1

I'm developing a web application that gets calendar information for multiple users. It is a communication application used in the company.

I want to be able to see today's schedule for other users.

Vue is used for the front end, and node.js is used for the server side.

Each user authenticates with OAuth of calender api. An access token is created when you authenticate.

The access token created here only has access to one user, right?

In this case, I need to store each user's access token somewhere.

Will it be stored in a database or cookie?

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
figalo66
  • 155
  • 6
  • 1
    You should store them like any OAuth token. https://stackoverflow.com/a/40376819/14779804 seems a good explanation to the pros and cons of all the options you have. – Martí Feb 23 '21 at 09:00

1 Answers1

1

Access tokens are linked to your application (client id) and the user who created it. SO an access token will only give you access to that users data.

However you should not be storing the access token as the access token will expire in an hour. YOu should request offline access and the you will be given a refresh token you can store the refresh token and then request a new access token whenever you need to access the users data when they are not online.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449