[WIP]Add Guild Wars 2 Oauth authentification

[keneanung]

This adds the OAuth2 authentification by Guild Wars 2 (and changes some defaults
to be more sensible for testing environments).

TODOs:

• get profile information from the GW2 API
• add a nice picture for the login button

This PR serves 2 purposes:

• get early feedback on what I'm doing
• a discussion board for some further things

Question: I am debating whether to save the access and refresh tokens with expiry date, because ANet plans features to the API that might be interesting to gw2spidy as well (Bank/character inventory, TP history). Soo...

1. Where to save this information? The users table?
2. How to handle users registered via another OAuth provider or the site directly? Put an "connect with GW2" option somewhere?

That's it for now, if I get more ideas/questions, I'll ask.

[rubensayshi]

Cool,

Maybe no need to store it until it's actually necessary,
otherwise I'd put the info into a seperate table since it's kinda unrelated to normal user login, so gw2_auth or something

[keneanung]

Technically this should be finished. I still need to add an icon for the button though.

I'm also waiting for an answer on arenanet/api-cdi#21 (which is now closed) in case I need some more changes.

And since the authorization is still BETA quality, I'd wait to merge this in anyways :)

[keneanung]

Should be done now, except:

• I couldn't get twitter to work, so I was unable to test...
• I have no idea to add an image to the new button...

[rubensayshi]

okay, I'll try to free up some time this week to take a look at it and test it :)

[keneanung]

Hrm... https://forum-en.guildwars2.com/forum/community/api/Launching-v2-account-w-Authentication/4981219 pretty much kills this PR 💥

But lets wait and see first

[rubensayshi]

awh :/ ...

I was under the asumption this was ready to be merged?

[keneanung]

It was, until I asked whether the OAuth is still in Beta, because it already appeared in the accounts listing. Then they dropped the ball about movements away from OAuth2 towards API-style keys. See my question https://forum-en.guildwars2.com/forum/community/api/Launching-v2-account-w-Authentication/4971293 and the following discussion

[rubensayshi]

any updates?

[keneanung]

Nothing specific. The new authenitcation method will be revealed "within weeks" with a proposed migration strategy. So I'd still like to wait.

[keneanung]

🌋 See https://forum-en.guildwars2.com/forum/community/api/HEADS-UP-OAuth2-being-replaced-next-week

tl;dr: No new OAuth apps can be registered, authentication is out of the window, user has to do the "create token" step of OAuth manually (which doubled as authentication), http header stays the same.

So maybe it's possible to reuse parts of this, but overall it seems to become pretty complicated for normal users to grant access to private parts of the API.