I'm having some trouble configuring my flutter web application when it comes to storing JWT tokens safely. I'm trying to use flutter_secure_storage package by creating an instance of the storage with GetIt:
abstract class SecureStorageService { Future<void> saveToken(String token); Future<String?> getToken(); Future<void> deleteToken();}class SecureStorageServiceImpl implements SecureStorageService { final FlutterSecureStorage secureStorage = const FlutterSecureStorage(); @override Future<void> saveToken(String token) async { await secureStorage.write(key: 'access_token', value: token); } @override Future<String?> getToken() async { return await secureStorage.read(key: 'access_token'); } @override Future<void> deleteToken() async { await secureStorage.delete(key: 'access_token'); }}And then using it like this:
// Saving the tokenfinal token = response.data['access_token'];await sl<SecureStorageService>().saveToken(token);When the code reaches this line where it needs to save the token I get the following error:
[log] Unsupported operation: Platform._operatingSystemI've read in the documentation that I should use have "HTTP Strict Forward Secrecy enabled and the proper headers applied to your responses".
Does this error is related to the fact that I'm not using HTTPS for communication between my services, or not enabling HSTS just makes my app not secure but the storage should work?
Also, if HTTPS is recommended or necessary, can you share some guides or tutorials on how to easily implement this for Flutter and FastAPI?
Thank you.
When the code reaches the line to save the token I get the exception described above. I am getting the correct token:
Data: {access_token: eyJhbGciOiJIUzI1NiIsInR5cC<...>, token_type: bearer}