Consider encrypting access tokens in the token cache.

[benvanderlinde]

Hello,
Thankyou for sharing your libaries with the community.
We currently use your Duende.AccessTokenManagement for managing access to OAuth2 protected APIs. It's very nice and simple to use!

It would be great if the Access Tokens could be encrypted when saved to cache, perhaps using the IDataProtectionProvider).

I have been able to find a workaround by injecting a custom IDistributedCache implementation into the DistributedClientCredentialsTokenCache which is a wrapper which encrypts/decrypts values as they are stored/retrieve using IDataProtector.

It might be better for future maintainability, if this could be included as a feature of the library perhaps exposed as a configurable option?

[RolandGuijt]

Thanks for the suggestion and for posting a possible solution. If this feature is something more users of the library would like to have it will be put on the backlog.
I encourage everyone reading this to upvote this discussion so we can gauge interest.