I'm building the authentication with openid-oauth2. I managed to gather access_token, identity_token from auth server. I want to store those values and use those values in each api call. I have several options as I searched.
I can use secure storage package which can hash the access_token and I can read that value to perform api call.
I can use Inherited Widget. Create a inherited widget on top of my application and read from the inherited widget.
Of course the 2., 3. and 4. options are not secure. However, I don't know whether store those values securely is necessary.
What is the best practice in flutter to store those values?
I'd suggest your first choice flutter_secure_storage which I already use to store token. Its perfect choice for the use case.
A Flutter plugin to store data in secure storage:
Keychain is used for iOS
AES encryption is used for Android. AES secret key is encrypted with RSA and RSA key is stored in KeyStore