将API凭证存储在Flutter应用程序中 [英] Storing API credentials in a flutter application

问题描述

我在我的flutter应用程序中使用googleapis服务，该服务需要一些JSON格式的凭据。将凭据存储在我的应用程序中的最佳方法是什么？

I am using googleapis services in my flutter app which requires some credentials in JSON format. What is the best way to store this credentials in my App?

能否将JSON文件保留在资产文件夹中并在主函数中读取？

Can I keep a JSON file in my asset folder and read it in my main function?

还是应该在主函数中对凭据进行硬编码？我是不熟悉开发的人。

Or should I hardcode the credentials in my main function? I'm new to flutter development.

我的代码如下所示

import 'package:googleapis/storage/v1.dart';
import 'package:googleapis_auth/auth_io.dart';

final _credentials = new ServiceAccountCredentials.fromJson(r'''
{
  "private_key_id": ...,
  "private_key": ...,
  "client_email": ...,
  "client_id": ...,
  "type": "service_account"
}
''');

const _SCOPES = const [StorageApi.DevstorageReadOnlyScope];

void main() {
  clientViaServiceAccount(_credentials, _SCOPES).then((http_client) {
    var storage = new StorageApi(http_client);
    storage.buckets.list('dart-on-cloud').then((buckets) {
      print("Received ${buckets.items.length} bucket names:");
      for (var file in buckets.items) {
        print(file.name);
      }
    });
  });
}

我应该保留以下凭据的地方：

Where I should keep the following credentials:

{
  "private_key_id": ...,
  "private_key": ...,
  "client_email": ...,
  "client_id": ...,
  "type": "service_account"
}

我不认为像上面这样的硬编码是个好主意。

I don't think hardcoding like above is a good idea.

我认为这应该可行： https://medium.com/@sokrato/storing-your-secret-keys-in-flutter-c0b9af1c0f69

谢谢。

推荐答案

要存储敏感信息（例如凭据），您应该使用iOS上的Keychain和Android下的Keystore。

For storing sensitive information like credentials you should use the Keychain unter iOS and the Keystore under Android.

有一个完美的库，叫做 flutter_secure_storage 。

There is a perfect library for that called flutter_secure_storage.

这里是使用方法：

// Create storage
final storage = new FlutterSecureStorage();

// Store password 
await storage.write(key: "password", value: "my-secret-password");

// Read value 
String myPassword = await storage.read(key: "password");

要使用它，请添加 flutter_secure_storage：3.2.1 + 1 发送给您 pubspec.yaml 并在终端中运行 flutter软件包获取。

To use it add flutter_secure_storage: 3.2.1+1 to you pubspec.yaml and run flutter packages get in a terminal.

以下是该软件包以及使用方法的更详细示例：
https://pub.dartlang.org/packages/flutter_secure_storage

Here is the package and a more detailled example on how to use it: https://pub.dartlang.org/packages/flutter_secure_storage

这篇关于将API凭证存储在Flutter应用程序中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！