I am building a hubot which integrates with Github, Trello and Jenkins using users' access tokens. Users must authenticate using oauth to receive an access token. The token i receive, i encrypt it and store it in a mongoDB. When a user asks for something, hubot must call the specific API (i.e. https://api.github.com/user/repos) using user's token. So, hubot has to retrieve user's token from mongoDB, decrypt it and use it in the request. The above procedure (about retrieving the token) goes on every time a user asks something from that API..
So what i am asking is if there is a way to avoid this procedure every time a users asks for something. Is there any way to keep them logged in? Something like express-sessions for browsers. The problem with the express-sessions is that i have to use cookies which i guess is impossible or very difficult with hubot. I was thinking about using redis brain. Is it good idea? how about the security?
thanks! -Andreas
You can cache tokens in memory in order to avoid asking database every time. The flow is: