I have successfully implemented OAuth from a website such that it redirects and returns with an authentication code and access token. However, I am stuck on how to proceed from here. What do I do with the token? How can I check that the user has authenticated when I send the user to different pages on my website?
In a PHP Login system, you could just do:
session_start();
if(isset($_SESSION['username'])) {
/* stuff here */
}
else {
/* redirect here*/
}
Do I store the access token of the user in a database on my server? If so, how can I check that the access token is valid and get all the information I want on each page of the website?
My understanding is that if you got the access token back then you can assume that they have been authenticated on that external system so you can also treat them as a logged in user on your system.
Keep the token in your session for that user and refer to it whenever you need to verify user is logged in.
What other information would you need on each page of your site?