StoplightProject: Authentication Flow

[philsturgeon]

User story.

As a stoplight user, I can sign in to see projects, operations, or models that might be internal or private, if I have permissions to see them.

Is your feature request related to a problem?

Support viewing internal/private projects embedded via StoplightProject.

Support showing operations/models x-internal: true for projects in StoplightProject.

This is currently possible for users who are already signed in and have a JWT, but we need to help users who are not signed in sign in.

Describe the solution you'd like

Some sort of "Sign in with Stoplight" link which redirects to *.stoplight.io and back with a JWT they can use to see this content. This means we can remove x-internal: true nodes from the API response by default, and suggest users log in if they'd like to see that content.

We have previously talked about being able to embed authToken's to help private docs be displayed, and that is another topic. We want to let users who are logged into Stoplight be able to see relevant StoplightProject content if they have the right permissions. We can figure out how to have internal/private projects displayed to non-Stoplight users another time.

Additional context

• Elements will pass JWT to backend so its aware of it already. https://github.com/stoplightio/elements/issues/1361
• We'll hide operations/models if hideInteral: true is passed in components. #1461

[mnaumanali94]

@wmhilton @paulatulis @mmiask @mpodlasin @mallachari @domagojk Hey team! Can you please add your planning poker estimates with ZenHub