Refactor authentication

[pmeier]

Currently, the basic auth, i.e. username / password, is hardcoded in the UI. We did that to meet our presentation deadline. In the aftermath however, we need to lift this and actually implement the UI part as part of the authentication class:

https://github.com/Quansight/ragna/blob/62098457588cef258f4ea6a8b35989257559a27f/ragna/core/_authentication.py#L13

This would enable us and users to switch the authentication method smoothly.

[pmeier]

We need to tackle this as this is a major blocker for anyone who wants to use Ragna in production. There is currently no way to use the UI with any login method other than username and password. However, to be able to log in with OAuth or the like, we cannot keep our current login endpoint on the REST API. Thus, we need a larger refactor here.

The scheme that I have in mind is that the API gets a GET /login endpoint that serves user defined HTML. From there the user can either hit POST /login, i.e. for form data when logging in with basic auth, or GET /oauth-callback if such a scheme is used.

Internally, both endpoints funnel back into a user defined function that validates the login and returns the username that we ultimately store in our DB.

We then redirect to a yet to be designed HTML page that gives the user the option to forge a JWT that includes the user ID.

This JWT is then used as authorization header for the API as well as cookie for the UI.

[pmeier]

Blocked by #417. Acceptance criteria:

• Login method must be user configurable through an Auth object that needs to allow basic auth (username / password) as well as OAuth
• Login must be possible regardless of the deployment mode, i.e. just REST API, just web UI, or both
• API should be accessible through an API token that can be generated after being logged in