Support Github as authentication server

[soofstad]

Changes that needs to be done:

• Don't expect access_token to be a JWT
• Use 'expires_in' from token response for checking expire time (not from JWT)

[soofstad]

Will you have a look at this @eoaksnes?

[bonndan]

There seems to be an additional issue with GitHub: the request to get the access token is blocked (using the release code)

Access to fetch at 'https://github.com/login/oauth/access_token' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

See https://stackoverflow.com/questions/42150075/cors-issue-on-github-oauth isaacs/github#330

[eoaksnes]

I enable this in the backend code, allow_origins=[http://localhost, http://localhost:3000,....]

[soofstad]

So my understanding is that Github requires the "client_secret" in the token request. Which can't be added to the SPA web client. Therefore, you must setup your own backend API with the client_secret, that the web app can send the token request to.
The API will then request the token from github with the client_secret, and there should be no CORS error.

Do you have some sample code for endpoint for this backend API @eoaksnes?

[github-actions]

Stale issue message

[soofstad]

The latest commits to this PR; #6 adds support for auth via "Gihub OAuth Apps", which is a bit different than "Github Apps".

However they both require you to setup an API to forward the web client requests, with the added "client_secret", to the github API.
There is an example app here; examples/github-auth-provider.
I have tested it quite a bit. And see no further issues.

Let me know if you decide to test this alpha release and happen to find any issues @bonndan.