I’m building Messenger Platform bot for students of our university.
It manages students’ study agenda which means it makes REST API requests and it also needs student’s login for some actions.
I have no idea how to do following things right.
- Make student enter his login credentials (I assume I should not do that in conversation thread – So, in some kind of web view API which Messenger Platform offers?)
- Permanently login him, so next time student doesn’t have to reenter his password, until he logs out (Web service API offers only 60minutes token, so only thing that comes on my mind is storing his password somewhere, which obviously sounds not really good)
- Where to store login and password which is needed for REST API request auth, I should NOT be able to read students’ passwords, but on the other hand, I need to have them available on my server somehow
- Locally? Not possible for Messenger Bot I think
- On my server’s database? Still need to have raw passwords in order to make auth requests
Thanks for your advices!