Do I store openid AND oauth tokens in same table or separate tables?
For example:
openid
------
id
user_id
provider
url
oauth
-----
id
user_id
provider
token
secret
OR:
identities
----------
id
user_id
provider
token (token here is oaut开发者_如何学编程h token or openid_url)
secret (nullable)
The bottom one bothers me even though it's easier because secret is dependent upon token
Thoughts?
The two protocols are completely different, have different security properties, and should not be combined.
精彩评论