I've managed to program a login with Facebook system in my PHP webapplication. But now I'm a bit stuck in best practices.
Do I have to save the user's userID to my Database, the user's e-mail-address and/or name and surname? I'm asking this because I'm thinking about users changing their e-mailaddress, who aren't being able to login the next time if so.
And how can I know that when a user logs in with Facebook, and the next time with Twitter for example, that it's the same user? Probably based on he's e-mail address? But I think if you haven't changed it your standard Facebook e-mail is [email protected], right?
I'm not asking for code here, please provide me some experiences or best practices.
As for me, the best practice is use oauth2 library (all socials are supported it) and use database with two tables: users and users_socials.
When the users are trying to login via social, your script will create records on tables and connect this tables via "one to many" relation. All socials return unique identifier for auth user and your script can insert it onto storage for use in further.
Table scructure and test data
Table user
user_id | email
________________
1 | [email protected]
2 | [email protected] - if the social cannot return an email address
Table user_socials
social_id | user_id | social
____________________________
123213213 | 1 | facebook
332123213 | 1 | twitter
323232321 | 2 | vk
This pattern is good, because one user can connect many socials with his account
P.s. Facebook, Twitter, Google+ - return the user email