import 'package:flutter_secure_storage/flutter_secure_storage.dart'; /// Keychain access group shared between the Runner and the (Phase 3) iOS /// Notification Service Extension so the NSE can read the RSA private key, /// the server public key and the Nextcloud app password to decrypt pushes /// while the app is not running. /// /// The value reuses the existing app-group id already present in the iOS /// project (`ios/Runner/Runner.entitlements`). Phase 3 must additionally list /// it under `keychain-access-groups` for both the Runner and the NSE target. /// On Android `groupId` is ignored, so this is a no-op there. const String kPushKeychainGroup = 'group.eu.mhsl.marianum.mobile.client.widget'; /// [IOSOptions] used for every push-related secure-storage entry. Uses /// `first_unlock` accessibility so the NSE can read the key material after the /// first device unlock following a reboot (the NSE may run while locked). const IOSOptions kPushIosOptions = IOSOptions( groupId: kPushKeychainGroup, accessibility: KeychainAccessibility.first_unlock, ); /// Shared secure storage instance for all push key material and registration /// bookkeeping. Kept separate from [AccountData]'s default storage because the /// entries here are group-scoped for NSE access. const FlutterSecureStorage pushSecureStorage = FlutterSecureStorage( iOptions: kPushIosOptions, );