Hello,
Some questions I have about the user tokens that are received when a user authorizes an app:
1. Can those be treated like one-time passwords?
2. Are they tied to my app only? if someone gets hold of a user's token, can he do as he wishes?
2. Do they expire at any time without user intervention?
3. What's a safe way to store them in a database? To enable features like continuous sync. Do I need to encrypt them anyhow?