Open ChristianMaidhof opened 1 month ago
Thanks for the pull request, we'll work on reviewing it and let you know if we have any comments/questions. Since caching OAuth tokens has security implications, we'll want to do a more thorough review.
Can you let us know your use case for reusing the tokens in another plugin?
We have an API that is secured with OAuth2. Therefore, we need the access and refresh tokens to obtain the relevant information. I thought I would share the change with you, as we have already made it.
If you decide that it does not fit into your strategy, I won't be upset if you choose not to merge it. Maybe you can add a checkbox in the settings for this feature if needed.
Now, the Access Token and Refresh Token are stored in the database. After login, the tokens are encrypted using the login key of the WordPress system and stored as usermeta in the database as “encrypted_token”. Before logout, the corresponding entry is removed from the metadata. The token can then be used by other plugins, e.g., for calling APIs.