I am developing a mobile app and currently depending on JWT to maintain the statelessness of the API. The API is consumed by mobile and web devices. The users will use their email and password to register.
I am assigned to implement social login option in this API. I would like to clear my following doubts.
1) When Social Login is used, how can I generate a token [like JWT] which will be stored at the client's end? This token is supposed to send with all subsequent requests after login.
2) In case social platforms are not providing/sharing email address [which is one of our primary keys], what all information shall I store?
SHORT ANSWER
LONG ANSWER
Let's start from the beginning in order to have a better view of all the issue and clear all the aspect of your doubts.
Basic user table
Usually you have a Users table structured in this way (simplified)
When the user login, you are going to update the jwt_token field and return it to the user in order to consume your APIs.
Implementing social logins
A good approach to add social logins is to create a new social_logins table structured as follow (simplified)
Once you "social login" a user, you get a list of data from the social network itself. Note that users can disallow the retrieve of the private email address (ex. from Facebook) even if you are explicitly asking for it.
The first thing you have to do is to check if the social returned you the user's email address.
To avoid creating double users (different email addresses), I always prefer to ask the user to confirm his email address: with this simple question you can postpone the previous check and reduce the amount of double users. So, if the social login isn't returning you the email address, you just show an empty field asking the users to fill it with their email address that you will then use to look for a user in the users table. If instead you got it, just show the user the same field filled and ask him to confirm the email address or change it if he prefer to use another address or if he is already registered to your app with another email address.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With