john
Reputation: 35400
Do I store openid AND oauth tokens in same table or separate tables?
For example:
openid
------
id
user_id
provider
url
oauth
-----
id
user_id
provider
token
secret
OR:
identities
----------
id
user_id
provider
token (token here is oauth token or openid_url)
secret (nullable)
The bottom one bothers me even though it's easier because secret is dependent upon token
Thoughts?
Upvotes: 0
Views: 271
Answers (1)
Eran Hammer
Reputation: 7216
The two protocols are completely different, have different security properties, and should not be combined.
Upvotes: 2
Related Questions
- How should I store OAuth with my own authentication system?
- OIDC Access Token - Where to store?
- Securly Storing OpenID identifiers and OAuth tokens
- Recommended database structure for OAuth Provider
- any best practices for storing and accessing oAuth access_token?
- What tables is needed to store OAuth server data (not client)
- Best practice for developing site with openId - user table?
- OAuth Tokens: What can I link up to a user table?
- best practice for storing oauth AND local authentication methods?
- Storing OpenID information in database