Social authentication process flow

Question

I have an application with user registration using email & password. I am trying to work out the process flow for adding social authentication providers.

As an example using LinkedIn, login & register process both seem identical:

Get authentication token from LinkedIn
If successful, get id, email, firstname, lastname from LinkedIn.
Try find a user in our user table with email or linkedin id.
If no user create, storing linkedin id, email, firstname, lastname
Login to our site.

1. Is this the most suitable flow?
2. What to do with password in our user table when the user is created? The user later wishes to login with his email & password rather than LinkedIn.
3. Twitter does not provide access to email so can't follow above process.

Answer 1

You can work this out with associated social accounts relationship

Is this the most suitable flow?

• yes it's most common, but to adopt many provides you can do like , when ever user creates account (with any process Password or Social Providers) then you can store that info like loginTypes ( Pwd, Twitter, FB) etc , it's like array

What to do with password in our user table when the user is created? The user later wishes to login with his email & password rather than LinkedIn.

• you can support that by giving option to user to setup password if they need , then update the login types to include password as one of types

So when the user tries to login with password , you can find the account by email and see if password is added in login types , if so the proceed with password check else reject

Twitter does not provide access to email so can't follow above process.

You can store Twitter unique id returned for the user in DB and use that for checking next time

Hope that clarifies you!