nazrinharris
commented
10 months ago Best way I could find is to store the secret in a separate file (excluded from version control) and storing it in flutter_secure_storage, reading from that file. But most people simply suggested to store the key in the backend.
I'm honestly still unsure on how to proceed with this. But I think I'll simply use unsigned JWTs, since I was previously planning to generate a random string using uuid anyways.
I'm gonna need to sign the JWT with a secret key to generate a JWT. The solution that I'm thinking of right now is to store the secret in a text file, then the app will read it from there. But I won't be pushing this key to github.
I should also note that this key is ONLY for local accounts. In the future when I implement my own backend, the user will be able to convert to a remote account (which still allows them to use the app offline). I don't expect to allow a conversion of remote account to local account.