M
M
Medvedev_Denis2019-05-26 22:43:55
OAuth
Medvedev_Denis, 2019-05-26 22:43:55

How and where can you store an OAuth token?

Service "A" (chat bot) is being implemented with the help of which users can receive notifications about updates on service "B".
Notifications are received by requests from service "A" to service "B". To make requests, you need an access token, which is obtained using OAuth. Authorization occurs once and in the future, users do not interact with the service "A", but only receive notifications from it.
Tell me, please, how can I safely store the access token?
Thanks in advance!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Robur, 2019-05-27
@Medvedev_Denis

In a safe place in the service "A". More precisely, only you can tell where you have it. You have some kind of base - for example, store it there.
Tokens have a limited lifetime, so the requirements for them are simpler.
In order not to be too afraid that the database will be hacked, you need to set a short lifetime of the token and revoke the refresh_token if something happens. The details depend on how you implement it all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question