Sign-up/Sign-in using Google OAuth

[sahilbhatia]

• [x] Design presentational (pure functional) components for Login page (Reference design for login form: https://getbootstrap.com/docs/4.4/examples/sign-in/) NOTE: Our Google SignIn button will appear below "login" button)
• [ ] Install & configure "react-router" npm package (use History API) (https://reacttraining.com/react-router/web/guides/quick-start/installation)
• [ ] Define routes for: "/login", "/logout", "/gauth-success", "/gauth-failure"
• [ ] Install and configure toaster notifications (https://github.com/teodosii/react-notifications-component#getting-started)
• [ ] Install and configure Apollo GraphQL (https://www.apollographql.com/docs/react/get-started/)
• [ ] Logic to exchange OTP + encrypted cookies for JWT token

[jahio]

Just wanted to provide you an update here, Sahil, pertaining specifically to:

Logic to exchange OTP + encrypted cookies for JWT token

Right now in the go-backend this is almost complete (I anticipate I'll have this finished in the next day or two). The way this works is, you'd have a URL you send the user to in the front-end of the app, then using Google's dashboard you tell them where to redirect after a successful login. When they do, they'll provide a URL encoded variable called "code" (/gauth-success?code=abc123xyz).

Right now my golang authentication function is set up to need that same code variable (by that name) and value since using that code is how we get information from Google about the user (like their email address). Once we fetch that info from Google under the hood, the go-backend will respond with a JSON Web Token (returning that token is what I'm working on right now).

Now, we can change the URL your front-end will ask for the token (while providing code), and we can change the variable name of code to whatever you want to use. Just let me know how you want that done.

Hope this helps bring some clarity to things. Let me know if you need me to do anything different, or have any questions.

[jahio]

Update: What I mentioned before is complete. @the-spectator is still working on logout and middleware to check the token on each request, but the issuance of JWTs (and denial if no org or org not in our DB) is finished.

Here's a screenshot of what it looks like when a user is successfully authenticated now (this is the JSON response body you'll get with success):

And here's a screenshot of what happens when a user with no domain associated with them tries to login (I used my "bogus google" account for testing this, just a personal account with no organization associated with it):

To demo this yourself:

1. Check out the session-mgmt-25 branch
2. Blow away your database and recreate it just blank:

   $ psql -d postgres -U youruser
   > DROP DATABASE peerly;
   > CREATE DATABASE peerly;
   > \q

3. Run make migrate to get all the necessary tables in place and some data in those tables.
4. Run make server
5. Open this link to start the login process at Google
6. Login with an account of your choosing
7. You'll be redirected back to the go app and you'll get a JSON response with either an error if it happened, or a successful response with a JWT in the body. There should also be a JWT in the Authorization header too.

Let me know if you need any tweaks to this or if you have any questions.