Add twitter oauth provider

[anatolym]

I'm gonna add Twitter OAuth provider to the project. This issue is for tracking progress.
(following the Umputun's comment #64 (comment))

[umputun]

@anatolym - I have tried to add twitter once, but it wasn't as direct as I hopped. Don't recall details, but I think they don't even support oauth2 with 3-legs. All examples I have seen use oauth1 for twitter. If this is the case for real and not my misunderstanding - integrating Twitter as another provider can introduce some substantial changes to provider.go. If you can figure a nice way to do it - go ahead, will be great to have twitter login, but if too much code and too much trouble we can wait till twitter add oauth2 ;)

[anatolym]

@umputun, it seems Twitter gave up on implementing OAuth2 protocol. They heave some weird 3-legged authorization which just doesn't make sense.
So current provider.go abstraction won't work and we have to implement oauth1 flow for Twitter API.

Also this discussion with OAuth2 feature request https://twittercommunity.com/t/oauth-2-0-support/253 started 7 years ago and was closed with no explanation by Twitter stuff last December.
Do we want twitter login that much?

[umputun]

yeah, this is what I thought. Kill it, we will be just fine without twitter auth.

[anatolym]

Alright.
@umputun, is there anything else I can do?

[umputun]

@anatolym - There is a thing in the same area of auth - avatar proxy. Right now it's keeping the original image as-is and then serves it to users from AvatarStrore. It works, but the solution is not optimized. You can try to make it better by resizing images to the desired size and keep those tiny pics only instead of full originals. I think this resizing can happen synchronously at the time of login. In case this procedure is heavy for large images (I hope it is not that heavy) you may need some workes to do it in separate goroutines.

[umputun]

with https://github.com/go-pkgz/auth/releases/tag/v0.8.0 in place, we can finally have twitter auth

[umputun]

@Reeywhaar - I have added twitter auth provider, but probably you have to do it on your side as well.

[umputun]

@Reeywhaar - pinging. Twitter support in place on my side, but need it to be added to your list of providers

GET http://admin:[email protected]:8080/api/v1/config?site=remark

HTTP/1.1 200 OK
App-Name: remark42
App-Version: local
Author: umputun
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Content-Type: application/json; charset=utf-8
Expires: Wed, 31 Dec 1969 18:00:00 CST
Pragma: no-cache
Vary: Origin
X-Accel-Expires: 0
X-Rate-Limit-Duration: 1
X-Rate-Limit-Limit: 10.00
X-Rate-Limit-Request-Forwarded-For: 
X-Rate-Limit-Request-Remote-Addr: 172.18.0.1:46320
Date: Wed, 02 Oct 2019 16:35:33 GMT
Content-Length: 329

{
  "version": "local",
  "edit_duration": 300,
  "max_comment_size": 2048,
  "admins": [
    "dev_user"
  ],
  "admin_email": "[email protected]:8080",
  "auth_providers": [
    "twitter",
    "google",
    "github",
    "facebook",
    "dev",
    "email",
    "anonymous"
  ],
  "low_score": -5,
  "critical_score": -10,
  "positive_score": false,
  "readonly_age": 0,
  "max_image_size": 5000000,
  "emoji_enabled": true
}

[joseph-vidal-rosset]

with https://github.com/go-pkgz/auth/releases/tag/v0.8.0 in place, we can finally have twitter auth

In a new remark42 install, I would be glad to add twitter auth (even if I dislike Twitter as well as Facebook) but I did not understand on their developers page how to get it. A suggestion?

[joseph-vidal-rosset]

https://developer.twitter.com/en/docs/basics/authentication/guides/access-tokens

seems being the reply to my question. I hope so.

[joseph-vidal-rosset]

I have succeeded to get API keys for Tweeter (previously I had to submit a form as a developer, do not laugh ! :) ) ...
In my docker-compose:

• AUTH_TWITTER_CID=2h***********************
• AUTH_TWITTER_CSEC=uB5fV******************
  is it correct ?

[umputun]

I have added the missing info about twitter to README as a part of 38e9dc9

[joseph-vidal-rosset]

Thanks. Glad to see I guessed the code correctly, but by induction, it was quite easy. :)