User Authentication

[sr229]

We have the option to use two of the following:

• an dApps Auth using your Ethereum wallet as your credentials, preferrably MetaMask.

• classic SSO by a third party.

This should allow us to implement permissions for #2.

[Ovyerus]

I reckon we should use Reddit OAuth for third party logins, seeing as we'll be dealing with some stuff from them anyway.

[sr229]

the way I see it we might also add integration from them as well if our URL got posted there

[Ovyerus]

What do you mean?

[sr229]

@Ovyerus Redditbooru automatically checks if certain link exists on Reddit, if it does then it provides some metadata but I don't think we should do that.

[sr229]

Assigning @Ovyerus for this. We can use the OAuth spec for this so you can bother around by supporting Reddit first. You can do Discord as well if it fancies you.

[sr229]

This would be our Login Flow:

• User logs in via a supported OAuth provider (Reddit, Discord, etc.)
  • Generate JWT and check if user already exists via redditLink.
    - If we have a matching user via redditLink, then proceed with just Login, if not, redirect them to the checkpoint page where a reCaptcha page would validate them if its a robot. Once validated, perform a POST to /api/user/.