I'm planning to setup a website that would access an oauth wrap framework. I was thinking of storing the access token on the client machine as it is. I do NOT want to maintain a database of temporary tokens, etc on the server.
Should I be doing do? Or should开发者_运维问答 I encrypt it?
First, why are they not using OAuth 2.0...
You can store the OAuth credentials in a cookie or better yet, in HTML5 local storage. It should be encrypted so that only the server has access to this cookie and only the server can use the token. Also, it should be a secure cookie to prevent it from leaking out. Do at least one of these two (secure, encrypt).
But keep in mind that cookies can be lost, and if they user logs into your site, it will not work from other machines.
精彩评论