Build and document strategy for testing with identity providers

[tonysurma]

as mentioned in the readme the keys for the identify providers will be secrets that are configured in deployment for testing and production.

We need a strategy for how individual contributors can test with identity providers without sharing the 'secret' codes from deployment in production.

[TimHess]

I'd like to help with this one

[bcbeatty]

Do you need to provide the secretKey for a facebook login? On another app I'm working on I'm not using the secretKey just the AppId, which is public. But I'm still running on local emulators.
Ionic has OpenId Providers as part of its framework.

[bcbeatty]

Here's javascript code snip it for facebook login using cordovaOauth

 $cordovaOauth.facebook(appKeys.appId, ["email", "user_friends, user_location, user_posts, user_photos"]).then(function (result) {
                    console.info("login success");
                    $localStorage.accessToken = result.access_token;

                    q.resolve($localStorage.accessToken);
                }, function (error) {                 
                    console.error(error);
                    alert("There was a problem signing in!  See the console for logs\n" + error);
                    q.reject(error);
                });
 return q.promise;

[MisterJames]

@tonysurma I think an easy strategy here would be to include a quick readme for setting this up. UserSecrets is pretty easy to get going. I could write this.

They would need to, of course, create their own apps/app secret keys to make this work, but that isn't an insurmountable task.

[tonysurma]

great thanks!

[BillWagner]

I believe this has been addressed by the work where we implemented the 3rd party OAuth work. Can @MisterJames or @tonysurma re-open if I'm mistaken.