User authentication

[maclover7]

This will be implemented by Omniauth via Facebook. (Twitter and others too? Comment below if you ideas about more providers)

[eric-johnson]

If we use Omniauth (which I'm just reading about for the first time) then it looks like there's a long list of gems implementing various providers.

I'm thinking

1. Facebook
2. Google
3. Twitter
4. login/password (perhaps for development only) using Identity

Assuming this app won't accept payments, I feel like it would be nice if we went further and had some kind of programatic vetting to prevent abuse.

[maclover7]

1. Agree we should authenticate with multiple providers. Probably a good idea to start off with only one at first (I'm thinking Facebook) and then expand from there.

2. Not sure how we defend against spammers, open to ideas about this! :)

[eric-johnson]

I'm creating seed data right now, and as I'm creating users I'm realizing that the only way I'll be able to log in as these fake users is to link them with Facebook test users.

Can we use the Developer omniauth strategy to make development/QAing easier? I've been toying around with it locally and the only weirdness I've seen is that it's making a POST request to auth/developer/callback instead of a GET like Facebook.

[maclover7]

I'm 👍 on that -- just make it so /auth/:provider/callback accepts GET and POST requests, and you should be all set.