First, I know what a secret key is and what it's for, but I have a question about the instances in the following example.
When a user signs into your app using omniauth-provider, and you successfully get a response hash from an omniauth-provider, you get something like this
{
:credentials => {
:token => "a1b2c3d4...", # The OAuth 2.0 access token
:secret => "abcdef1234"
},
}
1) Now, are these two keys different from your application's token and secret token?
2) Do these returned tokens in the hash differ across each user, or are either of them the same for all users? (logically they should be different, but just trying to be thorough)
3) Are any of these dependent or tied in any way to what you set in your config file for your application keys and application secret keys?
Thanks
Yes, they are different.
They are specific to each user. Depending on the provider, they may also change with time.
It depends on the OmniAuth provider. Some providers give each user only one global token and secret, but others give each user a different token and secret per application. So depending on the provider, if you use a different app or if you change your config file, your user's tokens and secrets may change.