Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Feb 21, 2024

Manage credentials

The Amplify Auth category persists authentication-related information to make it available to other Amplify categories and to your application.

Amplify Flutter securely manages credentials and user identity information. You do not need to store, refresh, or delete credentials yourself. Amplify Flutter stores auth data on the device using platform capabilities such as Keychain Services on iOS and macOS and EncryptedSharedPreferences on Android.

Amplify will refresh the Access Token and ID Token as long as the Refresh Token is valid. Once the Refresh token expires, the user will need to reauthenticate to obtain a new one.

Some platform specific option can be customized with the out of the box options. In the example below, credentials will be stored in-memory on Web instead of the default behavior of using browser storage.

await Amplify.addPlugin(
secureStorageFactory: AmplifySecureStorage.factoryFrom(
webOptions: WebSecureStorageOptions(
persistenceOption: WebPersistenceOption.inMemory,

If you would like further customization, you can provide your own factory for creating SecureStorageInterface instances to AmplifyAuthCognito. The example below shows the use of a custom implementation that stores data in-memory on all platforms.

await Amplify.addPlugin(
class InMemoryStorage implements SecureStorageInterface {
/// The scope of the item being stored.
/// This can be used as a namespace for stored items.
final AmplifySecureStorageScope scope;
static final Map<String, String> _data = {};
void write({required String key, required String value}) {
_data['${}.$key'] = value;
String? read({required String key}) {
return _data['${}.$key'];
void delete({required String key}) {