Rails devise API, with linkedin oauth registration

Question

I'm working on an Rails API with devise, and collegue is working on iOS client. Application uses LinkedIn authentication, and what I get from client is the following JSON:

 {
   "id": "XXXXXXXX",
   "emailAddress": "my@email.com",
   "lastName": "Smith",
   "provider": "linkedin",
   "firstName": "John",
   "headline": "Company ltd",
   "accessToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
   "siteStandardProfileRequest": {
     "url": "https://www.linkedin.com/profile/view?id=xxxxxxx&authType=name&authToken....."
   },
   "userData": {
     "accessToken": "",
     "userID": "xx",
     "version": "x.x.x"
   }
 }

So with this I have create an account and sign user in, that in my case means I need to sand back another token that allows client to talk to api.

My question is, how do I use this accessToken, and create an user account with it. I could use it as password, but that doesn't seem right. Besides, I need to figre out how to deal with the fact that LinkedIn changes this accessToken every 60 days.

I had an idea of verifying this token, but can't get it verifed, because I keep hitting the same issue as this guys here. Their solution didn't work for me, just like it didn't for him.

Please forgive my ignorace, but I'm a beginner, and I just don't know how to proceed.
- Am I thinking in the right direction?
- Is there a common way to deal with this?
- Are there any examples that I can look at?

I would really appreciate any kind of help. Many thanks.

Answer 1

Since the access token can (and will!) change with regularity, you want to key your user database off of the "id" field that comes back in the payload, not the access token itself.

The id for a given user will always remain constant, regardless of what access token they come to your application with.