at_client_flutter
The Flutter layer on top of at_client. Adds
pre-built onboarding / authentication dialogs, device-keychain storage
for atKeys, and Flutter-specific extensions — so a new Flutter app can
go from "user has an atSign" to "authenticated AtClient in hand" with
a few widget calls.
Supports mobile, desktop, web, and IoT targets via Flutter.
What's in the box
| Capability | API |
|---|---|
| Select atSign + root domain | AtSignSelectionDialog.show(context) |
| Onboard a new atSign (CRAM) | RegistrarCramDialog.show(...) then CramDialog.show(...) |
Authenticate via .atKeys file |
AtKeysFileDialog.show(...) then PkamDialog.show(...) |
| Authenticate via device keychain | KeychainStorage() + PkamDialog.show(...) |
| Enroll a new device via APKAM | ApkamActivationDialog.show(...) (request side) / ApkamDialog.show(...) (approve side) |
| Keychain read / write / delete | KeychainStorage (lib/src/keychain/keychain_storage.dart) |
| Flutter helpers on core types | import 'package:at_client_flutter/extensions.dart'; |
Examples
The authoritative, end-to-end walkthroughs live in this package's example app. Read these rather than copying snippets from here:
example/lib/walkthrough.dart— all four authentication / onboarding flows (CRAM onboarding, atKeys-file login, keychain login, APKAM enrollment) with the post-authAtClientinitialization. If you only read one file, read this one.example/lib/apkam_example.dart— the approve/deny side of APKAM (e.g. a "manager" device approving a new phone's enrollment request).example/lib/main.dart— minimal host app wiring the two flows above into navigation.
For a full Flutter app using at_client_flutter in anger, see
../at_client_flutter/examples/todos/
— a shared-todos app that combines onboarding, auth, and the
AtCollection<T> API from at_client.
Post-authentication initialization
Every auth flow ends the same way: create an AtClientPreference, then
call AtClientManager.setCurrentAtSign(...) with the atChops and
atLookUp from the returned AuthResponse. The details (chosen
storage directory, namespace, enrollment id) are all in
example/lib/walkthrough.dart in the
_setupAtClient(...) function.
Keychain storage
KeychainStorage wraps the device keychain (iOS / Android / macOS /
Windows via biometric_storage) and stores atKeys and enrollment data.
The PKAM / APKAM dialogs accept a KeychainAtKeysIo instance as a
backup target so successful logins automatically populate the keychain
for next time.
Windows apps additionally need:
dependencies:
biometric_storage: ^4.1.3
Direct usage is rare, but when you need it:
final keychainStorage = KeychainStorage();
AtKeys? alice = await keychainStorage.getAtsign('@alice');
List<String> stored = await keychainStorage.getAllAtsigns();
await keychainStorage.appendAtKeysToKeychain(atKeys);
await keychainStorage.removeAtsignFromKeychain('@alice');
Exporting atKeys
End users must back up their master atKeys (see at_auth's lifecycle writeup). The keychain → file export:
final atSign = AtClientManager.getInstance().atClient.getCurrentAtSign()!;
final atKeys = await KeychainStorage().getAtsign(atSign);
if (atKeys == null) throw Exception('No keys found for $atSign');
final atKeysIo = FileAtKeysIo(
filePath: (_) => '/path/to/${atSign}_key.atKeys',
);
atKeysIo.write(atSign, atKeys);
Where to go next
at_client— the SDK whoseAtClientyou end up with after authenticationat_auth— detailed writeup of the atSign provisioning / onboarding / APKAM lifecycle, platform-neutralat_commons—AtKey,Metadata, and friends
Open source usage and contributions
BSD3-licensed. See CONTRIBUTING.md for
guidance on setting up tools, running tests, and raising a PR.