I nearly finished my new service and I am trying to enhance the UX by giving the chance to Sign Up with Twitch, Google+, Facebook, etc.
The Authentication (obtaining access token and getting email address, etc.) is already finished, but I have never used OAuth2 that deep, so I am having some questions:
How should I handle the “Sign In With Twitch” action?
I thought of just obtaining the users Email and save this to my DB.
What should I save in myDB?
Which data should I save to the new user document in my DB?
- access_token (which expires) (=> only need It once a time when the app requests the users email…)
- refresh_token
- Twitch User ID?
How can a User re-login with the Twitch Account?
What is the best way to let a user login a second time?
Do I have to request a new access token via https://api.twitch.tv/kraken/oauth2/authorize ?
What is the best way to let the user stay signed in?
Should I set an expiration date after a User signed up with Twitch?
Which data can be stored client-side in Cookies? My own generated UserId as every User (who singed up the “normal” way with Email/Password)?
How can I check if a User did not manipulate hiw client-side data?
I would be really thankful if somebody could give me a bnuch of answers to my questions!