I am new to development in the MEAN stack and to Google's OAuth2.0, so please forgive my ignorance.
My web app requires a user to sign up using Google's Oauth2.0 to provide the app access to one of the Google APIs.
I'm looking for a way to store multiple tokens, either locally or on a db.
As per the documentation here, Google recommends that both the access and refresh tokens should be stored in "secure, long-lived location that is accessible between different invocations of your application."
On the other hand, the locally run quickstart simply stores the tokens on the user's device (in the TOKEN_DIR at the TOKEN_PATH). When deploying the application to an online environment, how would the tokens be stored for multiple users?
Are there any best practices around storing and retrieving access tokens at scale? For e.g. would storing the tokens in a mongodb collection with the rest of my app data be a good practice? In which case, how could I access the user's email id during the auth process, to map it to the token in my collection?
Thank you in advance!
