juliansteenbakker / flutter_secure_storage

A Flutter plugin to store data in secure storage
https://pub.dartlang.org/packages/flutter_secure_storage
BSD 3-Clause "New" or "Revised" License
1.13k stars 387 forks source link

An error occurs on write when the item already exists, when it should just be replaced #785

Open mattbodley opened 2 months ago

mattbodley commented 2 months ago

We are facing an issue of:

PlatformException(Unexpected security result code, Code: -25299, Message: The specified item already exists in the keychain., -25299, null)

Which is strange because it should just be updated as normal. It works fine in tests and manual tests but I just found this in crashlytics for iOS.

This occurs via:

 await _storage.write(
          key: LocalSecureStorageBase.itemKey, value: itemValue);

Settings are:

    IOSOptions getIOSOptions() =>
        const IOSOptions(accessibility: KeychainAccessibility.first_unlock_this_device);
    _storage = FlutterSecureStorage(
        aOptions: getAndroidOptions(), iOptions: getIOSOptions());

It is strange as it is just on iOS (for the moment) and there doesn't seem to be any other reports of this happening.

We are using flutter_secure_storage version 9.2.2

jerrypaulsam commented 2 months ago

Same here

rokk4 commented 2 months ago

We are also observing this in our sentry.

acacioveit commented 2 months ago

same here, any workaround for now?

acike commented 1 month ago

same here

acike commented 1 month ago

I found a workaround:

For example, if you store data using different options:

  1. static const _storage2 = FlutterSecureStorage();
  2. static const _storage = FlutterSecureStorage(iOptions: IOSOptions(accessibility: KeychainAccessibility.unlocked_this_device));

If you initially store data with _storage2, you need to call deleteAll on _storage2 before you can write to another storage instance like _storage.

need someone to help me clarify this when writing data with different options I'm still confused because it seems that both storages use the same location (so you cannot write the existing key even if _storage is initialized first) . However, when I try to read from both in the next execution, I find that _storage2 has no data left after calling deleteAll, while _storage still retains its data as expected. This makes me think that the storages are not actually in the same location. So the question is I need to know when store data using different options will be stored at the same location or not?

azack commented 1 month ago

It looks like there was a lot of important related discussion in issue #711, and #751 was merged to fix this issue. Can we get a new release that includes that fix, @juliansteenbakker ?

anisalibegic commented 2 weeks ago

Is there any update on this topic @juliansteenbakker?