I want to connect social media accounts (FB, Instagram & twitter) with my application so that I can get long loved access token and make requests for getting data on behalf of users. Any good practice which I should follow? Should I directly do user id and access token mapping and store it in db? Any other suggestions?

encrypt your private keys when on disk or when stored in database. Rails 7 has few inbuilt ones or use gems like lockbox. attempt not to use long lived access tokens (expire frequently and use a refresh token to get a new short lived token). usually - user_id - access_token (in encrypted format). let the application decrypt it. refer theory from here - https://github.com/ankane/lockbox

But is encryption or hashing value of access token really required?