Security model: log in to third-party site with user's credentials

Question

I develop a service (Service) which automates certain actions that users can do on another third-party site (3rd Party Site).

My service provides the following funct

Answer 1

Your question seems to ask specifically about how to "securely store" the credential information, so let me address that narrow aspect of the question first.

Securely Storing the Credential Information

The only information to store is the cookie, which is obtained in clear text form, and needs to be used in the future in a clear text form. This leaves you with no option but to use a 2-way encryption, using a certain "secret". To make the scheme secure, you just need to secure your "secret", preferably by embedding it in a compile executable module (e.g., using a compiled language like Java). This way even after an attacker gains access to your entire machine, he/she cannot decode the cookie, except to run your program and use the decoded cookie using the logic built into your compiled program.

Overall Architectural Consideration

If the question is about an overall architecture though, without OAuth or some types of token support, your mechanism is not going to be reliable. Because the "Service" would expire the cookie, and you'll need to constantly use the cookie to visit the service, and convince the "Service" to never expire your session (hence the cookie). Even if you do this, hour or days later, or when the "Service" restarts, your cookie will cease to be valid, and your access will be denied.