I am developing a web application using FastAPI that integrates with Google OAuth for user authentication. The application allows users to log in with their Google accounts and access Google Classroom data. I need to store OAuth tokens (access token and refresh token) securely and efficiently. I am considering using PostgreSQL, MongoDB, or Redis for this purpose.

Requirements:

• Security: Tokens must be stored securely to prevent unauthorized access.
• Performance: The system should handle frequent read/write operations efficiently.
• Scalability: The solution should be able to scale with increasing numbers of users.
• Reliability: The system should ensure data integrity and availability.

Hybrid Approach:

I am considering using a hybrid approach that combines the strengths of Redis and PostgreSQL:

1. Redis for Short-Term Storage:

• Store access tokens and other transient data with an expiration time.
• Allows for quick access and reduces the load on the primary database.

2.PostgreSQL for Long-Term Storage:

• Store refresh tokens and long-term data in PostgreSQL.
• Ensures data is backed up and can be queried for audit logs or other administrative purposes.

This approach provides a balance between performance and reliability, leveraging Redis for its speed and PostgreSQL for its robust data integrity and persistence.

Question:

Given these requirements and considerations, what would be the best practice for storing OAuth tokens in a web application? Is the hybrid approach of using Redis for short-term storage and PostgreSQL for long-term storage a good solution? Are there other factors or alternatives I should consider?

I would appreciate any insights or recommendations based on your experience with similar projects.

I’m still thinking, I haven’t tried it yet.