I'm using the node version of the google api client. i.e.: google-api-nodejs-client.
As part of this I'm setting up oauth-flow (the 'google webserver' flow to be exact.)
As part of authentication this consists of doing calls like:
var oauth2Client = new OAuth2Client(CLIENT_ID, CLIENT_SECRET, REDIRECT_URL);
and
oauth2Client.setCredentials(userSpecificTokens)
Obviously, the first call is app-specific, whereas the second call is user-specific.
What is considered good practice in this case? either:
oauth2Client and cache/save tokens per user and inject them using oauth2Client.setCredentials(userSpecificTokens) on each and every request. This essentially creates a new oauth2Client per request.oauthClient per user including oauth2Client.setCredentials(userSpecificTokens) already applied which is created when needed and cached afterwards.