Best practices for storing Google OAuth tokens with additional scopes
🔢DB Connections
I'm implementing Google OAuth with additional scopes to access the Google Calendar API. The documentation mentions that "On initial login, you can extract the provider_token from the session and store it in a secure storage medium." I'm looking for clarity on what qualifies as a "secure storage medium" in this context.
I need to store both the access token and refresh token so I can call the Google Calendar API from an edge function. The edge function will need access to these tokens to make authenticated requests on behalf of the user.
Specifically:
Is it safe to store these tokens in a Supabase table with proper RLS policies?
Should I be using a different storage method?
Are there any additional security considerations I should be aware of when storing OAuth tokens that will be accessed by edge functions?
I want to make sure I'm following best practices for token storage and security.
Thanks for your help!
I need to store both the access token and refresh token so I can call the Google Calendar API from an edge function. The edge function will need access to these tokens to make authenticated requests on behalf of the user.
Specifically:
Is it safe to store these tokens in a Supabase table with proper RLS policies?
Should I be using a different storage method?
Are there any additional security considerations I should be aware of when storing OAuth tokens that will be accessed by edge functions?
I want to make sure I'm following best practices for token storage and security.
Thanks for your help!
