diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php
index 8ef984f1e81..7de4e146595 100644
--- a/htdocs/admin/oauthlogintokens.php
+++ b/htdocs/admin/oauthlogintokens.php
@@ -280,7 +280,7 @@ if ($mode == 'setup' && $user->admin) {
 		print "</tr>\n";
 
 		print '<tr class="oddeven">';
-		print '<td'.($key['required'] ? ' class="required"' : '').'>';
+		print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
 		//var_dump($key);
 		print $langs->trans("OAuthIDSecret").'</td>';
 		print '<td>';
@@ -291,14 +291,13 @@ if ($mode == 'setup' && $user->admin) {
 		print '</tr>'."\n";
 
 		print '<tr class="oddeven">';
-		print '<td'.($key['required'] ? ' class="required"' : '').'>';
+		print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
 		//var_dump($key);
 		print $langs->trans("IsTokenGenerated");
 		print '</td>';
 		print '<td>';
 		if (is_object($tokenobj)) {
-			// TODO Read in database to get the date of creation of token
-			print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : ');
+			print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : '.dol_print_date($storage->date_modification, 'dayhour').' state='.dol_escape_htmltag($storage->state));
 		} else {
 			print '<span class="opacitymedium">'.$langs->trans("NoAccessToken").'</span>';
 		}
@@ -323,7 +322,7 @@ if ($mode == 'setup' && $user->admin) {
 		print '</tr>';
 
 		print '<tr class="oddeven">';
-		print '<td'.($key['required'] ? ' class="required"' : '').'>';
+		print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
 		//var_dump($key);
 		print $langs->trans("Token").'</td>';
 		print '<td colspan="2">';
@@ -331,7 +330,7 @@ if ($mode == 'setup' && $user->admin) {
 		if (is_object($tokenobj)) {
 			//var_dump($tokenobj);
 			$tokentoshow = $tokenobj->getAccessToken();
-			print '<span class="" title="'.dol_escape_htmltag($tokentoshow).'">'.showValueWithClipboardCPButton($tokentoshow, 1, dol_trunc($tokentoshow, 32)).'<br>';
+			print '<span class="" title="'.dol_escape_htmltag($tokentoshow).'">'.showValueWithClipboardCPButton($tokentoshow, 1, dol_trunc($tokentoshow, 32)).'</span><br>';
 			//print 'Refresh: '.$tokenobj->getRefreshToken().'<br>';
 			//print 'EndOfLife: '.$tokenobj->getEndOfLife().'<br>';
 			//var_dump($tokenobj->getExtraParams());
@@ -356,7 +355,7 @@ if ($mode == 'setup' && $user->admin) {
 
 			// Token expired
 			print '<tr class="oddeven">';
-			print '<td'.($key['required'] ? ' class="required"' : '').'>';
+			print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
 			//var_dump($key);
 			print $langs->trans("TOKEN_EXPIRED");
 			print '</td>';
@@ -367,7 +366,7 @@ if ($mode == 'setup' && $user->admin) {
 
 			// Token expired at
 			print '<tr class="oddeven">';
-			print '<td'.($key['required'] ? ' class="required"' : '').'>';
+			print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
 			//var_dump($key);
 			print $langs->trans("TOKEN_EXPIRE_AT");
 			print '</td>';
diff --git a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php
index 48b0b78f381..32422cf1712 100644
--- a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php
+++ b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php
@@ -55,9 +55,13 @@ class DoliStorage implements TokenStorageInterface
 
 	private $conf;
 	private $key;
-	private $stateKey;
+	//private $stateKey;
 	private $keyforprovider;
 
+	public $state;
+	public $date_creation;
+	public $date_modification;
+
 
 	/**
 	 * @param 	DoliDB 	$db					Database handler
@@ -122,8 +126,10 @@ class DoliStorage implements TokenStorageInterface
 			$resql = $this->db->query($sql);
 		} else {
 			// save
-			$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity)";
-			$sql.= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($serializedToken)."', ".((int) $conf->entity).")";
+			$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity, datec)";
+			$sql .= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($serializedToken)."', ".((int) $conf->entity).", ";
+			$sql .= " '".$this->db->idate(dol_now())."'";
+			$sql .= ")";
 			$resql = $this->db->query($sql);
 		}
 		//print $sql;
@@ -140,7 +146,7 @@ class DoliStorage implements TokenStorageInterface
 		// get from db
 		dol_syslog("hasAccessToken service=".$service);
 
-		$sql = "SELECT token FROM ".MAIN_DB_PREFIX."oauth_token";
+		$sql = "SELECT token, datec, tms, state FROM ".MAIN_DB_PREFIX."oauth_token";
 		$sql .= " WHERE service = '".$this->db->escape($service.(empty($this->keyforprovider) ? '' : '-'.$this->keyforprovider))."'";
 		$sql .= " AND entity IN (".getEntity('oauth_token').")";
 		$resql = $this->db->query($sql);
@@ -150,8 +156,14 @@ class DoliStorage implements TokenStorageInterface
 		$result = $this->db->fetch_array($resql);
 		if ($result) {
 			$token = unserialize($result['token']);
+			$this->date_creation = $this->db->jdate($result['datec']);
+			$this->date_modification = $this->db->jdate($result['tms']);
+			$this->state = $result['state'];
 		} else {
 			$token = '';
+			$this->date_creation = null;
+			$this->date_modification = null;
+			$this->state = '';
 		}
 
 		$this->tokens[$service] = $token;
@@ -217,9 +229,7 @@ class DoliStorage implements TokenStorageInterface
 	{
 		global $conf;
 
-		// TODO save or update
-
-		dol_syslog("storeAuthorizationState service=".$service);
+		dol_syslog("storeAuthorizationState service=".$service." state=".$state);
 
 		if (!isset($this->states) || !is_array($this->states)) {
 			$this->states = array();
@@ -228,7 +238,10 @@ class DoliStorage implements TokenStorageInterface
 		//$states[$service] = $state;
 		$this->states[$service] = $state;
 
-		$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_state";
+		//$newstate = preg_replace('/\-.*$/', '', $state);
+		$newstate = $state;
+
+		$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_token";
 		$sql .= " WHERE service = '".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."'";
 		$sql .= " AND entity IN (".getEntity('oauth_token').")";
 		$resql = $this->db->query($sql);
@@ -238,14 +251,14 @@ class DoliStorage implements TokenStorageInterface
 		$obj = $this->db->fetch_array($resql);
 		if ($obj) {
 			// update
-			$sql = "UPDATE ".MAIN_DB_PREFIX."oauth_state";
-			$sql.= " SET state = '".$this->db->escape($state)."'";
+			$sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token";
+			$sql.= " SET state = '".$this->db->escape($newstate)."'";
 			$sql.= " WHERE rowid = ".((int) $obj['rowid']);
 			$resql = $this->db->query($sql);
 		} else {
-			// save
-			$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_state (service, state, entity)";
-			$sql.= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($state)."', ".((int) $conf->entity).")";
+			// insert (should not happen)
+			$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, state, entity)";
+			$sql.= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($newstate)."', ".((int) $conf->entity).")";
 			$resql = $this->db->query($sql);
 		}
 
@@ -261,7 +274,7 @@ class DoliStorage implements TokenStorageInterface
 		// get state from db
 		dol_syslog("hasAuthorizationState service=".$service);
 
-		$sql = "SELECT state FROM ".MAIN_DB_PREFIX."oauth_state";
+		$sql = "SELECT state FROM ".MAIN_DB_PREFIX."oauth_token";
 		$sql .= " WHERE service = '".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."'";
 		$sql .= " AND entity IN (".getEntity('oauth_token').")";
 
diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
index efeac91172d..3150aca844d 100644
--- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
+++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
@@ -55,6 +55,8 @@ ALTER TABLE llx_user DROP COLUMN idpers3;
 
 -- v17
 
+ALTER TABLE llx_oauth_token ADD COLUMN state text after tokenstring;
+
 ALTER TABLE llx_adherent ADD COLUMN default_lang VARCHAR(6) DEFAULT NULL AFTER datefin;
 
 ALTER TABLE llx_adherent_type ADD COLUMN caneditamount integer DEFAULT 0 AFTER amount;
diff --git a/htdocs/install/mysql/tables/llx_oauth_token.sql b/htdocs/install/mysql/tables/llx_oauth_token.sql
index 62542d13401..7d33b0ea8cb 100644
--- a/htdocs/install/mysql/tables/llx_oauth_token.sql
+++ b/htdocs/install/mysql/tables/llx_oauth_token.sql
@@ -20,6 +20,7 @@ CREATE TABLE llx_oauth_token (
     service 		varchar(36),         	-- What king of key or token: 'Google', 'Stripe', 'auth-public-key', ...
     token 			text,				 	-- token in serialize format, of an object StdOAuth2Token of library phpoauth2. Deprecated, use tokenstring instead.
     tokenstring 	text,				 	-- token in json or text format. Value depends on 'service'. For example for an OAUTH service: '{"access_token": "sk_test_cccc", "refresh_token": "rt_aaa", "token_type": "bearer", ..., "scope": "read_write"}
+    state           text,                   -- the state (list of permission) the token was obtained for
     fk_soc 			integer,				-- Id of thirdparty in llx_societe
     fk_user 		integer,             	-- Id of user in llx_user
     fk_adherent 	integer,				-- Id of member in llx_adherent