receiptify icon indicating copy to clipboard operation
receiptify copied to clipboard

Published 20 hours ago verified publisher icon michellexliu

Unsafe Spotify access token and refresh token storage

Open sidsurakanti opened this issue 11 months ago • 4 comments

Storing the Spotify access and refresh token is really unsafe. It should be safer to store it on cookies using a JWT or something of that sort. It's a really easy fix too. I can work on this if needed!

sidsurakanti avatar Mar 03 '24 06:03 sidsurakanti

Storing the Spotify access and refresh token is really unsafe. It should be safer to store it on cookies using a JWT or something of that sort.

You say that storing the tokens is unsafe. Then you propose another way to store "it". Are you suggesting to store something else, or are you arguing that a particular way of storing the tokens is unsafe?

mpfaff avatar Jul 25 '24 21:07 mpfaff

You say that storing the tokens is unsafe. Then you propose another way to store "it". Are you suggesting to store something else, or are you arguing that a particular way of storing the tokens is unsafe?

sorry, i meant to say that storing the tokens in the URL is an unsafe way to go about Spotify Oauth

sidsurakanti avatar Jul 25 '24 21:07 sidsurakanti

Ah, that is rather unsafe.

mpfaff avatar Jul 25 '24 21:07 mpfaff

thanks. this is the best receipt generator, i use it every day https://spotifyreceiptify.com/ 3iu17e66wgfa1

receiptify1 avatar Aug 07 '24 01:08 receiptify1