I often use services that log in using information from platforms such as Google, Facebook, and Apple. By logging in using this method, users can obtain user information and use services that require authentication without separate authentication or membership registration.
I am curious about how user information is stored in db in this case. When saving to the db, a unique id (column containing unique values) is required. The problem is, unlike when using my own login, I don't know what to use to set the unique value. In the service's own login, the user's uniqueness can be obtained through email authentication or userId.
What I want is to use the unique value of the db to prevent account information from colliding with other users and to prevent duplicate user creation even after user information is changed in any oauth2-provided platform.
Is this possible? What method do you use?
I'm thinking of creating a unique identifier with platform + identifier like google(platform user info id or ...).
If you produce your own solution you would design fields like this and store them in some kind of linked_accounts table:
Yet it is not that simple. Eg in future the schema might need to support logins with passkeys or digital wallets, which would not fit into this schema.
A useful technique is to prompt a user to authenticate with an existing method as part of onboarding to a new one.
The most complete solution is for your apps and APIs to only interact with the authorization server (AS) whose role is defined in RFC6749.
An AS designs user account storage in terms of standards such as the SCIM Core Schema. This can be used as a guide for your own solutions. Ideally though the AS should do the hard work for you.