[Backend Rewrite] Pluggable authentication

[RobbinBaauw]

• Allow for pluggable authentication, i.e. allow the user to choose the authentication method they want when signing up (e.g. our own username/password, an OAuth server etc). I think for now we want to support username/password, OAuth & OpenID Connect (for https://connect.ch.tudelft.nl/)

[timanema]

It might also be a good idea to allow people to change later on, instead of only letting them choose when signing up

[NULLx76]

The nicest way (IMO) would result in people being able to add multiple sign-in methods to a single account (mirroring the sign in with X some other websites provide) which could also prove useful when NetID or CHConnect is inevitably down for a bit.

[J00LZ]

So you primarily sign up with a CSHub account, and then can add other accounts like with Gitlab?

[NULLx76]

I don't necessarily think a primary (user facing) sign-up is needed, just that whatever you use will result in a "CSHub account" on the backend. And then after creating an account you can add/remove sign-up methods how you like provided at least one remains?

[RobbinBaauw]

Yes that sounds good. Maybe we should have a user table in the central database with some basic user data that all auth methods should provide, and then each auth method can be external or a microservice. They keep track of things like passwords and such, and are linked to a cshub user. Do you mean something like that?

[NULLx76]

Yeah indeed something along those lines