Best Practice Login With Facebook, Twitter, Google or register

Question

I've managed to program a login with Facebook system in my PHP webapplication. But now I'm a bit stuck in best practices.

Do I have to save the user's userID to my Database, the user's e-mail-address and/or name and surname? I'm asking this because I'm thinking about users changing their e-mailaddress, who aren't being able to login the next time if so.

And how can I know that when a user logs in with Facebook, and the next time with Twitter for example, that it's the same user? Probably based on he's e-mail address? But I think if you haven't changed it your standard Facebook e-mail is your.name@facebook.com, right?

I'm not asking for code here, please provide me some experiences or best practices.

Answer 1

As for me, the best practice is use oauth2 library (all socials are supported it) and use database with two tables: users and users_socials.

When the users are trying to login via social, your script will create records on tables and connect this tables via "one to many" relation. All socials return unique identifier for auth user and your script can insert it onto storage for use in further.

Table scructure and test data

Table user

user_id   | email
________________
1         | mail@site.com
2         | 323232321@vk.com - if the social cannot return an email address

Table user_socials

social_id | user_id | social
____________________________
123213213 | 1       | facebook
332123213 | 1       | twitter
323232321 | 2       | vk

This pattern is good, because one user can connect many socials with his account

P.s. Facebook, Twitter, Google+ - return the user email