oauth-php keeps only a single access token

I am making an auth provider which allows a consumer to act on the behalf of multiple users at the same time (please dont go 'duh' yet).

In my oauth_consumer_registry table (where a consumer stores its own credentials), I have the following entry

ocr_id  ocr_usa_id_ref  ocr_consumer_key    
1       672             7e6418..........

The consumer stores the tokens it accessed on oauth_consumer_token

oct_id  oct_ocr_id_ref  oct_usa_id_ref  oct_token_type
31      1               672             access
32      1               672             request

I believe that when an user authorizes himself, the consumer gains an access token on his behalf. So the consumer must store one access token for each user. But whenever a request token is exchanged for an access token, the access token already existing gets deleted. So the database stores just开发者_如何学Go a single access token. Something seems obviously wrong.

How do I tell my consumer app to associate an access token with a particular user?

An explanation that crossed my mind is that I must register a new "consumer" in the oauth_consumer_registry for each user. Is that right?

For each consumer, that consumer must have one token per user, because the consumer is attempting to access the provider on the user's behalf. On the provider side, that provider must have one token per user per consumer. That is assuming that you want individual users to have control over the access granted to external consumers.