but if someone with bad intentions found them what could they do? I store the refresh_token in a session but it is the only one, the secret_client is stored in a php scipt.
but if someone with bad intentions found them what could they do? I store the refresh_token in a session but it is the only one, the secret_client is stored in a php scipt.