search

kathytbui / viewing_party

Starter repo for a backend module 3 project.
0 stars 1 forks source link

Do tokens go in our database #31

Closed kathytbui closed 4 years ago

kathytbui commented 4 years ago

The auth_hash returned from the OAuth handshake returns 3 tokens, do these go into out database?

With regards to the Intro to OAuth lesson we had, the token was added to the db:

rails g model User uid username token

def create
  # everything we had above, plus the following:

  user          = User.find_or_create_by(uid: data[:id])
  user.username = data[:login]
  user.uid      = data[:id]
  user.token    = access_token
  user.save
  binding.pry
end

Also, this article mentions adding the refresh token and token to the db. medium article

# ActiveRecord::Migration
def change
   add_column :users, google_token, :string
   add_column :users, google_refresh_token, :string
end

However, this article questions if it poses a security issue...should the tokens be encrypted? Should we even bother saving the token to the db as it has a time expiration on it and we are only using it to log in at the moment.

link

iandouglas commented 4 years ago

you'll want to store the token and refresh token, no need to encrypt them at this time

ajtran303 commented 4 years ago

Thanks!