OAuth tokens should never be stored as plain text. Encrypt access and refresh tokens at rest and restrict token access to the publishing service.

Recommended workflow

Refresh tokens before access expiry and show account health states such as connected, warning, expired, and disconnected.

Protect OAuth callbacks with session state values, CSRF checks, strict redirect URLs, and clear reconnect flows.

Measure and improve

Log every token refresh, API error, disconnect action, and publishing failure so administrators can diagnose issues without exposing secret values.

Use MegaToolBox to operationalize this.Import assets, generate AI metadata, score quality, schedule jobs, and publish through cron-compatible queue automation.