Allow login with decentralized identifier

[friedger]

User story

As user, I can login with my own identity so that I don't have to use passwords

Best solution for this problem

Support universal identity resolver like https://github.com/decentralized-identity/universal-resolver/

MVP

• Support one identity provider (like blockstack)
• allow new users to create a profile from blockstack id
• allow users that created a profile from blockstack id to sign in with their blockstack id
• users are identified by their email associated with their blockstack account
• do not support orga profiles

Metrics

Usage of sign in with blockstack id

Documentation

Integration for the front end is described on docs.blockstack.org
Integration for the server is not clear to me, as I haven't found the location of the authentication flow

This tries to improve the authentication like #1738 and #1746

Details for MVP

Front end

• add "create profile from blockstack id" and "sign in with blockstack id" button, when clicked user is redirected to blockstack sigin
• add route for redirect from blockstack signin. This page either creates a new profile is the email was not yet registered with an account or the user is logged in on the opencollective server by sending the publicKey (and email) and decrypting the returned redirect

Back end

• add user.publicKey on backend
• on sign in and create profile return encrypted redirect with publicKey was provided (still send an email)

[stale]

This issue has been automatically marked as stale because it has not had recent activity. We want to keep it in our todo list but haven't had the time to address it yet.
Thank you for your contributions!

[piamancini]

I think the idea of using blockstack is great. I wonder if they might be able to put a bounty on it.

[friedger]

Design suggestion for "Create Profile"

Design suggestion for "Sign In"

[piamancini]

I'm asking Patrick Stanley @ blockstack if they are interested in placing a bounty for it. We can't this on right now ourselves and we don't have the expertise.
https://twitter.com/PatrickWStanley/status/1130973861162496000
Feel free to jump on the thread to encourage.

[friedger]

There is a bounty of $500 if done by 4th June (https://community.blockstack.org/evil/)

I started some work on https://github.com/friedger/opencollective-frontend Help welcome!

[friedger]

For the backend, I suggest that the signin request returns an encrypted signin link if a public key was provided:

const user = { email: userData.email, publicKey:getPublicKeyFromPrivate(userData.appPrivateKey) }
signin(user).then(response => {
            navigateTo(decrypt(response.encryptedLink, userData.appPrivateKey))
          });

[friedger]

In opencollective/opencollective-api#2034 the suggested addition of publicKey has been implemented.

Both PRs together creates a flow where users can login with their Blockstack ID.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. We want to keep it in our todo list but haven't had the time to address it yet.
Thank you for your contributions!