1 week ago

Socialite - Best Practices

Posted 1 week ago by edalzell

I've recently implemented Socialite (Google) on a Laravel 7 app for both registration and login.

Right now our flow is to look up via the email address we get back from Socialite (Google) and if we find a matching email in our DB, we log them in, otherwise we create a new user.

Concerned that this means one can't change their email in our system. Should be we using the provider id we get back to do our auth/check?

Also, what is the purpose of the token we get back from the provider, when would we use it?

Right now I do $oauthUser = Socialite::driver('google')->stateless()->user(); on every callback. When would use the token?

Thanks for your guidance.

Please sign in or create an account to participate in this conversation.