I have an app that is currently using email and password for account authentication. Whenever the user logs in using email and password, the backend creates a JWT session token and returns it to the app.
This works well. Now, I am trying to integrate Google One-tap sign-in[OAuth] and I want to keep my existing login system too.
I am not able to figure out how to manage the session/authentication for the user in the database. My existing user table has:
Name, email, password, ...
In the case of OAuth, I will only get the email and token. Once I validate the token then I will have no password to save. So, is it alright to just save OAuth unique id for the user in an external_unique_id column and do nothing with the password (as in leave it blank)?
Kindly, help me with understanding how to manage this sort of system.
Especially, how to handle the flow when the user tries to sign in the second time when the external_unique_id is already existing.
Should I compare the unique id received from the OAuth provided with the external_unique_id?
Thank you!
I dont know if its the best approach but you can create a new column in your user table that tells you what login method user used (in this case, google or api). You dont really need google unique id, you just need to know the authentication was successful to generate a new token or not. On the first authentication you need to create a new user based on google payload. In the next ones, just get the user on database using his email and do whatever you need to.