OAuth provider(s) option

[colinmacdonald]

Allow Ouija to be configured with different OAuth providers (twitter, github, etc.).

List of auth providers available using GoInstant's auth api: https://developers.goinstant.com/v1/auth_api/providers.html

The option part is easy enough but would need styles for each provider. We may also want a way to have multiple providers configured, would need to think about what that would look like in the view.

[halfdan]

Dibs.

I think it would be great to replace the rather large Twitter button with simpler font-icons (e.g. http://shoestrap.org/downloads/elusive-icons-webfont/)

[colinmacdonald]

Good idea, can pretty easily fit up to 5 icons in there no problem.

[halfdan]

I’d like to expand on this idea:

I haven’t delved into the GoInstant API yet, but would it be possible to instead of configuring OAuth providers in Ouija to fetch activated providers for the application? This way we could simply show the login options that are activated for the GoInstant application.

If an API endpoint for checking for activated identity providers doesn’t yet exist: Feature request :100:

Edit: Seems like this is possible: https://developers.goinstant.com/v1/rest-api/apps/auth-settings.html

[colinmacdonald]

Yeah, it's totally possible to auto-configure the OAuth provider(s) as part of the setup.

I guess I'm wondering when this configuration would happen. Would it be part of the manual install or can it happen when the ghost blog is restarted?

[halfdan]

Hm. I meant this to be done on the fly - so when Ouija is already running on the website. Before showing the login window (currently only Twitter), fetch the activated identity providers for the configured GoInstant app. This way a user wanting to activate a new login option on his blog would only need to activate the provider on the GoInstant side.

[colinmacdonald]

So we would have to go and fetch the oauth providers each time a blog post loads and it would have to be done all server side.

[halfdan]

We could use localstorage/cookies to store oauth providers after an initial fetch.

[colinmacdonald]

If they did change after the initial fetch it could break, that case should be rare though.

[halfdan]

We could also make this an option:

ouija_oauth_provider with settings: auto (as described, auto-discover) or an array of oauth providers to use: ['twitter', 'github']. This way people that don’t want the additional roundtrip can opt to just specify the providers in the config.

Localstorage/cookie would have a relatively short expiry (e.g. 1 hour) - so changing the settings wouldn’t have a big impact.

[colinmacdonald]

yeah, i think that probably makes the most sense. Default to auto, let them override it.