So on my website I have a signup/signin page. I'm looking at implementing social signup/signin buttons.
I'm planning on saving the social user data in their own table and then use that data to make a user on my website (in my sites user table).
The problem/question is, how should I handle the password?
They need to confirm their password whenever they change sensitive information. ie. username,email,password. Which is not possible if they don't have one set.
Of course I have a "forgot password" button, but surely there's a better way.
The general rule of password handling is to never send password in plain-text over the net.
For the social signups/signin the password handling is taken care of by the provider. The API they provide will usually give you an unique id or something that you can use for verification in your data-table.
Be aware that some of the social authentication APIs strongly recommend not to send user-ids over the net, but rather let your back-end do the user-id look-up with an access token.
Try to search for "[social media] oauth" that will help you on your way