I am using flutter_secure_storage to store a JWT for authentication right now, but since I'm using provider as state management, my question is if it would be safe to save the JWT in a provider as well. Or is that less secure than retrieving it from secure storage every time I make a request to the server?
Provider (and the recommended new Riverpod) store items within the memoryspace of the app, and will be alive only as long as the app. However, apps are sometimes killed by the OS, so you can trap that and persist the value in SharedPreferences if you need it after the app goes away.