Change access tokens into a post type.

[spacedmonkey]

Moving access tokens to a post type makes a lot of sense. It means they are deleted when the user is deleted.

There are some backwards compatablity issues, but I believe I have done a good job in fixing these, by support the old options and copying them over to post type.

Fixes #215

[schlessera]

Did you also consider user meta for this?

[dshanske]

The Oauth2 plugin uses user meta. It gave me the idea to use it in my Indieauth plugin code

[spacedmonkey]

@schlessera @dshanske I looked in it doing that, but I couldn't find a way to do it.

There is a method called get_access_token which is used to get the access token from options. The token is passed here as the user id is not yet known. Using user meta isn't possible as, it is not easy (without raw SQL queries or by doing a meta query of users ) to get user id via the meta key.

Using posts, isn't something I love, but it a type that allows for lookup via token (post_name / slug) and by user (post_author).

Post related to users also delete with the users, which is a nice bit of tidying up, that the current implementation doesn't do.

I am sure it maybe possible to refactor the code to use user_meta and it would mean a much longer change than is really required.