The tokens are opaque. They don't contain user information. What everybody does in that case is keeping a separate database with [USER_ID
, ACCESS_TOKEN
] so when the user logs in you can fetch it's access token. If you log to multiple services perhaps you also need a SERVICE_NAME
to separate twitter from google tokens.
Edit
OAuth is not an authentication or login protocol, it wasn't designed as one so, while you may be able to get the user identity via ad-hoc extensions (Twitter returns the user_id
on the access token response) or making further requests, it will always be a hack.
Perhaps a better fit for your needs is OpenID (and scribe won't help you here, unfortunately)