I’m currently working on an application that takes an API Access token from user input, and then uses a proxy server to authenticate and attach the correct headers. I’ve been trying to figure out the best way to do this without compromising people’s sensitive data using JSON Web Tokens, and after talking with a colleague this is what we came up with: https://imgur.com/sANGEw9
My main concern with this data flow is storing everyone’s user data and access tokens in a database. Is that even ethical? Is there another way to store that sensitive data locally without it being vulnerable, so I don’t have to keep a database full of sensitive data?