Replace social login with own user management

skuzzle commented 4 years ago

Given the fact that I do not want to allow external sites tracking my users, requiring a google account to enjoy all the features seems a little odd.

It should be possible to create CMP native user accounts
Google login should still work for those who don't care
It should be possible to shift counters assigned to google accounts over to a native CMP account
Maybe integrate furhter oauth providers like GitHub, Twitter ,..?

Open Todos:

[x] Use JWT sub claim to report unique user id(=email) and use custom claim to report the user name
[x] In swarm deployment, the authorization server is not reachabel via its public domain from within the frontend container. WTF?
[ ] Configure authorization-server's client registration via properties. Allows to store client password as docker secret and to have feature specific redirect urls
[x] Find a way to support multiple JWKS URI to support Google and CMP authorization server at the same time (Build custom JwtDecoder that tries multiple keys)
[ ] User is logged out when access token is expired. Need to use the refresh token to renew login (See OAuth2AuthenticatedClientManager)
[ ] Build workflow to assign counter from google to native cmp. Or maybe better: from one oauth provider to another
[ ] Add issuer endpoint in auth server: https://tools.ietf.org/id/draft-ietf-oauth-discovery-08.html
[ ] OAuth (frontend) client currently queries the user info endpoint though all information are allready contained in the token
[ ] Maybe externalize token signing key instead of regenerating it on reboot?

skuzzle commented 4 years ago

Important links: Official OAuth Page: https://oauth.net/2/

skuzzle commented 4 years ago

skuzzle / cmp