Handling Authentication With Best Servers And Other TMC Services

[gamemann]

We want authentication to be synced between all TMC services including Best Servers. This means we'll have a single back-bone for authentication. We also want multiple login handlers including Discord, Google, Steam, and more. Users should be able to link additional accounts and set their email. We want to avoid storing passwords for now.

Other TMC services such as Best Mods uses a different web/authentication back-end (NextJS with NextAuth). Therefore, this will require additional code and handling so we can integrate into any web framework we choose.

This issue was created for initiate discussion and planning regarding this feature.

[gamemann]

If using and hosting a centralized authentication system such as Apereo CAS, we could leverage PHPCas or Laravel CAS in Best Server's case. However, this is going to be more complicated. Laravel CAS hasn't been updated in four years, so I'm not sure if that'd even work with Laravel 10 and it's possible the code is exploitable. I'd honesty prefer making my own PHP/Laravel package that communicates with our CAS server.

Otherwise, we could use Laravel's Socialite package which comes with Laravel itself.

Using a CAS would be the best approach, but it will take longer to implement.