Best practices for storing Google OAuth tokens with additional scopes
I'm implementing Google OAuth with additional scopes to access the Google Calendar API. The documentation mentions that "On initial login, you can extract the provider_token from the session and store it in a secure storage medium." I'm looking for clarity on what qualifies as a "secure storage medium" in this context.
I need to store both the access token and refresh token so I can call the Google Calendar API from an edge function. The edge function will need access to these tokens to make authenticated requests on behalf of the user.
Specifically:
Is it safe to store these tokens in a Supabase table with proper RLS policies?
Should I be using a different storage method?
Are there any additional security considerations I should be aware of when storing OAuth tokens that will be accessed by edge functions?
I want to make sure I'm following best practices for token storage and security.
Thanks for your help!
I need to store both the access token and refresh token so I can call the Google Calendar API from an edge function. The edge function will need access to these tokens to make authenticated requests on behalf of the user.
Specifically:
Is it safe to store these tokens in a Supabase table with proper RLS policies?
Should I be using a different storage method?
Are there any additional security considerations I should be aware of when storing OAuth tokens that will be accessed by edge functions?
I want to make sure I'm following best practices for token storage and security.
Thanks for your help!
