GithubHelp home page GithubHelp logo

Comments (9)

jasonjoh avatar jasonjoh commented on June 16, 2024

Yes, you can store the token in just about any way you want. The key thing is to make sure it's a secure storage.

from outlook-dev-docs.

huchenhai avatar huchenhai commented on June 16, 2024

Hi, could you please explain what the data table looks like? Should have separate table to store state, nonce and token ?

from outlook-dev-docs.

jasonjoh avatar jasonjoh commented on June 16, 2024

There's no real required data format here. What I would do is store only the refresh token (not the access token ) and the user's unique ID from their ID token in long-term storage. That way you can always look up the user's refresh token and use that to obtain a fresh access token.

Access tokens are only valid for an hour so I wouldn't bother storing them in a database (and since they're usable to get at customer data, it's better to avoid storing them anyway!). I'd look at maybe keeping those in some sort of dynamic cache on your backend, again mapped to the user's ID.

State and nonce are throw-away values that aren't valid past their single use, so don't store those long-term either.

from outlook-dev-docs.

huchenhai avatar huchenhai commented on June 16, 2024

from outlook-dev-docs.

hshoushari avatar hshoushari commented on June 16, 2024

hello, i am trying to fetch user emails from outlook to my spring project,
in my case the user is already authenticated and authorized by active directory, and the outlook account is Microsoft exchange account, and i need to fetch the user email without passing credentials because the user is already authenticated.

Kindly advice.

from outlook-dev-docs.

shivasurya avatar shivasurya commented on June 16, 2024

Do you have any advice on securely storing the refresh token in database/storage like encryption specification/types @jasonjoh

from outlook-dev-docs.

jasonjoh avatar jasonjoh commented on June 16, 2024

Nothing specific. I would secure it like any other sensitive customer data. The Azure folks might have more specific guidance if you asked on Stack Overflow with the azure-authentication tag.

from outlook-dev-docs.

huchenhai avatar huchenhai commented on June 16, 2024

from outlook-dev-docs.

shivasurya avatar shivasurya commented on June 16, 2024

Thank you @huchenhai , it would be better to encrypt and store.

from outlook-dev-docs.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.