Support overarching OAuth provider

[erlend-sh]

Say I wanna bundle Kitsune together with some other app-servers as part of a omg.lol-like service.

For this type of hydra-service, a unified login is necessary. The best open source provider of that atm seems to be https://www.ory.sh — They also have an actively (auto-)updated Rust client.

So that as a user, I’d just sign up on Weird.one and once signed up I would already have accounts on Revolt-net, Kitsune-net etc.

Related:

• 2

• https://github.com/commune-os/weird-rs/issues/8
• https://github.com/authifier/authifier/issues/35
• https://github.com/revoltchat/revolt/discussions/103

[aumetra]

We probably need an OIDC provider for this, because of the additional information, such as the username and the email, that should be managed (at least for the first registration) by the authorisation server.
But ory (and most other SSO providers, such as Keycloak) seem to support OIDC, so I don't see a problem there.

Something interesting we could attempt add as well is a "synchronise with OIDC server" API call that updates the email, profile picture, etc. with the information provided by the OIDC server via the UserInfo endpoint.
Since OpenID Connect is an open standard, I'm gonna try to only use standard calls whenever possible, to automatically include support for a wide range of SSO solutions (like, for example, the aforementioned Keycloak or Dex).

I'm gonna try to split this up into smaller issues later.

---

Possibly useful crates:

• openidconnect

[aumetra]

Another reason why I'm interested in this is to support existing setups some people who self-host multiple services might have set up for themselves.
They might have an SSO solution set up to manage the logins in a central way, so updating emails or passwords or 2FA isn't such a hassle.