Salesforce provides additional fields namely issued_at & signature that are to be returned. access_token post authorization is always perishable. Hence the need to obtain refresh_token.

oa-oauth/lib/omniauth/strategies/oauth2/salesforce.rb

@@ -18,7 +18,10 @@ module OmniAuth
           super, {
             'uid' => @access_token['id'],
             'credentials' => {
+              'issued_at' => @access_token['issued_at'],
+              'refresh_token' => @access_token.refresh_token,
               'instance_url' => @access_token['instance_url'],
+              'signature' => @access_token['signature'],
             },
             'extra' => {
               'user_hash' => data,