Implement Yandex OAuth essentials

[vityaman]

• Need a Yandex OAuth client (write custom or use a library)
• Authenticate via code as we don't have a frontend and also it will work in telegram?

Requirement for #79

References

• https://github.com/vityaman-edu/web-taparia-nest-react/blob/trunk/backend/src/auth
• https://yandex.ru/dev/id/doc/ru/codes/code-and-token
• https://datatracker.ietf.org/doc/html/rfc6749
• https://learn.openapis.org/specification/security.html

[vityaman]

Design draft

REST API

typealias TokenPair = (RefreshToken, AccessToken)

// Exchange a given refresh token to new tokens pair
POST   /auth/token/refreshed: (RefreshToken)     -> TokenPair

// Invalidate current tokens pair, logout
DELETE /auth/token:           (AccessToken)      -> Unit

// Sign in via yandex id and create a new user if not exists
POST   /auth/token/yandex:    (YandexOAuthToken) -> TokenPair

// Extension points
POST   /auth/token/github:    (GitHubOAuthToken) -> TokenPair
POST   /auth/token/vk:        (VKOAuthToken)     -> TokenPair

Database

CREATE TABLE lms.user (
    id              serial      PRIMARY KEY,
    creation_moment timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP
);

CREATE TABLE lms.auth (
    user_id            integer      PRIMARY KEY REFERENCES lms.user(id),
    refresh_token_hash varchar(256)
);

CREATE TABLE lms.auth_yandex (
    user_id            integer      PRIMARY KEY REFERENCES lms.user(id),
    id                 integer      NOT NULL,
    login              varchar(256) NOT NULL
);