Authentication

[rfabricioflores]

1. Integrate OAuth2 with Github Configure Spring Security for OAuth2 authentication Test the authentication using GitHub credentials

2. User roles and permissions Define user roles and permissions based on OAuth2 authentication Implement authorization checks for different endpoints/actions

Apart from OAuth2 with Github shall we provide our own JWT Auth for more flexibility? JSON Web Token (JWT) authentication is a common approach to secure Single Page Applications (SPAs). We could implement "JJWT" with Spring security if we agree to implement this.

[Rasmus3liasson]

Do we think we have any scenarios where combining these two authentication approaches would be beneficial? Believe this project doesn't require stateless authentication, and we should rely on the access token provided by GitHub through OAuth. Implementing JWT authentication might result in unnecessary configuration unless we have a specific use case for it.

While I'm currently leaning towards not implementing JWT authentication. That said, I'm totally open to integrate a combination of these two if we consider it a better approach.

[rfabricioflores]

Do we think we have any scenarios where combining these two authentication approaches would be beneficial? Believe this project doesn't require stateless authentication, and we should rely on the access token provided by GitHub through OAuth. Implementing JWT authentication might result in unnecessary configuration unless we have a specific use case for it.

While I'm currently leaning towards not implementing JWT authentication. That said, I'm totally open to integrate a combination of these two if we consider it a better approach.

Yes, indeed this is not really beneficial right now.