Backend

How to securely authenticate users from Facebook?

Hello. How to properly authenticate users through social networks using Facebook as an example?
The logic seems to be simple. On the backend, it's just an API server with JWT. There is a users table and there is a table for social accounts, with the following structure:

where userId is a foreign key, and socialProviderId is the user id in the social network. Because in the system and users who enter as usual, through a login and password, and users logging in through social networks, then the registration procedure looks like this:
FB returns such an object from the login application:

{
    "name":"имя и фамилия",
    "email":"почта",
    "picture": {
        "data": {
            "height":50,
      "is_silhouette":false,
      "url":"",
      "width":50
    }
  },
  "first_name":"имя",
  "last_name":"фамилия",
  "id":"id"
}

I create a random password, write down the data in both tables. And it turns out that the only unique invariable thing in all this is the user id in the FB application. And only on it you can authenticate the user.
And the question is, is it safe? I see that the user id in the FB application is not equal to the user id on the FB itself, but this id is in the link to the profile picture, and it turns out that it can no longer be used on your site. What other moments are there? What is the best way to do it?