N
Nuxt4w ago
Atsu

Session and Tokens best practices - nuxt-auth-utils

I'm looking for advice on securely storing user credentials when using Discord as an OAuth provider. I need to check if a user is part of certain Discord servers to validate their access to some APIs. I'm not sure how to securely store the Discord tokens for this purpose. I know they shouldn't be stored in a session, but I'm considering using a KV database. I'm just looking for the best way to handle this. Any suggestions or pointers in the right direction would be really helpful. Thanks!
4 Replies
peako
peako4w ago
wdym by "stored in a session"? Like stored in browser sessionStorage?
Atsu
Atsu4w ago
nuxt-auth-utils provides sealed cookies sessions composables: https://github.com/atinux/nuxt-auth-utils?tab=readme-ov-file#server-utils
GitHub
GitHub - atinux/nuxt-auth-utils: Minimal Auth module for Nuxt 3.
Minimal Auth module for Nuxt 3. Contribute to atinux/nuxt-auth-utils development by creating an account on GitHub.
Atsu
Atsu4w ago
I'm just not really sure what the workflow is with refresh tokens and so on
dmarr
dmarr4w ago
https://github.com/atinux/nuxt-auth-utils/issues/91
GitHub
Is session refresh implemented? · Issue #91 · atinux/nuxt-auth-utils
I saw the "offline_access" scope being used for the OAuth0 provider but no reference to refresh tokens in the codebase. Are refresh tokens implemented/utilized? Or is the session from the...
Want results from more Discord servers?
Add your server