Timeline for Where should I store OAuth2 access tokens?
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 7, 2021 at 7:59 | history | edited | CommunityBot | replaced https://tools.ietf.org/html/rfc with https://www.rfc-editor.org/rfc/rfc | |
| Apr 7, 2018 at 5:10 | comment | added | Rodrigo Murillo | Long lived, automated or scheduled access to an API provider would need a way to store and retrieve tokens for programatic access to the API. Using reasonable and prudent security practices, this is a secure and valid setup for this type of use case. | |
| Aug 25, 2017 at 17:01 | comment | added | Alexis Wilke | Interestingly enough, Bearer Tokens issued by PayPal last 8 hours... | |
| Sep 11, 2016 at 20:55 | comment | added | Steve Sether | @AlikElzin-kilaka That's a bit of a judgement call. Adding an encryption layer has an added cost associated with it in terms of development time, and maintenance. It'd likely only really protect against a compromise of the database. If you think the database is at higher risk for a compromise than other parts of the system, then it might be worth the added cost. YMMV. | |
| Sep 11, 2016 at 7:07 | comment | added | AlikElzin-kilaka | @steve-sether Even though short lived, would you still save them encrypted in the DB? | |
| Feb 13, 2016 at 0:39 | comment | added | Chloe | The tokens are issued by the 3rd party. There is no control over how long they are valid. | |
| Feb 11, 2016 at 20:01 | history | answered | Steve Sether | CC BY-SA 3.0 |