Sign In With Twitter


I’d like users to be able to log into my application via the “Sign in with Twitter” button. I have the OAuth flow down (using omniauth gem for rails), and I can get a token and a secret back to my application, along with user details like uid and nickname.

My question is will the user’s token and secret will ever change? If I want to grab the user from my users table that corresponds to this twitter user, can I “SELECT * FROM users WHERE “twitter_token” = ‘XXX’ AND “twitter_secret” = ‘XXX’”? Or is the token and secret volatile, a per session sort of thing, and I should “SELECT * FROM users WHERE “twitter_uid” == ‘XXX’”? (Note that these queries are examples, and I might have gotten the quoting wrong. I’m using rails, so I don’t actually have to touch SQL if I don’t want)

I guess what I’m really asking is: I have a user model, I have a twitter OAuth response, which field should I use to associate the two?