I've recently implemented Socialite (Google) on a Laravel 7 app for both registration and login.
Right now our flow is to look up via the email address we get back from Socialite (Google) and if we find a matching email in our DB, we log them in, otherwise we create a new user.
Concerned that this means one can't change their email in our system. Should be we using the
provider id we get back to do our auth/check?
Also, what is the purpose of the
token we get back from the provider, when would we use it?
Right now I do
$oauthUser = Socialite::driver('google')->stateless()->user(); on every callback. When would use the token?
Thanks for your guidance.