将API凭证存储在Flutter应用程序中 [英] Storing API credentials in a flutter application
问题描述
我在我的flutter应用程序中使用googleapis服务,该服务需要一些JSON格式的凭据。将凭据存储在我的应用程序中的最佳方法是什么?
I am using googleapis services in my flutter app which requires some credentials in JSON format. What is the best way to store this credentials in my App?
能否将JSON文件保留在资产文件夹中并在主函数中读取?
Can I keep a JSON file in my asset folder and read it in my main function?
还是应该在主函数中对凭据进行硬编码?我是不熟悉开发的人。
Or should I hardcode the credentials in my main function? I'm new to flutter development.
我的代码如下所示
import 'package:googleapis/storage/v1.dart';
import 'package:googleapis_auth/auth_io.dart';
final _credentials = new ServiceAccountCredentials.fromJson(r'''
{
"private_key_id": ...,
"private_key": ...,
"client_email": ...,
"client_id": ...,
"type": "service_account"
}
''');
const _SCOPES = const [StorageApi.DevstorageReadOnlyScope];
void main() {
clientViaServiceAccount(_credentials, _SCOPES).then((http_client) {
var storage = new StorageApi(http_client);
storage.buckets.list('dart-on-cloud').then((buckets) {
print("Received ${buckets.items.length} bucket names:");
for (var file in buckets.items) {
print(file.name);
}
});
});
}
我应该保留以下凭据的地方:
Where I should keep the following credentials:
{
"private_key_id": ...,
"private_key": ...,
"client_email": ...,
"client_id": ...,
"type": "service_account"
}
我不认为像上面这样的硬编码是个好主意。
I don't think hardcoding like above is a good idea.
我认为这应该可行: https://medium.com/@sokrato/storing-your-secret-keys-in-flutter-c0b9af1c0f69
谢谢。
推荐答案
要存储敏感信息(例如凭据),您应该使用iOS上的Keychain和Android下的Keystore。
For storing sensitive information like credentials you should use the Keychain unter iOS and the Keystore under Android.
有一个完美的库,叫做 flutter_secure_storage
。
There is a perfect library for that called flutter_secure_storage
.
这里是使用方法:
// Create storage
final storage = new FlutterSecureStorage();
// Store password
await storage.write(key: "password", value: "my-secret-password");
// Read value
String myPassword = await storage.read(key: "password");
要使用它,请添加 flutter_secure_storage:3.2.1 + 1
发送给您 pubspec.yaml
并在终端中运行 flutter软件包获取
。
To use it add flutter_secure_storage: 3.2.1+1
to you pubspec.yaml
and run flutter packages get
in a terminal.
以下是该软件包以及使用方法的更详细示例:
https://pub.dartlang.org/packages/flutter_secure_storage
Here is the package and a more detailled example on how to use it: https://pub.dartlang.org/packages/flutter_secure_storage
这篇关于将API凭证存储在Flutter应用程序中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!