[oAuth Connectors] oAuth_Google: security risk, storing oauth refresh token in cookie 

[oAuth Connectors] oAuth_Google: security risk, storing oauth refresh token in cookie 

  
Forge Component
(9)
Published on 2014-04-01 by André Vieira
9 votes
Published on 2014-04-01 by André Vieira
I had a look at the code for oAuth_Google

The oauth refresh token is stored in a web cookie, a more secured place to store the refresh token value is in the user session or in the database. 


Has Robert's suggestion been investigated and thus implemented??