Discussion: OAuth2 Authentication Question

So I've told the user to click on my link and after going through the process it successfully gives me an access_code.  So I go ahead and save it in my database for future use (Since these codes don't expire) along with the players_tsid.

[Now I assume my user has cleared all his cookies and whatnot before visiting my site again]

Now he signs into glitch.com and then proceeds to visit my website.

Now when he again clicks on the Sign-In button on my website it goes to the glitch and gets me another access_code (possibly the same one, I haven't checked).

At no point am I checking to see my own internal database to authenticate this user.  How might I go about doing this?  Can anyone link me to any documentation or something for this? I couldn't seem to find any. 

There should basically be some response where it says "Now I'm going to trying to get the access code for player_tsid=BLAH" so I can check if the access_token in my own db before proceeding.
After you get back the access token you call auth.check (or possibly another call but thats the easiest) and see which player they are. You can then generate an session however you want. See https://github.com/coderanger/glitchtools/blob/master/glitchtools/users/views.py#L25 for an example.
Well I looked at your code and that's pretty much what I am doing myself.  The reason for my question was that I don't want users that have already authenticated themselves with my website to re-authenticate (since the access token never expires). 

The sign in button should automatically log people in (provided they have logged into glitch.com).
@Long- Hey, so implicit authorization isn't a requirement for oauth2 implementations;  It looks like glitch doesn't support it at this time.

Maybe someone from glitch could comment on whether this will be supported in the future?
So correct me if I am wrong but right now is there any point for me to store peoples access codes and tsid in the database?

You get (a possibly new) access_code every time; because users need to re-auth themselves to sign-in. Am I right?
@Long You are free to implement your own session system however you want. In the code I linked to I am just using Django's default cookie sessions so the user will stay logged in until they close the browser.
Yep.  Thanks for your help coderanger.
The easiest way to do it is to just stash the user's OAuth token directly in a cookie. Take a look at Glitch Mash for an example.