NoobDeveloper
Reputation: 1887
Responsibility to store tokens in OAuth 2.0
If I am building a library in .NET based on, say FB or Google API, we get an access token (short lived) and a refresh token (long lived).
As a developer who wishes to build such a library, whose responsibility is it to store those tokens?
The client library developer or
The application consuming my library
Upvotes: 2
Views: 404
Answers (1)
Mark S.
Reputation: 4019
I would assume the application consuming your library, since the client library doesn't know how the application wants to store the tokens. I've had tokens stored in databases. I've had them retrievable only by web service. I even had some hardcoded for a test application I worked on.
Upvotes: 2
Related Questions
- Do we need to store access token both on client and server side?
- Store owin oauth bearer token
- OAuth 2.0 token based Authentication Question on storing token values
- OAuth-server, storing user tokens
- Understanding storage of OAuth token
- Where to store access tokens?
- some difficulties in OAuth 2: Should I save authorization code or just access token?
- Where should I store the access token from OAuth2 in a MVC application?
- OAuth: what information should I store in tokens
- asp.net MVC/WEB API - How to store authorization token