Correct way to safely store token/secret/etc from OAuth?

Posted by viatropos on Stack Overflow See other posts from Stack Overflow or by viatropos
Published on 2010-05-03T21:48:57Z Indexed on 2010/05/03 22:08 UTC
Read the original article Hit count: 270

Filed under:
|
|
|

I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now.

Now I'm wondering, what is the recommended safe way to store the responses in my local database and session?

  • What should I store?
  • Where should I store it?

This example twitter-oauth-with-rails app stores a user.id in the session, and the user table has the token and secret. But that seems like it'd be really easy to hack and get the secret by just passing in a slew of test user ids, no?

© Stack Overflow or respective owner

Related posts about oauth

Related posts about security