I'm currently developing an API in go for an iOS, an Android and a web application (react.js/redux). I have already implemented authentication with OAuth2 by using the osin package.
To log in my users, I use the Resource Owner Password Credentials Grant flow, but I would like to add the Google and Facebook authentication.
I'm a little bit confused and I really didn't know how to start…
Should be using the Facebook/Google token to authenticate a user and return my access tokens?
Should be using Facebook/Google token and my token at the same time to verify a user before return a resource?
Thanks