Should Google OAuth 2.0 access token be stored in appdata, or stored using LsaStorePrivateData for login caching

Where would the best place be to store a Google OAuth 2.0 access token on Windows for login caching? Would it be appropriate to store the access token in %APPDATA%, or should LsaStorePrivateData(), and LsaRetrievePrivateData() be used in a plugin (Storing Private Data)? The general procedure for the app is listed below.

  1. Get access token from google using googleapis_auth (Installed/Console Application)
  2. Send google access token to server for verification that the access token is valid and from an authorized user
  3. If the user is authorized, save the access token to disk, and user performs tasks in the application. While the app is running, the access token is refreshed, and saved to disk when refreshed
  4. The user exits the application, but doesn't logout
  5. When the app is re-opened, the access token is loaded from disk and sent to the server for authentication and verification, repeat step 3

Note that the verification of the access token confirms that the access token isn't expired.

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum