I would highly recommend you research security and storage of public/private keys for encryption. Design of your security system is outside the scope of this forum. 
I just wanted to provide a reminder that you are responsible for anything that happens with a user’s OAuth tokens, passwords, etc. See the Keys section of the Developer Agreement.
-D