search

SundayServiceVR / sunday-service-vr

1 stars 1 forks source link

Add Discord auth for DJs to create and edit their account/info #64

Open atomicpeach opened 3 months ago

atomicpeach commented 3 months ago

There are ways to utilize the Discord OAuth and generate a firebase token to attach it to an account for auth within the program. We can leverage this to both create new DJ accounts and allow existing DJs to edit their information of their own entity. This can further be utilized for the DJ signups page.

The user will be shown a Discord Sign-in option on the login page. This will take them to the discord OAuth gateway, which will callback to an auth page that catches this information and sets up the firebase auth tokens thru firebase's system. Once the firebase auth is generated, the user is then logged in.

The DJ user page will be editable only if the auth'd user ID matches the DJ ID (or the logged in user is an admin).

Will likely resort to using JWT for session management but I need to look into the best solution here for firebase.

lebull commented 3 months ago

👍 👍 👍

atomicpeach commented 1 month ago

This is a major overhaul of the app. You'll need to create your own .env file based on the example. I left the discord scopes plugged in but everything else is project dependent.

I had to spool up a dev project to be able to test the discord functionality. If we want to use this for further testing, I can send over the firebase config info. We can also spool up another discord project and share that info as well.

There is no front-end functionality yet, only the API to login and create a new account if one doesn't exist. We'll also want to think about how to update user/DJ info, update the firestore rules to leverage the new user info, create a more robust newUser() function that checks for existing DJs by name first (in case we manually add them before they log in - although this should just be a one-time things for us to merge accounts).

atomicpeach commented 1 month ago

I did try to leverage the Secret Manager and parameterized config per the docs but because most of this is middleware, it was not cooperating. The secrets really only work in true functions and thus I fell back to using .env.