When the user clicks a social login button (Facebook, Twitter, Linkedin, etc), the corresponding social network application is activated. This establishes a connection with the social networking site itself at which point the user is prompted to identify themselves by entering their login credentials.
Requesting user permissions is the most important step in the user login journey because without explicit user consent, you cannot access any of the user's social data. You decide which user permissions to request based on what social user data you would like to know about each user.
For more information on which user permissions you can request, have a look at our Social Login Buttons guide.
Each social network handles user authentication and the request for user permissions slightly differently. In effect the social login experience for each social network mirrors the regular login steps that a user would experience when logging on.
Facebook separates the Authentication and Permissions into 2 steps.
Google separates the Authentication and Permissions into three steps.
After identifying themselves by entering their gmail address, the user then enters their password on the next screen (not shown), after which the user can review the Permissions being requested and then choose between "Allow" to grant all requested permissions, or "Deny" the requested permissions.