Closes #16 Implement o auth Google

[Sojusan]

External OAuth providers added: Google, Twitter/X, Facebook, GitHub.
It is done via the Keycloak service. More details can be checked in our docs repo.

I have changed the way we handle .env and appsettings.Development.json. They are now not included by default in the repo as they will contain sensitive data like OAuth providers secrets.

⚠️ If you do not want to create your own external OAuth provider apps, contact me and I can provide the needed credentials.

ℹ️ I did my changes based on your (@mtracewicz ) branch for this feature, so it includes some of your improvements from there, e.g., Serilog implementation.

[mtracewicz]

As We do not have existing data I would sugest deleting everything from Migrations directory and creating a single Init migration.

[mtracewicz]

Can We configure this not to require name and surname, just email?

same goes for external providers (the app wants even more data)


GitHub one is doing well in this tho:

Also a very small nitpick You have removed Login/Register from router but kept them on the page

[mtracewicz]

@Sojusan I think I'm done with the initial review of the code. Sorry for the amount of things pointed out. Feel free to point out disagree with the points 😉

Now going to the functionality:
I have verified that it runs on my machine, I was able to login with google and create a local account, for Twitter and GitHub I was able to initiate the process as well.

However I'm very concerned about one thing. It seams that I can login using Keycloak and frontend recognizes it, but the backend does not. I have run the application using docker compose with both the env file and appsettings file You have provided. This are the three issues I have encoutered:

• I was unable to authentiacte using the token from the forntend, it throws exception:

• no user is created in our application DB (this is most likely caused by the first issue) - I have verified they are present in the keycloak db

• I was able to see the site wich requires auth even though I got 401 from the create user endpoint. While I know that keycloak is what is authenticating us and not our backend it still feals very wrong

---

On the brightside:

• I was able to verify keycloak + frontend working with both local and external accounts
• the dev smtp works prefectly and is such a cool addition! 🚀

[Sojusan]

Can We configure this not to require name and surname, just email?

I have created a separate issue #62 in order to investigate how to create our own template for Keycloak and then to create it and add our UI style to it. Will work on it after this PR.

Also a very small nitpick You have removed Login/Register from router but kept them on the page

Deleted.

[sonarqubecloud]

Quality Gate passed for 'ksummarized_ksummarized.com_frontend'

Issues
1 New issue

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate failed for 'ksummarized_ksummarized.com_backend'

Failed conditions
2 Security Hotspots
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud

[Sojusan]

• I was unable to authenticate using the token from the frontend, it throws an exception:

Yeah, there was an error in the configuration for our realm in the Keycloak. I didn't set explicitly the RSA Private and Public keys in the export-realm.json file. This way when you started a fresh instance of the Keycloak on your machine the Keycloak just generated a new pair of these keys, so the backend was dependent on the old one. In order if my fix is working correctly now, please take the newest environment settings (both appsettings and .env) from our docs, prune containers, and volumes, then start once again. The Keycloak should now take keys from the environment variable and validation on the backend site should work correctly.

• no user is created in our application DB (this is most likely caused by the first issue) - I have verified they are present in the keycloak db

It is related to the previous error. If the token is detected as invalid then the backend refuses that connection without creating a user.

• I was able to see the site which requires auth even though I got 401 from the create user endpoint. While I know that keycloak is what is authenticating us and not our backend it still feels very wrong

I'm not sure what approach should be there. We changed the authenticating service from our backend to the Keycloak service so I think it is correct to see the frontend after successful authentication in the Keycloak service. The backend is now validating tokens just for security and I think it shouldn't block users from visiting the website when it has access to per the Keycloak service. I think it is enough to just prompt an error when we will be working on the error handling on the frontend.

[mtracewicz]

The changes look great, I wiil approve 😄 Have You checked this failing pipeline do We still need to fix it or is it a false positvie?

EDIT: I have read the errors, We can safely ignore them 👍🏼