Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

IsaacBen's avatar

Socialite Database

So I added a facebook login to my website, but how does the user gets logged in so he can view all pages? The documentation doesn't really help about it. I would like to know how should I add the user to the database, do I need a different table? Can I modify the regular users table? How does the whole "id" things work? I don't want a regular and facebook user to have the same id. My goal is to be able to show the users name with his picture on the side, just like in this website. Will appreciate any answer

0 likes
15 replies
kreitje's avatar

It's up to you to handle that.

http://laravel.com/docs/5.1/authentication#social-authentication

Socialite just provides an easy way to authenticate with Facebook and get the details. You can store the details in your users table.

// All Providers
$user->getId();
$user->getNickname();
$user->getName();
$user->getEmail();
$user->getAvatar();

$user->getId() would be the unique id returned from Facebook. Save this field somewhere in your database, either in a separate providers table, or even the users table would be fine. Now when someone tries to login with Facebook, if that ID doesn't exist, either create a new account for them or throw an error.

Just remember, the ID returned is from Facebook not your webapp. So your user would have an "id" for your web app and a "facebook_id" that you store so you know what user they belong to.

3 likes
IsaacBen's avatar

@kreitje Thanks for the response. I would prefer to just add it to the same users table I'm using, what should I do with the password? If it's a regular users then he must enter a password but for a facebook user he doesn't, will it make a conflict?

kreitje's avatar

There won't be any conflict as you will use a different route/controller for the Facebook auth.

Do a lookup of the user with the facebook_id or whatever you call your column and call the Auth::login method and pass the User model.

$findUser = User::where('facebook_id', $user->getId())->first();
Auth::login($findUser);
return redirect('/home')->withSuccess('you are logged in!');

Don't forget to do a check to make sure $findUser isn't null.

1 like
IsaacBen's avatar

@kreitje Would this table be okay? Am I missing something?

        public function up()
{
    Schema::create('users', function(Blueprint $table)
    {
        $table->increments('id');
        $table->string('name');
        $table->string('email')->unique();
        $table->string('password', 60);
        $table->string('avatar');
        $table->string('facebook_id')->unique();
        $table->rememberToken();
        $table->timestamps();
    });
}
jekinney's avatar

Need to make the password field nullable().

3 likes
IsaacBen's avatar

@jekinney Exactly, also the facebook_id, and avatar field. I battled with this for 2 days, I was thinking about giving up. At the moment it seems to work. I can logout and login back with no problems. Please let me know if my code seems legit to you.

public function handleProviderCallback(User $user)
{
    $money = Socialize::with('facebook')->user();

    if(User::where('email', '=', $money->email)->first()){
    $checkUser = User::where('email', '=', $money->email)->first();
    Auth::login($checkUser);
    return redirect('home');
     } 

    $user->facebook_id = $money->getId();
    $user->name = $money->getName();
    $user->email = $money->getEmail();
    $user->avatar = $money->getAvatar();
    $user->save();

    Auth::login($user);
    return redirect('home');
     
}

The Database

public function up()
{
    Schema::create('users', function(Blueprint $table)
    {
        $table->increments('id');
        $table->string('name');
        $table->string('email')->unique();
        $table->string('password', 60)->nullable();
        $table->string('avatar')->nullable();
        $table->integer('facebook_id')->unique()->nullable();
        $table->rememberToken();
        $table->timestamps();
    });
}
1 like
jekinney's avatar

@itzikbenh

If it works!!! I would suggest

$checkUser = User::where('email', '=', $money->email)->first()
if($checkUser) {
    Auth::login($checkUser);
    return redirect('home');

// or

if($checkUser = User::where('email', '=', $money->email)->first()) {
    Auth::login($checkUser);
    return redirect('home');

Just reduce a query from 2 to one.

2 likes
dangelsaurus's avatar

@jekinney - if you make the password null-able, do you put yourself at risk of someone trying to login with a normal login form (if available) if they somehow guess a social login user id?

IsaacBen's avatar

@dangelsaurus Both requests refer to different controller methods. So on a regular form you would make the password field required in that way there is no risk, If there is no password he can't login. Even if you have a facebook_id it won't help, you need access to the whole account, otherwise you would have to go through the regular form which won't let you in without a password.

1 like
guoyunhe's avatar

Question about the database columns for facebook_id or google_id. Is all OAuth service providers return integer ids?

amosmos's avatar

Hey @IsaacBen , if you're always getting the email address from the service, why would you need to save the id of the user in the service ("facebook_id")?

Please or to participate in this conversation.