Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am working on an web application. Which uses oauth to authenticate from different services.
Is there any risk of securing these tokens and secret directly into database. Or should I encrypt them ?
What are the general security pattern for saving oauth token and secret
This thread answers all of your questions:
Securly Storing OpenID identifiers and OAuth tokens
Essentially, the following are dependent among themselves one or other way:
Unless the consumer key/secret are also at risk, you don’t need to encrypt the access token/secret. The access tokens can only be used in combination with the consumer key/secret which generated them.