Support for OAuth

@CristianCucunuba, @janus-reith and I are building a provider for Reaction Commerce (see issue #170). One caveat of RC compared to Shopify and BigCommerce is that it requires users to sign in through an OAuth flow. There’s currently no built-in support for OAuth on Next Commerce.

A few things need to be taken into account to pre-wire Next Commerce for OAuth (in case individual providers require it):

• Add a boolean config flag (oauth: true for example) which, when set by a provider, would make the LoginView display a simple “Login” button instead of a username/password form.
• This “Login” button with no username/password form would still call the @framework/auth/use-login hook. There, it would be up to the provider’s developers to decide how to handle the OAuth flow.

Aside from these relatively minor UI considerations, we need to chose a library to actually handle the OAuth redirection, callback etc. We prefer next-auth as it’s more of a “Next-native” solution than passport… But the choice is not just ours to make.

If we add next-auth to the project’s dependencies as part of the Reaction provider PR, next-auth will be part of the dependencies whether users choose to use the Reaction provider or not. Developers who will work on their own provider implementations and who might need OAuth support will have next-auth pre-installed and will likely have to use it too as I assume we don’t want to have a bunch of authentication libraries living under the same roof.

So here goes my question: if we’re implementing OAuth support, do @okbel and the team agree with our choice of next-auth? Or should we use something else? Should we pre-wire anything and build an API to make it easier for provider developers to use next-auth? Eager to hear what the community thinks too.

At a higher level, I think this prompts for a discussion about provider-specific package.json and dependency support, as well as a way to add API routes from within a provider without touching the pages/ directory.