Implement "Login with Google" auth feature

[deepakduggirala]

@charlesbrandt

• How to differentiate between accounts of the same user logged via IU vs google. keep as separate accounts / merge them? Currently, only one email can be stored per account, how to handle multiple (@gmail and @iu.edu) emails while also ensuring uniqueness?
• Login vs Signup: Allow new users to create accounts? or an operator / admin should create the account and only then they can log in?

Add auth_mode to user table in UI which show the mode (google, IU) of the last successful login.

[charlesbrandt]

Great questions, @deepakduggirala . I imagine it will be simpler to create different accounts for each different login method used. I think that's okay for this application. Ideally a user will only use one login method. In addition to Google, we should also aim to support CILogon: https://www.cilogon.org/home

If you want to support using different auth providers per individual user account, that's also ok.

For Login vs Signup, the default mode should require an operator / admin to create the account. With the potential of sensitive information being stored in the system, new accounts should at a minimum require operator / admin approval.

In the future we could explore an "Account request" feature where a new user could fill out a form to specify which collaborators / projects that they need access to. The requests could be tracked in a queue. This would allow the operator to confirm with the data owners before granting access. This also moves into the realm of Data Governance. We will likely need to tackle this in greater depth in the context of the Indiana Biobank project. In that case it probably makes sense to keep this auth feature implementation as minimal as possible to meet the requirements of allowing federated auth.