There are at least two kinds of token we deal with.
- access_token
- token
How access_token works in app or in Flutter framework. Now, how the access token should work and communication with the server, it’s a general idea of app building or architecture.
The above code shows that we save our access_token to local storage.
It does not depend on Fluter framework. It’s a general app building process. In general when you login first time, your server should create token, which we call access_token.
This token should be returned back to front end app or the application that relies on token. We assume we are using Flutter app, then we would take this token returned from backend and save it somewhere.
Where do we save them? In general, you should be saving them in Sharedpreferences.
So next time if you make a post request you may send the token back to server and server would authenticate the token is valid or not using server’s own authentication method. Now this validation or authentication method could defer framework to framework.
After that if you logout from your app, you should remove the token from the local storage. And then again, next time if you login, the token would be regenerated.
Access_token is a long key used for bearer token. And the other token is same as database id of a row. But row as an id is predictable. Rows are like 1, 2, 3, and the token is long string. And these tokens are randomly generated and saved and used as ids.
Since they are random my generated, hackers won’t be able to guess. These kind of tokens are also used for app to server communication to check if a user exist in the database or not.