Unsafe Spotify access token and refresh token storage

michellexliu / receiptify

502 stars 53 forks source link

Unsafe Spotify access token and refresh token storage #21

Open sidsurakanti opened 8 months ago

sidsurakanti commented 8 months ago

Storing the Spotify access and refresh token is really unsafe. It should be safer to store it on cookies using a JWT or something of that sort. It's a really easy fix too. I can work on this if needed!

mpfaff commented 3 months ago

Storing the Spotify access and refresh token is really unsafe. It should be safer to store it on cookies using a JWT or something of that sort.

You say that storing the tokens is unsafe. Then you propose another way to store "it". Are you suggesting to store something else, or are you arguing that a particular way of storing the tokens is unsafe?

sidsurakanti commented 3 months ago

You say that storing the tokens is unsafe. Then you propose another way to store "it". Are you suggesting to store something else, or are you arguing that a particular way of storing the tokens is unsafe?

sorry, i meant to say that storing the tokens in the URL is an unsafe way to go about Spotify Oauth

mpfaff commented 3 months ago

Ah, that is rather unsafe.

receiptify1 commented 3 months ago

thanks. this is the best receipt generator, i use it every day https://spotifyreceiptify.com/ 3iu17e66wgfa1