I want to integrate google signin, in our existing user registration system. But not sure which approach will be good in terms of data security + user experience (UX) + speed. Even if its a good idea or not in the below scenario, please suggest.
Existing system:
User logs in using username & password.
Registration: Enter email -> send verification link -> click on the link opens registration forms with 30 minutes expiry time.
Registration form:
Choose username, password, pin select country, tick on terms of service done.
SYSTEM 1:
Upon successful google authorization and if the user email does not exist in our database. Create new user. Auto-generate username, password, pin, and in a screen show like this.
Once the user clicks on the signup button with term tickmark, registration completes and sends a newly generated password, username, pin to the user email.
SYSTEM 2:
Same, just-auto generated password & pin will be one-time use only. Once users log in the first time with this credential, prompting the user to change password and pin.
SYSTEM 3:
Keep the existing one as usual. Only for So social login, some extra data field will be added to the MySQL user table. Like authorization code. Then same as system 1, just the user will only tick mark the terms of service. Pin and username will be auto-generate. Will send email but the pin will not be sent, the user needs to note down the pin.
Instead of the password will use google authorization system during the time of login?
Please suggest which one use or if there is any better solution then kindly mention.
Thank you in advance.
Note: In MySQL username is not the primary key, UserID which is autogenerated during registration is the primary key.
