Is it safe to use Provider to store a JWT during a session in Flutter?

Issue

I am using flutter_secure_storage to store a JWT for authentication right now, but since I’m using provider as state management, my question is if it would be safe to save the JWT in a provider as well. Or is that less secure than retrieving it from secure storage every time I make a request to the server?

Solution

Provider (and the recommended new Riverpod) store items within the memoryspace of the app, and will be alive only as long as the app. However, apps are sometimes killed by the OS, so you can trap that and persist the value in SharedPreferences if you need it after the app goes away.

Answered By – Randal Schwartz

Answer Checked By – Jay B. (FlutterFixes Admin)

Leave a Reply

Your email address will not be published.