How to secure provider_token, provider_refresh_token when using google oauth?
Hi,
I am using react-router (remix) with supabase-ssr for auth, with google oauth. Following the guidelines at https://supabase.com/docs/guides/auth/social-login/auth-google?queryGroups=framework&framework=remix, I found that the access and refresh tokens from google are getting stored in the cookie, which I presume can be risky.
Any suggestions on how to handle this? I would also be needing token rotation, invalidation, etc., any pointers on the same will also be very helpful!
Thanks in advance!
I am using react-router (remix) with supabase-ssr for auth, with google oauth. Following the guidelines at https://supabase.com/docs/guides/auth/social-login/auth-google?queryGroups=framework&framework=remix, I found that the access and refresh tokens from google are getting stored in the cookie, which I presume can be risky.
Any suggestions on how to handle this? I would also be needing token rotation, invalidation, etc., any pointers on the same will also be very helpful!
Thanks in advance!
Use Sign in with Google on the web, in native apps or with Chrome extensions
