Hey @rao.madhusr welcome to the community!
- The user clicks on the “Log in with X” button (or another social identity provider).
- The user’s browser is redirected to the Google, Facebook, etc. login page.
- The user logs in with their social provider credentials. This step happens entirely on the providers servers – your application never sees the user’s username or password.
- After the user successfully logs in, the provider sends the user back to your application. As part of this process, the provider includes a piece of information that your application can use to verify that the user is who they claim to be.
- Auth0 verifies this assertion, creates or updates a user in your Auth0 user database, and then sends an ID Token back to your application. This ID Token contains information (“claims”) about the user, such as their username, email address, and so on.
At this point, the user is authenticated – that is, your application knows who the user is.
Yes, Auth0 will create and store a normalized profile for the user - Their profile will look something like this:
{
"created_at": "2023-03-30T00:44:20.072Z",
"email": "bart.simpson@gmail.com",
"email_verified": true,
"family_name": "Simpson",
"given_name": "Bart",
"identities": [
{
"provider": "google-oauth2",
"access_token": "XXX",
"expires_in": 3599,
"user_id": "1033643454529712852",
"connection": "google-oauth2",
"isSocial": true
}
],
"locale": "en",
"name": "Bart Simpson",
"nickname": "B$",
"picture": "https://lh3.googleusercontent.com/a/AGNmyxboaf0rlTsdfsfeNL8_cSp17Ekdp-IRyF-P3g=s96-c",
"updated_at": "2023-03-30T00:44:36.100Z",
"user_id": "google-oauth2|1033692342346512852",
"multifactor": [
"guardian"
],
"multifactor_last_modified": "2023-03-30T00:44:36.100Z",
"last_ip": "XXX,
"last_login": "2023-03-30T00:44:20.070Z",
"logins_count": 1
}
Some more on custom domains here: