I would like to know how the OAuth login works in the Account controller of a default MVC5 application. My question can be related to social login in CodeProject too.
Here is my understanding about the code flow:-
The user can register directly to our website, or he may use the social login. If the user chose to login using Facebook or Google, and he click the button, MVC redirects him to the corresponding sites and asks the user to authorize the request. If the authorization is successful, we get an OAuth user id along with some other details from the OAuth provider.
We then store the OAuth user id and the other data returned from the provider in our database, and the user is registered, but he does not have a userid and password for our site.
1) How do we know he is registered on subsequent visits to our website?
Once we authorize the user, do we also keep the user details in session, and if the author has not logged out, on subsequent visits, we show the data related to the session user.
2) What happens if the user closes the browser and then visit our website? How do we verify the credentials ?
3) What should be done if the session is lost ? Is it like going to the OAuth provider website and the return back the oauth user is as in the registration phase, and if the oauth user id is present in the db, login the user to our website ?
4) If the user logs out of the oauth provider website, how do we handle the login in our website?
Thank You
Submit an article or tip