Support for Duplicate Access Tokens about oauth-php HOT 9 CLOSED

I get that this is a problem, but I'm not sure how to solve it... Please tell me
more, if you are using the same server and consumer_key, how to you 
differentiate the
callbacks? What is different that would provide a unique key?

I'm not entirely sure what you mean, but the user_id is different for each. Is 
this enough?

Maybe I'm missing the point of exclusive server/consumer_key combos as well. 
Aren't we supposed to be using the same consumer_key, from our application, for 
all of our users to connect with? If so, then we'd differentiate who it is 
based on our application's user ID (via sessions or whatnot).

[deleted comment]

"authenticate [...] to the same server + consumer_key combo [...] using the 
same credentials"

The user_id you pass to the OAuth server would only be returned back to you. A 
Oauth Server never stores your user_id, but the OWN user_id based on the logged 
in user!
So if you logged in twice with your Google accound, you will twice get the same 
token back, and your different user_id of course. Because the server does not 
care what you pass as user_id. (It´s yours)

If you want a new token, log in with another Google accound. ;o)

"So if you logged in twice with your Google accound, you will twice get the 
same token back"

Yes: this is the case I'm referring to

"If you want a new token, log in with another Google accound"

I'm happy with having the same token. However, this causes an exception.

Maybe I'm misunderstanding how to use things. What is the best method of using 
oauth-php as the primary method for authentication for a site, when this is no 
previously known user_id ?

You will get the user_id after the user has authenticated at the service 
provider. I do not really know whats the end point from google for getting the 
user information of the authenticated user.

OAuth is not primary made for authenticating users at your server! It´s made 
for making signed api calls to another server (google in this case) without the 
need to provide username/password to you.

A good starting point for OAuth with Google are these docs: 
http://code.google.com/intl/de-DE/apis/accounts/docs/OAuth.html#GetAuth
And a google online client to test the google api calls: 
http://googlecodesamples.com/oauth_playground/

Btw. i really want to help you! ;o) Maybe you can descripe more granulated what 
you want to do.
Do you want that your users can sign in with their google account on your 
system?
Maybe Google Federated Login helps more? 
http://code.google.com/intl/de-DE/apis/accounts/docs/OpenID.html

Ok, got the google end point for getting the user information:

https://www-opensocial.googleusercontent.com/api/people/@me

You have to sign this api call with the access token you got from google. Let 
me know if this works or not! :o)

More info could be found in the docs: 
http://code.google.com/intl/de-DE/apis/contacts/docs/poco/1.0/developers_guide.h
tml#RetrievingUserContact