问题
I'm planning to setup a website that would access an oauth wrap framework. I was thinking of storing the access token on the client machine as it is. I do NOT want to maintain a database of temporary tokens, etc on the server.
Should I be doing do? Or should I encrypt it?
回答1:
First, why are they not using OAuth 2.0...
You can store the OAuth credentials in a cookie or better yet, in HTML5 local storage. It should be encrypted so that only the server has access to this cookie and only the server can use the token. Also, it should be a secure cookie to prevent it from leaking out. Do at least one of these two (secure, encrypt).
But keep in mind that cookies can be lost, and if they user logs into your site, it will not work from other machines.
来源:https://stackoverflow.com/questions/3349274/save-oauth-wrap-access-tokens-directly-on-client-machine-in-a-cookie