Access Token Storage

In order to make api calls on a user’s behalf while they are offline, I need to store access tokens on the server. Storing these plain text is the only way to do this, correct?

What about visitors that return to my app? Is it best to generate a new token every time they visit the backend for my site, or should I save a permanent token on the server and recall it only if the user has a session id in their cookies, while generating a new one if they do not?

Just curious how you guys are handling it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.