Password grant flow

[lucagez]

Why

Goth is probably the current best authentication library in the Go ecosystem but it is lacking direct username/password flow. Adding Password Grant flow is likely to increase adoption.

How

This PR adds a direct provider implementing the Password Grant flow as a Goth provider. Implementation works as follows:

sequenceDiagram
    participant Client as Client
    participant Server as Server
    participant DirectProvider as DirectProvider
    Client->>Server: GET /auth/direct
    Server->>Server: Creates empty session and redirect to AuthURL ui
    Server-->>Client: 
    Client->>Server: POST /auth/direct with email & password
    Server->>DirectProvider: IssueSession(email, password)
    DirectProvider->>Server: Return Session with AccessToken
    Server->>DirectProvider: FetchUser(email)
    DirectProvider->>Server: Return User data
    Server->>Client: Return authenticated user data or error

This implementation aims to be as consistent as possible with the existing patterns in the codebase, meaning that it is designed to work seamlessly with the existing utilities (like CompleteUserAuth). As such, this feature appears as the addition of an additional provider.

Note: Not coupling the password grant to the CompleteUserAuth function has a small disadvantage. It is not possible to perform a request directly by providing a form, as an empty session is still not created but needed to progress through the CompleteUserAuth function. As a result, an intermediate redirect occurs, creating the required session for login. This is not ideal, as a "standard" user login page typically displays the login form right away. Please let me know if anyone has better ideas on how to handle this.

@techknowlogick let me know what do you think

[dgduncan]

Just for curiosity what happened with this PR. Is this repository no longer being actively maintained?

[aircliff]

Can this PR be merged please?

[lucagez]

@markbates do you have any feedback on this? Should we close this PR?