spin off new package for token management

[wibeasley]

@RaymondBalise, @nutterb & others, depending on the recommendations of the token committee, it may make sense to pull out the security functions into a separate package with few dependencies. tidyREDCap, redcapAPI, and REDCapR could use this package as a dependency.

I'm thinking mostly about functions related to token retrieval (eg, REDCapR's existing functions) and anything else approved by the committee.

[eveyp]

I'm curious if you'd considered using the keyring package for local token storage. It's an interface to the OS's built-in credential store.

It looks like a relatively simple way to boost the security of local storage for users who can't set up the DB option, but I was wondering if you'd thought of it and ruled it out already.

Thanks, and, btw really appreciate the package!!

[llrs]

Hi, any update on this?

Just my 2cents: I don't think there is a need for a new package.
In other packages to handle connection to an API the required data is stored in an internal environment of the package for its usage during an R session.
So the user only needs to read them once for a given session.
To create it, credentials might be provided via keyring, askpass or other similar methods.