Google Sheet - OAuth "client" powered integrations

[JhumanJ]

Context

In https://github.com/JhumanJ/OpnForm/pull/346, we completely refactored integrations. Before you could only have 1 integration of each type (email, slack, webhook etc) for each form, and these integrations were in the form editor. Now there's a dedicated section for integrations, and it's possible to create multiple integration of the same type for each form.

Related guides:

• https://help.opnform.com/en/article/where-are-my-form-integrations-email-submission-confirmation-email-notification-webhook-zapier-slack-discord-ixxg6d/
• https://help.opnform.com/en/article/can-i-trigger-another-service-whenever-my-form-receives-a-submission-webhooks-6nrnfn/

Code-wise, we refactored integrations so that they all share more code, same triggers etc. Making it much easier to add new integrations. We're now missing 2 last pieces to make it super easy to add integrations, both are related to authentication with external services:

• Oauth as a client: to be able to integrate directly with services like google sheet for instance. We need to be able to store the credential of a User for a given application.
• Oauth as a server: to allow automation tools like Zapier for instance to connect to our users account on behalf of them. To create new zaps etc.

The goal of this issue is to handle the first case Oauth as a client, and to create our first client integration "Google sheet" while working on this.

About the GSheet integration

Here's the flow:

• User click on new GSHeet integration
• They select an existing google account they shared with OpnForm, or they can share a new one
• They finalize the creation, which creates a new google sheet in their drive where form submissions will be sent
• On the integration list page, the Gsheet integration cards should have a white button to open the google spreadsheet
• Just like for webhooks integrations, errors when trying to add rows to the google sheet should be tracked via the integration events

Some requirements:

• Users need to be able to connect multiple service accounts of the same service provider (e.g. multiple google accounts)
• For a each integration they should be able to select which account to use (depending on the integration type of course)
• Token/crendentials etc should be store encrypted in the db, and in general security best practices must be used

Implementation suggestions

This open to discussion but here are some thoughts.

• Soon we will add the team feature in OpnForm, so multiple users will be able to create integrations for the same forms/workspaces. Oauth credential or "oauth provider" for Integrations should probably be linked to users, and not workspaces to avoid having one user messing around with another's accounts. So,
  • oauth provider belong to users and are used by form integrations
  • On form integration, who's the creator of the integration and which oauth provider account is connected to this integration
• Need to create a new controller to manage Oauth providers for integrations (again, OpnForm being the oauth client) - CRUD operations
• Need to create a new section in the settings so that user can managed their connections with other services (see all accounts connected and remove them - check that not used by an integration before remove)
• We already have an oauth_providers can we use it?

More thoughts

As mentioned above, after this we'll want to add support for the opposite: authenticating with OpnForm on other services like Zapier or make. Currently we're using JWT tokens and not passport. We can already start thinking/prepare this.

• What's the easiet way of achieving this? Can it be done with JWT or do we need to migrate to passports?
• Has this new oauth provider controller anything to do with this next step?