stackoom
  简体   繁体   中英

How to store each users Access- and Refresh Token (oAuth2) using Node js

 原文  2022-08-31 07:15:37       javascript/ node.js/ express/ oauth-2.0/ access-token

Question

I'm building a browser based web application that uses a Node server (with express) and integrates with a third-party api using oAuth 2.0. My application does not have any authorization of its own and solely uses the authentication of the third-party software (the application is essentially an extension of this software). I've understood that I should store the Access Token and Refresh Token on the server for security, but how can i remember each user and use their correct Token across multiple api calls from the user to the server? What is the best and most secure way?

1 answers

solution1
 0  2022-08-31 07:43:17

There are many solutions to this particular problem:

  1. Storing the tokens in the regular database which you use for storing other data :
    PROs and CONs:
    A. Easy way to do as you don't have to install other DB
    B. You need not study other databases and implementation logic
    C. More CRUD load on the same database where your actual data is stored.
    D. Crashing at one side ( because of any reasons like CRUD operation load.. etc ) may cause a complete system down.

  2. Storing the tokens in a separate database server which you aren't using for storing any data:
    PROs and CONs:
    A. You have to install and monitor a separate Database server for this particular task.
    B. You may have to read and study about this database to install and implement it in your application.
    C. CRUD operation - load of this database doesn't impact your actual/main database. D. Crashing of one database doesn't impact another database.

These are some main implementation types and still, there are much many for example: creating a separate database in the same database-server for authentication, Storing all the tokens in both the databases and use only auth database ( secondary one for authentication ) for fetching user's tokens etc.

What I prefer is...

  1. Having the main database for storing all application-related data.
  2. Creating a caching database ( like Redis.. ) to store tokens.
    In this way, I access the tokens in an easy and quick way ( caching databases are much faster ) and I can easily flush whenever needed either through code or through expiration time.

Hope this helps you today...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using google oauth2 node library, can't get new access token with refresh token How do I refresh discord Oauth2 access token using refresh token? OAuth2 Refresh Token. How to store it on client-side How to send OAuth2 access token on page refresh? Node JS requesting token using oauth2 not working How to securely store the Access-Token of a Discord(OAuth2) User? How to get one access token/refresh token for indefinite use (oauth2 - Spotify API) How to get access token and refresh token after user login and consent in Google OAuth2? How to use refresh token in Nuxt auth module (oauth2) with keycloak when access token expired How does node/nest.js send the access token passed from the front end to ourself Oauth2 authentication server and verify it
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM