Experiment go <> sgid integration

[PikkaPikkachu]

Problem

We are trying to integrate SGID with GO and will be testing it with OGP officers. If the integration is successful, we will open this up to other public officers as well.

Solution

Integration doc with the detailed solution here, for summary refer below:

Followed developer docs here

1. Add a new login page for SGID login /ogp-login
2. Upon user click we redirect to SGID authentication url (opens up in the same window)
3. Once user allows sign in using GO SGID client, we fetch their relevant data i.e. officer's work email.
4. There's a validation check on valid officer's email ending in .gov.sg
5. If the validation succeeds we create or find the user in the DB and set the user session
6. Else we redirect the back to sgid login page and show the relevant error message.

Features:
Login feature with SGID

Before & After Screenshots

AFTER:

Screen.Recording.2023-07-28.at.12.07.46.AM.mov

Tested on health and edu domains, we get a 400 response, with this error message on the UI:

Tests

What tests should be run to confirm functionality?

1. Check login using SGID manually
2. Check remaining functionality remains intact [regression testing]
3. Check invalid authentication or invalid email does not succeed login
4. Check that edu and health domains are still intact, without the SGID client being initialised

Deploy Notes

Need to create the relevant environment variables before deploying.
There might be a need to use the AWS key manager, in case env variable store in EB does not work.

New environment variables:

• SGID Client
• SGID Private key
• SGID API hostname
• SGID Client Secret

[raynerljm]

the sgID implementation looks like it should work! left some clarifications and some questions - thanks Prakriti! 🎉

[PrawiraGenestonlia]

Left minor nit comments. Overall, good job @PikkaPikkachu with the implementation! Awesome work!

[halfwhole]

lgtm, thanks so much for this 🥳
the overall flow looks great, left a bunch of minor comments below but they're very much non-blocking so feel free to merge!

[gweiying]

One additional comment from me, let's check the behavior on staging.for.edu.sg and staging.for.sg for the sgid login request endpoint to verify that it's not throwing any weird errors!

[halfwhole]

lgtm, apart from the first comment below!