Baked in OAuth support

[watzon]

It would be nice if Authentic could integrate some of the functionality that MultiAuth provides and allow for an easy OAuth authentication flow. In the short term it would be nice to at least take OAuth into account, because right now Authentic doesn't work without encrypted_password.

[paulcsmith]

My rough plan is to make it so an Authenticatable (typically User) has_many credentials : Authentic::Credential. Which can be one or more credentials. So you could have email/pass, or google, or both. This would also require re-working the generators in Lucky which I'll need to figure out

The other downside with has_many is that it is hard to validate that there is at least one. The alternative is to credential column that would allow just one provider (email/pass, google, etc). This is much safer, but also less flexible. I'd love to figure out a way to guarantee that there is at least one credential...but we'll see. Maybe we can think of something that is the best of all worls

[paulcsmith]

Thinking out loud: maybe we have a columns primary_credential and primary_credential_provider that is non-null so we guarantee there is one. Then (maybe optional?) has_many secondary_credentials : Authentic::Credential.

This may be our best of both worlds approach.

[watzon]

@paulcsmith that could work

[stephendolan]

@matthewmcgarvey / @jwoertink I'd advocate for striking this from our 1.0 roadmap. I've implemented OAuth twice now, alongside passwords and in place of passwords, and it's been really quick with this shard: https://github.com/msa7/multi_auth

Here's an example of an app User table I'm building that just uses Google OAuth, which took me ~1 hour to implement from the default-generated CLI application, and works quite well:

I could certainly see some kind of task in Authentic in the future that used something like my Spark shard to add this functionality to an existing app with a new oauth_credentials table or something, but this seems less critical for 1.0 now than it previously did.

[jwoertink]

Yeah, we won't get OAuth baked in for 1.0. Plus it seems like something that could be added after 1.0 without breaking stuff.

On a side note, we could add a link to that multi_auth shard in the new community section of the site.

[stephendolan]

Cool, I'll remove it from that Milestone for now.

Yeah, either the Community section or an "Adding OAuth" tutorial would serve the purpose of getting folks up and running!

We'll just want to make sure something in the Algolia-indexed search results can still find it so that searching "oauth" would yield results.