Use Case:

The user takes a beautiful photo and wants to save it in his evernote account.

• The user allows the use of OAuth 2.0. The service saves its credentials.
• After completing the OAuth 2.0 dance, the service adds a Save to Evernote contact.
• The service then subscribes for updates in this user timeline by inserting a subscription for the timeline collection.
• The user activates the contact. Save to Evernote is now fully configured.
• Over time, the user takes pictures.
• A user shares a photo using Save to Evernote. This makes the time map associated with this photo available for service.
• Since the service is subscribed to timeline updates, a notification is sent to your service. This notification refers to a timeline element containing a shared photo.
• The service checks the notification and uses the included identifier to obtain a timeline map containing the photo.
• Next, the service checks the timeline element and uses the attachment identifier to retrieve the bytes of the photo.
• The service uploads a photo to an Evernote user.
• Finally, the service creates a new temporary card and inserts it into the user's time card with a success message.

From the Mirror API Documentation , a message appears stating that after the user shares a timeline element, the service receives a POST something like this:

{ "collection": "timeline", "itemId": "3hidvm0xez6r8_dacdb3103b8b604_h8rpllg", "operation": "UPDATE", "userToken": "harold_penguin", "verifyToken": "random_hash_to_verify_referer", "userActions": [ { "type": "SHARE" } ] } 

Is userToken the value I get when I first authenticate the application? If so, can I use this value to connect the POST received from Glass with the user stored in my database? If not, how can I connect the shared resource to my service, contact the Glass user so that my service can perform services specific to this user on their behalf?