Safest way to keep users logged in?

Hello! This is my first project using the API and I’ve been using the amazingly handy php wrapper from which has made the basics extremely simple to set up. I have a project connecting to twitch via a button and then reporting the subscription details to check if the user is subbed to a specific channel.

Now my only concern is how to safely keep the user details (such as oauth token) stored securely to allow users to come back to the page as many times as they want and not require them to hit the connect with twitch button again. I have never done much work with APIs that use oauth before, is there a standard for the storage of these types of details?

Thank you for any help you can provide on this matter.

Encryption. SSL? Do you host the website? You could make your own SSL version.

Fearless, read up on MySQL databases.
You can store the user’s oauth in a database with encryption such as md5.

Then when they return to the page, you can consult the database for their oauth token and then re-authenticate automatically.

The extent of the safety of OAuth token storage depends on how you plan on using the tokens.

Checking a user’s subscription to a channel only requires the oauth token while the client is performing a request, so the safest approach is, at login, to encrypt the oauth token (with AES, for example), and store it in the client’s cookies, then decrypt it when it is necessary.

This approach does not require user oauth tokens to be stored on the server (which is great if evil forces break into your database), and for checking if the user is logged in you can maintain session tokens, storing them in addition to the encrypted oauth tokens in the client’s cookies at login.

The downside to this approach is with it you cannot access oauth tokens of clients aside from the one performing the request, however.