Replace custom (o)auth by well-supported libraries

[dokterbob]

Is your feature request related to a problem? The current auth implementation yields a lot of issues. But auth is not by far the USP for chainlit and arguably, it will never be.

In addition, rolling your own auth yields a plethora of security risks. Security is hard. In short, unless you're a security expert, if you roll your own authn/authz, sooner later, you will fail.

Describe the solution you'd like But we don't have to fail! There's great and well supported libraries for handling (o)auth.

For one, FastAPI has built-in oauth authorization (as a server): https://fastapi.tiangolo.com/tutorial/security/ In addition, there's fastapi-oauth2 which seems to provide world-class support of a plethora of oauth providers (as a client): https://github.com/pysnippet/fastapi-oauth2

The combination should allow us to ensure:

1. Better UX (e.g. no quirky redirects, working logout,
2. Significantly better security (consider that we might be handling confidential conversations!).
3. Better provider support (have a look: https://github.com/python-social-auth/social-core/tree/master/social_core/backends).
4. Less code and so less maintenance.

Plan of action We'd have to lay out a clear roadmap, this would deprecate a lot of code and break a lot of UX. Arguably, this is the biggest challenge about such a change.

At this point, the issue merely serves as a 'test balloon'. Do maintainers/devs and community members want/need this? Is it feasible? Something I glanced over?