Social Authentication best practice?

I wonder how we could achieve the follow, and also checking if it would be wrong to do so.

  • We don’t want to force players to login to a social provider (apple, google or fb in our case). So every time you start the game a random id is generated and stored and used.
  • If you then connect a social auth provider, it links that account to this generated id, but the social auth provider won’t be used for authentication.
  • If you link an account already connected to another player account we’ll ask if the player wants to load that account instead.

The problem arises when you want to load an already existing account, we’d don’t want to rely on that social auth provider for every session from that point forward. Ideally social auth providers are just there for the initial fetching of an account, and then we’d use a custom auth method that only relies on Nakama. So we could possibly fetch this custom id, but that might not be safe?

What would be the best practise, and preferably to avoid having to authenticate with apple/google/fb every session.

EDIT: Seems like the IApiAccount always has the CustomID, so I’ll just fetch that after logging in with apple/google. That might be ok.