Implement oauth-provider

[till]

Codebar Auth as an OAuthprovider that proxies all the other methods.

This should make integration in existing apps, almost trivial.

flowchart TD
    User([Student, Coach, ...<br/>browser])
    Codebar[Codebar Planner, Jobs, ... ]
    CodebarBE[e.g. Codebar Planner Rails<br/>validates tokens via JWKS]

    subgraph AuthService["Codebar Auth"]
        OAuthAPI[OAuth API<br/>/authorize, /token, /userinfo]
        LoginUI[Login UI<br/>provider buttons, magic link form]
        Social[Social login handler<br/>OAuth client to providers]
        Magic[Magic link handler<br/>token email, single-use links]
        Identity[(Identity store<br/>users, linked provider accounts)]
        Sessions[(Session and token store<br/>refresh tokens, auth codes)]
        Signer[Token signer<br/>JWT, JWKS, key rotation]
    end

    Providers[External OAuth providers<br/>GitHub, GitLab, Office 365, Google]
    Email[Email provider<br/>e.g. Twillio/Sendgrid]

    User -->|opens app| Codebar
    Codebar -->|redirect to /authorize| OAuthAPI
    OAuthAPI --> LoginUI
    LoginUI -->|chooses provider| Social
    LoginUI -->|enters email| Magic

    Social <-->|OAuth code exchange| Providers
    Magic -->|sends link| Email

    Social --> Identity
    Magic --> Identity
    Social --> Sessions
    Magic --> Sessions
    OAuthAPI --> Sessions
    OAuthAPI --> Signer

    Signer -.->|JWKS public keys| CodebarBE
    OAuthAPI -->|access + refresh token| Codebar
    Codebar -->|API calls with bearer token| CodebarBE

Loading

• implement better-auth's oauth-provider
• configure social integrations (e.g. github, gitlab, office365, google, codeberg (?))
• add ability to link/unlink social integrations via user profile
• add ability to unlink social integrations via admin