EMA C++ Developers Guide : 6 Consuming Data from the Cloud : 6.3 Credential Management
 
6.3 Credential Management
By default, the Enterprise Message API will store all credential information. In order to use secure credential storage, a callback function can be specified by the user. If a callback function is specified, credentials are not stored in API; instead, application is called back whenever credentials are required.
If an OmmOAuth2ConsumerClient is specified when creating the OmmConsumer object, the API will callback OmmOAuth2ConsumerClient.onCredentialRenewal whenever credentials are required. This call back must call OmmConsumer.renewOAuthCredentials to provide the updated credentials.
 
NOTE: OmmConsumer.renewOAuthCredentials can only be called during the callback.