[Security Flaw] Tokens saved to Database in cleartext are vulnerable to attack

[falansari]

Just like we hash and salt our users' passwords, the same treatment should be applied to the social accounts' tokens, as they have the same vulnerabilities as cleartext passwords. A sniffed out token from traffic, including an expired one, can easily give a malicious individual the user's social account's password and id.

@sevilayha I'd be happy to make a PR for this, unless you have better plans for it 😀

[chris-sev]

@fatima-alansari Good call. A PR would be great. Thank you

[falansari]

Update: Sorry for the delay, things have been too hectic with my project. Will have the time to do this next week.