I'm going to use this opportunity to transition my users off social loggins altogether.
I used Google and Facebook when first building the webapp because I simply didn't want to do the work of building an authentication system. It's lots of work to get right.
About a year ago I had a lot of users complain my site _only_ had social logins so I had to implement my own anyhow.
Now I have it, I don't see a lot of value in keeping the social logins around.
I just need to ask users to add a password to their account and they can login using email/password combo.
I don't know your audience, so perhaps this makes sense.
I don't want to remember or keep track of yet another password for a random web site. If the web site requires login and doesn't support Facebook/Twitter/G+ login, then I'll likely give up and avoid the page.
I think there are a lot of users who feel the other way around, they can't trust "some random website" with their facebook / G+ identity. They would rather just make a throw away account with some easy to remember password.
I would agree that this is a major flaw, if the "scope" were unrestricted. But most of these systems support a capability-style model where you can say: "I give you permission to let me log in as myself, for this particular web site. But you have no other authority to do anything else as me." For example, "email" scope: https://developers.google.com/+/api/oauth#email, or the Permissions in Facebook login: https://developers.facebook.com/docs/facebook-login/permissi...
Another reason why I don't feel happy about forcing people to make passwords for random web sites: most people are really bad at understanding risky computer behavior. Do you have a parent or relative who uses the same password for everything? I do. Despite my best efforts to warn them, they are not convinced that this is a dangerous thing to do. I don't think they're alone in this. Education is not enough.
I used Google and Facebook when first building the webapp because I simply didn't want to do the work of building an authentication system. It's lots of work to get right.
About a year ago I had a lot of users complain my site _only_ had social logins so I had to implement my own anyhow.
Now I have it, I don't see a lot of value in keeping the social logins around.
I just need to ask users to add a password to their account and they can login using email/password combo.