Are there any unique and unchanging tokens available to me from Facebook and Google?
Once I get the tokens and user information back from Oauth login, it is then up to me to search my database for a user with that email and create an account if it does not exist.
The problem is, even if the oauth token and therefore email is authentic, I still want to use a second token in the database query when I look up the users.
Do Google and Facebook have any unique ID fields that I can bundle with the email when I create users to aid in the security of my login process?
p.s. I am using Mean stack and passportjs if there are any known validation or token generation packages that might help me.
Thanks.
Both providers expose a unique user ID.
Google documentation:
[...] you can safely retrieve and use the user's unique Google ID from the sub claim.
To retrieve the Facebook user_id, make a call to:
https://graph.facebook.com/me?fields=id&access_token=xxx