Rework authentication

[gsipos]

The problem

• Users are required to find and click a button inside a popup that appears every time they navigate to the wiki.
• Users can't find popups.

Current solution

• Auth is a 2 step process, there is
  • a One-tap sign in
  • no problem here
  • results in a JWT token.
  • followed by an authorization step
    • this creates the popup that may or may not be blocked by the browser.
    • (that results in a short lived accessToken to be usable on the Google Drive API.)
    • since the drive API is
  • This is implemented via the "Implicit code flow"
    • https://developers.google.com/identity/oauth2/web/guides/choose-authorization-model#oauth_20_flow_comparison
  • code is in ./packages/website/src/utils/google-auth.ts

Possible solution

Implement "Authorization code flow" instead of the "Implicit code flow"

https://developers.google.com/identity/oauth2/web/guides/use-code-model

This requires additional things:

• backend server, Vercel Function can be used for ease of setup and simplicity), you can find an example here: https://github.com/aliz-ai/aliz-vacation-dashboard/blob/main/api/queries.ts
• backend storage, Vercel also offers a managed KV storage that may be usable, but Firestore could also suffice. Whichever is easier.

So basically this means that on the server side we get a refresh token for the user on the first time on the server side, store the refresh token, then we just exchange a refresh token to an access token as necessary.

@bbazsy fyi