Open-Assistant icon indicating copy to clipboard operation
Open-Assistant copied to clipboard

Published 20 hours ago verified publisher icon LAION-AI

857: Implement backend Discord authentication

Open olliestanley opened this issue 2 years ago • 6 comments

Addresses #857

  • Adds Account table to the backend to link external provider accounts to OA users
  • Adds ability to authenticate via Discord to obtain a backend-generated JWT for a Discord-linked user

Does not add ability to link accounts yet.

olliestanley avatar Jan 26 '23 17:01 olliestanley

I'm glad to see someone picking up where I'm slacking off now that I got a little busy with work.

I think this generally makes sense. Before we add the login methods to the backend, I was initially planning on making sure we can share the website's JWT token with the backend so the backend could verify users via JWT.

This would let the website team then remove all our custom website API routes that proxy calls to the backend and instead call the backend API directly from the client side safely.

Then I wanted to figure out how to create the JWTs on the backend using both Discord and Email Magic Link type oauth methods.

I mainly thought that ordering would make sense since we ideally could port the website's auth table into backend's auth table. Those auth tables are somewhat complex so I didn't want to do it too quickly.

What do you think?

This seems logical to me. To be honest I don't really know how the website works currently (w.r.t your mentions of website JWT tokens, website auth table). My approach here was going to be OAuth with Discord (and then Email) with the backend then generating a JWT. The backend User table is currently a bit of a mess so I was also planning to use a new table (AuthenticatedUser) but we could use the existing one with a bit of extra work

olliestanley avatar Jan 27 '23 16:01 olliestanley

I'm glad to see someone picking up where I'm slacking off now that I got a little busy with work. I think this generally makes sense. Before we add the login methods to the backend, I was initially planning on making sure we can share the website's JWT token with the backend so the backend could verify users via JWT. This would let the website team then remove all our custom website API routes that proxy calls to the backend and instead call the backend API directly from the client side safely. Then I wanted to figure out how to create the JWTs on the backend using both Discord and Email Magic Link type oauth methods. I mainly thought that ordering would make sense since we ideally could port the website's auth table into backend's auth table. Those auth tables are somewhat complex so I didn't want to do it too quickly. What do you think?

This seems logical to me. To be honest I don't really know how the website works currently (w.r.t your mentions of website JWT tokens, website auth table). My approach here was going to be OAuth with Discord (and then Email) with the backend then generating a JWT. The backend User table is currently a bit of a mess so I was also planning to use a new table (AuthenticatedUser) but we could use the existing one with a bit of extra work

Okay cool, starting with Discord OAuth on the backend to generate a backend generated JWT makes sense. Its possible we can skip trying to deal with the web's JWT token (that's turning out to create a lot of decryption problems in my branch).

For table structure., I think what NextAuthJS put together makes a lot of sense. There's a User table that has all the core fields for a user and then a linked Accounts table which includes any third party auth data (like from Discord). You can see the schema in website/prisma/schema.prisma. Replicating that would allow us to include Email, Discord, and later other OAuth providers like Github pretty naturally.

fozziethebeat avatar Jan 28 '23 07:01 fozziethebeat

Note: I think I just got JWT decryption working in my branch. We can get and decrypt the web's created token branch.

Whatever we do here, we should replicate JWT encryption and decryption. Since this is what NextAuth does it seems like reasonable defaults.

fozziethebeat avatar Jan 28 '23 08:01 fozziethebeat

Note: I think I just got JWT decryption working in my branch. We can get and decrypt the web's created token branch.

Whatever we do here, we should replicate JWT encryption and decryption. Since this is what NextAuth does it seems like reasonable defaults.

Ok sounds good. Tbh I had not noticed you already had a branch when I started this! Sounds like the best use of my time here is going to be looking at the Discord OAuth

olliestanley avatar Jan 28 '23 11:01 olliestanley

Note: I think I just got JWT decryption working in my branch. We can get and decrypt the web's created token branch. Whatever we do here, we should replicate JWT encryption and decryption. Since this is what NextAuth does it seems like reasonable defaults.

Ok sounds good. Tbh I had not noticed you already had a branch when I started this! Sounds like the best use of my time here is going to be looking at the Discord OAuth

That would be exceptionally helpful!

fozziethebeat avatar Jan 29 '23 06:01 fozziethebeat

Had a look into Discord OAuth this morning and just pushed some initial code. Needs a lot of cleanup so I'll be going back over it later today but if anyone has comments/suggestions feel free to jump in

olliestanley avatar Jan 29 '23 12:01 olliestanley