Fantastic tutorial — I ended up getting OAuth working for all four providers for a pre-existing app of mine! You mentioned storing user session data in a database briefly, but I’m wondering also how you could associate various OAuths over different login times.
For example, a user for the very first time uses Google to sign in, then later GitHub. Would there be a way of knowing its the same user, just a separate account? I know some sites are able to do this, I’m just now sure HOW they do this. The only starting point I can think of is that each of the OAuths have an associated email and could be compared on the server.
Another thing I noticed is that with this setup if another browser tab is opened, all the logins are back in there unlogged-in state —is your recommendation to store a user’s login status in JWTs or something on the server?
Any insight or your recommendation on links associated with these topics would be much appreciated! And again, fantastic tutorial, I would have never thought I could implement something like this in so little time! 😃