Some things that should be fixed for use in real apps:
eBay username. It's unreliable to use it as user identifier as it may be changed by the user.
See the code comment for details.
In real apps, it is important to know when refresh_token will expire to send a reminder to the user, asking to log in again. Also, it allows distinguishing between token expiration and token revocation by the user.
Please add refresh_token_expires_at field into credentials hash.
OAuth scopes. Empty scope list is fine for sign-in purposes, but it should be documented better IMHO.
Also, an example should be added (should user concatenate the list of scopes with space or can we do it for them?)
Maybe it worth to note that by default that list of scopes is empty and users should provide it if they will use eBay APIs. Or perhaps it will be good to include public access scope https://api.ebay.com/oauth/api_scope by default.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.