General OAuth Integration Discussion

[CptPie]

Issue #35 intends to implement an integration point for external OAuth providers.

In my current planning a Authentication struct is created to manage the different authentication methods (OAuth, Local Login) in one single (uniform) structure.

type Authentication struct {
    Id int //used to link the struct to a user
    Password string
    PassDate time.Time
    AuthToken string
    RefreshToken string
    RefreshDate time.Time
}

The user struct would be modified accordingly with two possibilities that are tbd:

type User struct {
	Id         int
	Name       string
	Email      string // nil if user didn't opt-in.

	AuthProviders []Authentication

	NotifyCycleEnd      bool
	NotifyVoteSelection bool
	Privilege           PrivilegeLevel

	RateLimitOverride bool
	LastMovieAdd      time.Time
}

or

type User struct {
	Id         int
	Name       string
	Email      string // nil if user didn't opt-in.

	LocalAuth Authentication
	DiscordAuth Authentication
	PatreonAuth Authentication
	TwitchAuth Authentication

	NotifyCycleEnd      bool
	NotifyVoteSelection bool
	Privilege           PrivilegeLevel

	RateLimitOverride bool
	LastMovieAdd      time.Time
}

While the first option would enable future expansion without modifying the user struct it would require having a type field in the Authentication struct which would require some iteration when selecting the correct authentication method for the login.

Any feedback would be appreciated.

[zorchenhimer]

While my initial reaction would be to opt for the more extensible AuthProviders []Authentication approach, this would complicate things more. And if I'm being completely honest, I don't see the need for a billion OAuth sources. If there's another that's requested frequently enough (eg, Google OAuth), it might be worth editing the User struct.

At any rate, I feel like I've blocked this issue long enough by not giving a proper answer. Write it whichever way you feel would be best. At this point I'm ok with code that isn't ideal but gets the job done. If it works it can be fixed "later" if needed.

For the record, I have no issue with using different URL endpoints for each OAuth method that do the actual login (eg /oauth/twitch handling all the Twitch specific forms and redirects). Links to use OAuth should probably just go on the current login page as a "Login with [Service]" type of button and should enabled/disabled by a server config value.

[CptPie]

For now i think i'll play around with the slice idea, but if it ends up to be too messy i'll just hardcode the structs as specific fields.

Regarding the endpoints: since it is needed anyways, i already do it that way.