[feature] Allow username/pass authentication for Omni SaaS via Auth0

[steverfrancis]

Problem Description

We currently require SaaS users to authenticate themselves to Omni via either Google or GitHub accounts. Many enterprises do not use Google, and may run private GitHub, or the people trying Omni may not have GitHub accounts.

We introduce a bunch of friction with this requirement, and it stops some people.

Solution

We should allow people to use Username/password authentication. Auth0, that we use in the SaaS, already supports username/password (and they deal with all the data storage).

However, this doesn't work currently, as our token.go requires their email to be verified. So if we enable user/pass in Auth0, when a user signs up with email/pass, auth0 lets them in at that point, but Omni rejects them, as they haven't verified their email. Omni's error is the not-terribly-informative message "Failed to confirm public key: invalid jwt"

TO make this usable in a friendly way, after they enter their user/pass on the Auth0 signup screen, but before they are taken to Omni, tell them they need to verify their email before they can proceed.

We should also make Omni's error message informative in this case, as there is probably a way to get to the invalidated state directly. Then have Omni say it is rejecting them as they haven't validated their email. (At this point, even if they do validate email, they have to "Sign in as a different user", then sign in as the same user to make things work. That's not ideal either. Maybe we could automatically take them to where the sign in as different user button does, after telling them they need to validate their email. )

Alternative Solutions

No response

Notes

No response