I am getting ready to add login to my app and want to make sure I understand correctly before I start. Using GitHub as an example, I'll send the user to https://github.com/login/oauth/authorize with a scope and state parameter... and they'll send them back to the url saved in their settings... Ory will handle the rest... then redirect them to the url I have saved in the console... and I use the

whoami

API to get session data? I'm a bit confused on the flow parameter with the managed UI and whether I need it or not. Also, should I be saving extra user info with Ory, or mapping identities to my own database?

That works for the managed UI @flat-flower-81031. I'm building my own button and also need to store more user data than I'm requesting permissions for. For the latter I was wondering if it was possible to store small amounts with Ory or if I need to store it in a database with the rest.

The flow id is used to maintain state between redirects.

So GH takes it and sends it back?

You don’t need to send the flow id to github. I think the oauth callback handles it.

Ok great. I already played with it. I don't need to maintain anything, just need to know who a user is whenever they perform an action.

I guess technically the flow id is in the query string for this request, https://www.ory.sh/docs/reference/api#tag/frontend/operation/updateLoginFlow