[ad_1]
I am creating a cell app (utilizing Flutter) which has to speak with a backend secured with OAuth.
The backend shouldn’t be accessed within the context of a consumer so authorization or password grant movement usually are not the case right here – it is shopper credentials movement.
I learn quite a few posts and opinions and I nonetheless cannot give you an answer the best way to securely inject the client_id and client_secret into the app with out hardcoding them by some means, which dangers these credentials from being found from somebody who would possibly analyze the binary.
Even options equivalent to utilizing the safe storage of the telephone nonetheless appear to require some code which itself requires the hardcoding of the values. I additionally learn that atmosphere variables are additionally not secure.
So my questions stands – how can I securely persist credentials particularly for shopper credentials OAuth movement in a cell app in order that they don’t seem to be discoverable by malicious programmers?
[ad_2]
