All authentication information in Keyring is stored and managed within Tokens. The first part of an authentication flow is always handled with a Keyring_Request_Token, while a successfully-authenticated service should store its details as a Keyring_Access_Token. The difference is internal only, and both types of Token work exactly the same. Looking at the constructor for both types shows you what is required:

function __construct( $service, $token, $meta = array(), $uniq = false ) {

  • $service is a string representing the name of the Service this Token is for. The name should match the name under which the Service was registered.
  • $token can be anything which represents this Token’s actual “data” and may be a string, array or object. For example OAuth1 Services implement this as an OAuthToken object (provided by a third-party library). OAuth2 Services store this as a plain string.
  • $meta is an array of optional, arbitrary data to associate with this Token. It is up to your Token Store to decide what to do with this and how to handle it. The Keyring_SingleStore class stores each element in wp_postmeta against the custom post type stored representing the Token itself.
  • $uniq is an optional unique identifier for this Token. This is used in the Token Store when modifying/deleting existing Tokens.

What do you think?