my Flutter application and I’m curious about how it handles token or session caching. Specifically, does it rely on flutter_secure_storage (or a similar mechanism) for data persistence on mobile devices, and is the caching approach different when targeting web platforms?
Hi @furkanacar
Welcome to the Auth0 Community!
For Android and iOS, the caching can be handled via flutter_secure_storage as mentioned by the Flutter Package Documentation:
A Flutter plugin to store data in secure storage:
- Keychain is used for iOS
- AES encryption is used for Android. AES secret key is encrypted with RSA and RSA key is stored in KeyStore
- With V5.0.0 we can use EncryptedSharedPreferences on Android by enabling it in the Android Options like so:
AndroidOptions _getAndroidOptions() => const AndroidOptions( encryptedSharedPreferences: true, );For more information see the example app.
libsecretis used for Linux.Note KeyStore was introduced in Android 4.3 (API level 18). The plugin wouldn’t work for earlier versions.
Otherwise, for web platforms, the management and storage of credentials is handled internally by the Auth0 SPA SDK, this also includes the refreshing of access tokens when they expires. The Flutter SDK provides an API for checking whether credentials are available, and the retrieval of those credentials.
You can read more about that here.
If you have any other questions regarding the matter, please let me know!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.