sign in with oAuth, what should i store/use to identify the user?

Question

im trying to implement a login with facebook/twitter functionality in my app, i read some guides on oAuth, and i think i understood some of the basic concept, and here is what i understood (please correct me if i'm wrong):

1. myApp send request to the oAuth provider, get the (A)request token.
2. send user to authenticate the (A), returns with (B)authenticated request token (is this whats called oAuth token?)
3. use the (B) to get the (C)access token.
4. use C to access user information.

and here is what i can't get around my head, which one of these that i should use/store to identify the user? i thought about the possibility of using each one of those, but im always stuck on how to check if the user has signed in before...

Answer 1

If all you need is just authentication, then storing only user_id is enough.

So create another table like:

id | service_name | user_id | my_user_id

where service_name is either twitter or facebook, user_id - is user's id from twitter/facebook and my_user_id is a user_id in your authentication system.

So:

SELECT my_user_id FROM oauths WHERE service_name = 'twitter' AND user_id = 42

would return you your system user_id or nothing

PS: service_name could (and should) be normalized, I kept it as a string just to simplify an example

PPS: as you said in comments you probably would want "posting/tweeting".

In that case you need to store user's access token for twitter, and store nothing additional for facebook, but request for publish_stream permission when authenticate user.