[Security Flaw] Tokens saved to Database in cleartext are vulnerable to attackΒ #55
Description
Just like we hash and salt our users' passwords, the same treatment should be applied to the social accounts' tokens, as they have the same vulnerabilities as cleartext passwords. A sniffed out token from traffic, including an expired one, can easily give a malicious individual the user's social account's password and id.
@sevilayha I'd be happy to make a PR for this, unless you have better plans for it π