support for OAuth providers

[siddhantk232]

https://github.com/siddhantk232/fastn-gh-auth-test tried using the already implemented github auth. Most of it works except:

• the github_client() in fastn_core/src/auth/github/utils.rs is not able to read env vars (FASTN_GITHUB_CLIENT_ID and FASTN_GITHUB_CLIENT_SECRET) for some reason (need investigation). The test repo manually adds the GITHUB_CLIENT_ID to the url to make it work.

• ftd.navigate("http://localhost:8000/-/auth/login/" + "?next=http://localhost:8000/check") works differently in brave and firefox. Works as expected in firefox and redirects to url with correct query params. In brave, redirects to localhost/check. Needs investigation

Some thoughts:

• /-/auth/login/ route handler defaults to the github provider rn. The default provider should be configurable through config files or env vars.

• the /-/auth/logout/ clears the github cookie. This should be made provider agnostic. Maybe dedicated logout urls for each provider.

• Each provider module should have the ability to register routes (github provider will setup github url callbacks and /-/auth/github/{login,logout}/ and will handle it). The provider module should also handle reading any required env variables and gracefully erroring (http error with msg "you need these vars configured to use this auth"). Additionaly, each provider should enabled by config or env var. Eg: To enable github config, set ENABLE_GITHUB_AUTH=true to enable /-/auth/github/{login, logout, callback}.

• I see that we can create processors for ftd in rust. Have we considered implementing all of this auth in userland (in ftd) maybe in a separate 1st party package. Idk if it's possible? The advantages of this would include: don't have to wait for new fastn releases to get new auth providers, existing impls will serve as a reference to create new oauth providers in ftd, we will use more ftd more and not rust

[amitu]

implementing all of this auth in userland

I would love that. We will have to implement WASM support. It is def in plans, just that we want to build this feature before WASM support.

[amitu]

Each provider module should have the ability to register routes

This makes more sense when we have WASM etc there, for now we are doing the simpler thing.

[amitu]

dedicated logout urls for each provider

This sounds like a bad idea. User's intention when they click on logout is to logout. Logout should destroy session and delete all auth related cookie etc.

[amitu]

The default provider should be configurable through config files or env vars.

This is clearly the plan.