Reuse sign-in OAuth workflow for code host connections

[artemruts]

Description

To reuse existing "sign-in with" OAuth workflow for code host connections, we need to have a secure way to tell the sign-in-workflow to bind given code host (user external account) to user and not with an email but with a special ID X, where X could be an opaque user ID.

Otherwise we need to require users to add their email address (of what they have in the code host) before creating code host OAuth connection. If user won't have an email address, we may end up creating a new Sourcegraph account. 🙅

Links

• Slack convo in #cloud
• Project board
• Figma designs for UI

[github-actions]

Heads up @tsenart - the "team/cloud" label was applied to this issue.

[ryanslade]

It appears that we already support this workflow. If we attempt to "sign in with codehost" after a user is already authenticated then we'll link the external account with the currently logged in user.

I've tested this locally in the following way:

1. Sign in to Sourcegraph with a new user with an email that doesn’t match any in GitHub (using the + trick for gmail)
2. Temporarily disable the redirect here so that can “continue with GitHub”.
3. Navigate to /sign-inand click on continue with GitHub
4. It successfully links the GitHub account with the existing logged in user and creats a new entry in the user_external_accounts table.

[ryanslade]

@artemruts Did you confirm that the above works, can we close this?

[artemruts]

@ryanslade I'll close this after code goes through QA, I believe it works :)
Will re-assign to myself.

[tsenart]

@artemruts: Can we get a demo video to share in #progress?