I'm using an external API in my backend that uses oauth2 for authentication&authorization. I need to authenticate and get an access token back which will then be used for further requests to that API.
What is the best practice to store these kind of access tokens on the server side? Just in the database? Which seems weird since they expire. Is there a best practice for this?
Storing the the database seems excessive. I would store it in the environment variable instead:
process.env.ACCESS_TOKEN
but keep in mind, when your server restarts, it will be cleared.