In a C# app, what is the best way to store a (Twitch) User Access and ID tokens?

Question

The main concern I have is security.

I want to create an application using the Twitch API in C#. I've managed to get the OAuth page embedded into my application, and I plan on setting up a small Node.JS app on Glitch to store the client secret and handle the generation of the ID and User Access tokens.

My question is - once I've gotten the ID and User Access tokens, what is the best way to store them? I initially thought of storing them locally, but I realised that that would cause many security concerns among users, even if I encrypted the codes.

I am currently using the OIDC Authorisation Code procedure.

I need to store the tokens such that when the user restarts the application, they can be preserved and can also be used to generate refresh tokens etc.

score 0 · Answer 1 · answered Nov 28 '19 at 18:11

0

You don’t need to worry about the security of your OAuth token, because even in the original twitch application, you can recognize the token by scanning through Fiddler

So you can store your token in local data and don't worry. Hope i helped you.

answered Nov 28 '19 at 18:11

Захар Листьев

15
4

In a C# app, what is the best way to store a (Twitch) User Access and ID tokens?

1 Answers1