I am wondering if it is OK / Not OK to store secret (e.g. 3rd party access token) in user_metadata.
Question 2: if yes, should I encrypt it in advance or is it encrypted at rest anyway. (I am not worried about an admin seeing it in the management dashboard.)
Use-case: we are asking our users after login to authorise access to other 3rd party resources (APIs) for which the corresponding Auth provider grants us access tokens. One of the key benefits for using Auth0 is that I don’t need to worry about storing passwords safely. But now I need to go back and do that for these access tokens, so I was hoping I can use Auth0 as my safe storage for user secrets.
Thanks for any advice