Hello! This is a very newbie question but just starting to learn now. When doing a login with social (my example GitHub), I receive an access token from the service then I register the user on my database with username and email, but what do I do with the token? Should I store the token on the database then send it to the client to store there too so they can login? Should I generate my own token and store then send to the client? Or would it be something else? Just trying to understand a bit this concept, seems so complex for me. Thank you!

Hello! If you write using the rest methodology, then your backend should not store states, so you need to send the generated token back to the client, and then, as part of the request, each time (where necessary) send it to the server, with the help of which you will receive user data and either give him access, or reject with an error, and also get his meta information by which you can find him in your database Hope this helps

Alright thank you! Starting to understand now. So, let's say the client which is logged in and has the token requests data, it would send the token back to the server then the server would "ping" GitHub's api to for example get the username, then with the username it would get the data from the database, is this correct?

yep, the server can already contact an external service to get any data

Thank you so much!

That token is for you to get the user's information from github It should not be sent to the client You will create your own token or session that goes to the client

Alright, thank you! Once I create the token do I store it somewhere in the server?

Depends if it is a session stateful token or jwt style stateless token If it is the classic session token then yes If it is a jwt then no because the user is embedded in the token

Oooh okok, I've been trying to do JWT so far. Well thank you I really appreciate it!