I have an application with user registration using email & password. I am trying to work out the process flow for adding social authentication providers.
As an example using LinkedIn, login & register process both seem identical:
Get authentication token from LinkedIn
If successful, get id, email, firstname, lastname from LinkedIn.
Try find a user in our user table with email or linkedin id.
If no user create, storing linkedin id, email, firstname, lastname
Login to our site.
You can work this out with associated social accounts relationship
Is this the most suitable flow?
What to do with password in our user table when the user is created? The user later wishes to login with his email & password rather than LinkedIn.
So when the user tries to login with password , you can find the account by email and see if password is added in login types , if so the proceed with password check else reject
Twitter does not provide access to email so can't follow above process.
You can store Twitter unique id returned for the user in DB and use that for checking next time
Hope that clarifies you!