3rd party auths

[rragundez]

First of all this is so good! I don't know why i did not came across it before :)

Is your feature request related to a problem? Please describe.
Nowadays is quite common to use 3rd party auths, like EntraID with Microsoft, Google, Github, etc. I think they are not that many and in my experience once the auth is done it doesn't really have to change so I think is good to add as a template and then maybe allow the developer to activate it via en environment variable

Describe the solution you'd like
Add endpoints to the backend for each provider such as /login/provider /callback/provider and manage the parsing of the access token to get or create a user and then create a JWT token using the already including functions.
Then allow the configuration to be defined such that either in environment variables or similar, we can define which auth/auths to use (google, microsoft, github, native)

Additional context
Perhaps context, is that in my experience by adding this it will enable more enterprise ready applications where setting auth is very important to get correct.

If you think it would be helpful, I could create a PR.

[carlosplanchon]

Hello!, I agree with you suggestion.

I think this can be done with FastAPI-SSO. https://github.com/tomasvotava/fastapi-sso

[igorbenav]

It definitely would be helpful, @rragundez, feel free to create a PR!
We'll very much appreciate

[igorbenav]

@rragundez do you want to do it? @carlosplanchon can help

[rragundez]

@rragundez do you want to do it? @carlosplanchon can help

I can get the first PR started with the basics oauths. Then I would suggest to re-assess how to use the new information coming from the response for the benefit of the user, like role assignment, email, profile picture, etc.

[carlosplanchon]

@rragundez, please, enter the Discord, because with fastapi-sso I already have existing code you can just reuse. So... that + Claude Code may just reduce the amount of work needed.

[rragundez]

@carlosplanchon I don't mind the work, I like it. I just need some guidance on how you guys want to implement it. Do you want me to just make an opinionated PR or to check with you before hand make some decisions?
For example:

• When using oauth, then the hashed password value can be null or a random password, a random password is by far easier as it matches the current mechanism, setting it to null is a better practice but requires more changes in the DB schema but also in the authenticate_user function.
• Do you want the application to be quite flexible such that a user can login in several ways (local auth, google, microsoft)? and then having the identifier in the DB being via their email? or to allow single way of logging in (google for example) for the whole application lifetime (this is the most common in enterprise applications).

For now I'll make a PR with what I think is best. @carlosplanchon please share the pieces of code you might have, thanks.