N
Nuxt5mo ago
Atsu

Session and Tokens best practices - nuxt-auth-utils

I'm looking for advice on securely storing user credentials when using Discord as an OAuth provider. I need to check if a user is part of certain Discord servers to validate their access to some APIs. I'm not sure how to securely store the Discord tokens for this purpose. I know they shouldn't be stored in a session, but I'm considering using a KV database. I'm just looking for the best way to handle this. Any suggestions or pointers in the right direction would be really helpful. Thanks!
4 Replies
peako
peako5mo ago
wdym by "stored in a session"? Like stored in browser sessionStorage?
Atsu
AtsuOP5mo ago
nuxt-auth-utils provides sealed cookies sessions composables: https://github.com/atinux/nuxt-auth-utils?tab=readme-ov-file#server-utils
GitHub
GitHub - atinux/nuxt-auth-utils: Minimal Auth module for Nuxt 3.
Minimal Auth module for Nuxt 3. Contribute to atinux/nuxt-auth-utils development by creating an account on GitHub.
Atsu
AtsuOP5mo ago
I'm just not really sure what the workflow is with refresh tokens and so on
dmarr
dmarr5mo ago
GitHub
Is session refresh implemented? · Issue #91 · atinux/nuxt-auth-utils
I saw the "offline_access" scope being used for the OAuth0 provider but no reference to refresh tokens in the codebase. Are refresh tokens implemented/utilized? Or is the session from the...
Want results from more Discord servers?
Add your server