I am trying to impliment Oauth for my webapplication for google.I am worked upon a POC and it working fine but i have a confusion and not sure how best it can be achieved.

I am using scribe java API for Oauth.

here are the steps i am performing.

1. Getting request token from Google.
2. Redirecting user to Google to authenticate them self and authorize my serivice to access his/her few details.
3. get Access Toekn from google by providing request token and verification code given by google.
4. Accessing user info once google provide Access token.

now my main confusion is at step no 3, since i am working on a web-application so it will be a 2 step process.

1. Redirecting user to google
2. Handling back google redirect.

In order to get an Access token i need to provide same request token which i got at step1 else my request being rejected by the user.
The request token contains 2 things

1. Toekn –>which is based on the registered application so not an issue
2. Secret–>This is always being a random string so it should be same when asking for access token

that means i need to store this secret either in my session or some where so that i can access this secret when user is being redirected back to my application.

My confusion is,since in order to save it in session i have to create a unique key and some way to access it in the other action class which will handle Google Redirect back how can i achieve this since at a given time so many user can ask to login using google.

any help in this regard will be much appriciated.

Thanks in advance