问题描述

我有一个ReactNative应用程序(仅针对iOS发布)，该应用程序使用 ExpoSecureStore 可以从iOS钥匙串中读取和读取值.

I have a ReactNative app (only published for iOS) which uses ExpoSecureStore to put and read values from iOS Keychain.

我正在过渡到Flutter，我需要以保持用户登录状态，即从以前安装的RN版本的应用程序中获取身份验证令牌.

I am transitioning to Flutter and I need to keep the users logged in, i.e. to get their auth tokens from the previously installed RN version of the app.

所以，这就是我的工作:

So, here is what I do:

1. 我从App Store安装RN应用，
2. 登录(令牌通过ExpoSecureStore保存)
3. 安装我的Flutter应用
4. 尝试访问钥匙串-找不到任何内容！
5. 从App Store重新安装RN应用，
6. 打开应用程序时，用户已登录！

因此，我的Flutter安装程序不会删除令牌，但无法访问令牌.

So, my Flutter installation doesn't delete the tokens, but it can't access them.

这是 ReactNative的最新版本在AppstoreConnect上的外观:

Here is what ReactNative's latest build looks like on AppstoreConnect:

以下是我们的 Flutter 版本的信息:

Here is the same info for our Flutter build:

我尝试将Flutter的XCode项目中的钥匙串组设置为各种值:TEAM_ID.*，TEAM_ID.，TEAM_ID，*，TEAM_ID.com.my_real_app_id等.但是没有任何帮助

I tried setting the keychain group in Flutter's XCode project to all kinds of values: TEAM_ID.*, TEAM_ID., TEAM_ID, *, TEAM_ID.com.my_real_app_id etc.. but nothing helped

==============原始问题还在继续===============

============== original question continues ================

我正在使用FlutterSecureStoragePlugin(链接到.m文件)以访问钥匙串"值.

I am using the FlutterSecureStoragePlugin (link to the .m file) to access the Keychain values.

这是EXSecureStore.m文件的链接- GitHub上的EXSecureStore.m .

• Flutter应用程序具有相同的捆绑软件ID，因此这不是问题.

• The Flutter app has the same bundle ID, so that should not be the problem.

我已经更改了其源代码，以便使用相同的钥匙串服务(kSecAttrService)，该服务默认为"app".

I've changed its source code so that I use the same keychain service (kSecAttrService), which defaults to "app".

此外，我已经复制并改编了用于从ExpoSecureStore.m到FlutterSecureStoragePlugin.m读取钥匙串值的代码，但仍然没有运气.

Also, I've copied and adapted the code for reading the Keychain values from ExpoSecureStore.m to FlutterSecureStoragePlugin.m but still no luck..

RN和Flutter库将字符串向下传递到本机iOS的方式是否会有所不同?我想钥匙串访问肯定有一些未知的事情，因此非常欢迎您提供帮助！

Could there be any difference in the way RN and Flutter libraries pass strings down to native iOS? I guess there must be something going on with the Keychain access that I don't know, so any help is very welcome!

谢谢您的阅读！

推荐答案

我终于解决了博览会安全存储访问问题！

I have finally solved the expo secure store access issue!

最重要的是，您要设置相同的keychain access group，相同的kSecAttrService(钥匙串服务)，当然还要设置要访问的项的密钥.

The most important things are that you set up the same keychain access group, same kSecAttrService (keychain service) and, of course, the key of the item you want to access.

这是先决条件:

• ，您必须将keychain access group设置为与react native的版本相同的值，即 TEAM_ID.* .这可以通过以下两个选项之一来实现:

• you must set the keychain access group to the same value as in the react native's build, which is TEAM_ID.*. This can be achieved by one of the two options:

• 将钥匙串共享" 功能设置为 * ，如以下屏幕截图所示，或
• 打开权利文件(project_dir/ios/Runner/Runner.entitlements)，然后将$(AppIdentifierPrefix)* 或项TEAM_ID.*添加到keychain access groups数组中.请注意，如果要添加第一项，则在*之前没有.，因为在构建之前，将AppIdentifierPrefix转换为TEAM_ID.. 链接到keychain-access-groups权利上的苹果文档.

• setting the Keychain Sharing capability to *, as shown on the screenshot below, or
• open the entitlements file (project_dir/ios/Runner/Runner.entitlements) and add the item $(AppIdentifierPrefix)* or item TEAM_ID.* to the keychain access groups array. Notice that if You are adding the first item, there is no . before the *, since AppIdentifierPrefix is converted into TEAM_ID. before the build. Link to the apple docs on the keychain-access-groups entitlement.

如果您开发的应用具有相同的捆绑软件ID (即它是对现有ReactNatvie/Expo应用的更新)，则访问钥匙串项目应该没有任何问题(当然，当您执行所有其他先决条件时). 此外，如果该应用具有相同的钥匙串共享组(在本例中为TEAM_ID.*)，它也应该能够访问钥匙串项.请注意，将钥匙串访问组设置为TEAM_ID.*意味着只有同一开发人员(团队)开发的应用程序才能访问RN应用程序的钥匙串项目.

If the app you are developing has the same bundle ID (i.e. it's an update to the existing ReactNatvie/Expo app), you should not have any problems with accessing the keychain items (when you do all the other preconditions, of course). Also, if the app has the same keychain sharing group, in this case TEAM_ID.*, it should also be able to access the keychain items. Notice that having the keychain access group set to TEAM_ID.* means that only apps developed by same developer (team) can access the RN app's keychain items.

您必须更改Flutter的库(或本机iOS)源代码，以使其使用与Expo相同的钥匙串服务(kSecAttrService).对于Expo，如果您没有在SecureStore选项中传递keychainService参数，则要编写(或获取)的项目的kSecAttrService属性将为 app .您可以看到自己 此处，位于GitHub上expo本机库的源代码(链接).我做了一个flutter库的分支，将来会提出一个pull请求，但是您也可以将插件的默认钥匙串服务也更改为 app .如 the插件在GitHub上的源代码(链接).

you must change the Flutter's library (or the native iOS) source code so that it uses the same keychain service (kSecAttrService) as Expo. For Expo, if You don't pass the keychainService param in the SecureStore options, the kSecAttrService attribute of the item you want to write (or get) will be app. You can see that yourself here, on the expo native library's source code on GitHub (link). I made a fork of the flutter library and I will make a pull request sometime in the future, but you can just change plugin's default keychain service to app as well. It currently defaults to flutter_secure_storage_service, as seen in the plugin's source code on GitHub (link).

最棘手的部分-我在上述所有步骤中都对此表示怀疑-是为我想要的钥匙串项目设置正确的钥匙(kSecAttrAccount).帮助我的是使用Flutter插件的readAll方法(链接到readAll在GitHub上的本地源代码).它向我显示了钥匙串项目实际上在那儿，但是钥匙与ReactNative应用程序所使用的钥匙不同.正如我通过调试发现的那样(在文档中没有任何地方！！！)， expo用户名和expo项目的名称被添加在用于密钥的字符串之前**！因此，如果您在ReactNative应用中使用密钥accessToken保存令牌，则令牌将以 @expousername/project-name-accessToken 的形式保存到钥匙串中！它在文档中无处不在，我也不知道它是如何发生的，因为我已经查看了源代码

the trickiest part - because of which I doubted in all of the above steps - is setting the correct key (kSecAttrAccount) for the keychain item I wanted to get. What helped me was to use the Flutter plugin's readAll method (link to the native source code of readAll on GitHub). It showed me that the keychain items were actually there, but that the keys were different than the ones ReactNative app was using. As I've found out by debugging (it's nowhere in the docs!!!), the expo username and expo project's name are added **before the string used for the key**! So, if in the ReactNative app you save a token with key accessToken, it will be saved to the Keychain as @expousername/project-name-accessToken! It's nowhere in the docs, and I don't know how it happens, because I've looked through the source code

在我的问题中，我说我已经将Objective-C代码从expo的库复制到Flutter的插件，但这不是必需的.

In my question, I said that I've copied the Objective-C code from expo's library to Flutter's plugin, but that wasn't necessary.

这篇关于从Flutter应用[iOS]访问ExpoSecureStore存储的钥匙串值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！