How does a mobile app authenticate with a backend API if the user signs in through social logins?

Question

I\'m trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api.

If t

Answer 1

This is happening when a Facebook/Google log in is clicked on an XYZ website.

1. XYZ website redirects to Facebook login page together with an XYZclientID(XYZ should be already registered under Facebook as a developer)
2. Facebook identifies that XYZ(using XYZclientID) wants to authenticate ABC person
3. ABC person log in to facebook.
4. Facebook issues an authorisation code(for ABC+XYX combination) and redirects back to XYZ website.
5. XYZ uses this authorisation code + XYZclientID + XYZclientSecret to get a bearer token
6. Facebook validates the secret and issues a bearer token(linked to ABC person)
7. XYZ uses this bearer token to retrieve details of ABC person. (It cannot be used to retrieve data of DEG person)
8. Facebook give the email & other personal details of ABC to XYZ and XYZ shows that ABC is logged in.

More elaborated here : https://www.scienceabc.com/innovation/oauth-how-does-login-with-facebook-google-work.html