Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where should I store access token

Tags:

node.js

botframework

facebook-messenger

I am currently working on a chatbot for Facebook Messenger. I am working with the Microsoft bot framework and the code is written in node.js.

I am interacting with a database through an api. With every request I have to pass an access token inside the request header. I have read on the internet that you would usually store such a token inside a cookie or web storage. However I also found out that you can't do that on Facebook Messenger. I was thinking about storing the access token inside a variable, but my concern is that this might not be secure. Is there any other secure way to store the access token?

I am fairly new to node.js and it is my first time working with tokens. Help is much appreciated.

like image 541
Ricardo Woedl Avatar asked Oct 17 '22 13:10

Ricardo Woedl

2 Answers

You can use session.userData to hold your database token. If you are concerned about it being secure, then encrypted it before saving.

session.userData.dbtoken = encryptToken(token);

The token can later be retrieved and used when you need it:

var token = decryptToken(session.userData.dbtoken);
var databaseData = getUserDataFromDatabase(token);

https://docs.botframework.com/en-us/core-concepts/userdata/

Or, use a local database like NeDB: https://github.com/louischatriot/nedb This would be the most secure option, since the database would reside on your server.

like image 185
Eric Dahlvang Avatar answered Oct 21 '22 04:10

Eric Dahlvang

I would suggest using express-session. for the following reasons. Create a session middleware with the given options.

Note Session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.

Note Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.

Warning The default server-side session storage, MemoryStore, is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.

like image 45
Remario Avatar answered Oct 21 '22 05:10

Remario
Sign in to Comment

Related questions

How can we clone a git repository in node_modules when we do npm install?
How to do client side load balancing for discovered microservices in nodejs
Run sequelize model hooks when seeding
How to display all users database (mongodb) details on .ejs file
Mocha tests cases not waiting before to complete
Why does my url contains "!" when using angular?
Mongoose (or similar ODM) in-memory record registry?
What is a good way to keep a small amount of state between Heroku deployments?
Webpack @font-face relative path issue
PhantomJS on AWS Lambda Always Timeout
Can't shutdown app engine version. Keeps billing
Mockgoose is downloading 234mb when running mockgoose.prepareStorage
Get function parameter length including default params
How does npm handle lock files
Npm package include images in CSS
Sequelize.js: How to query N:M relation
Sitemap is not a constructor while using react-router-sitemap
Mongoose Promise error
Bot framework V4 Nodejs chat history logging
VS Code Unverified Breakpoints

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!