Answer the question
In order to leave comments, you need to log in
Where to store the token of someone else's service?
Hello, in a mobile application and browser, you need to display the data of an external service through the Oauth2.0 access view.
How to store an authorized token correctly and safely:
1) on the user's device, that is, we store his token in our service and then go to someone else's service on behalf of the user
2) we store it on the device and use the mobile application or browser (we store it in the browser as a cookie)
Method 2 removes the requirement to protect the channel between our service and the external GOST service (because there is a little PD) and remove the load from servers because we don’t have traffic on the network, and even government agencies don’t implement honest GOST TLS on a mobile phone, and therefore we can score.
Answer the question
In order to leave comments, you need to log in
In practice, the 2nd method is always preferable, only the token must be stored in some kind of crypto storage.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question