Bag of features to consider upstream (i.e. here)

[silasdavis]

I'm nearing completion of the first cut of my project (named Pericyte) that uses Keratin as a library, so thanks for that!

The way it has ended up is I use the core keratin routes:

		route.Post("/password").
			SecuredWith(originSecurity).
			Handle(handlers.PostPassword(app)),

		route.Post("/session").
			SecuredWith(originSecurity).
			Handle(handlers.PostSession(app)),

		route.Delete("/session").
			SecuredWith(originSecurity).
			Handle(handlers.DeleteSession(app)),

		route.Get("/session/refresh").
			SecuredWith(originSecurity).
			Handle(handlers.GetSessionRefresh(app)),

And all of the the key store and token machinery. Then I handle signup, email verification, and various other things.

Along the way we have developed a few things that might find a home in authn-server. I'll list them here, and if you are interested I can open separate issues with the code we have:

1. Workers functionality via a redis queue (about to share this here: Stream of events from Auth server. #112) that replaces webhook senders.
2. Login and consent endpoints that work with Ory Hydra: https://github.com/ory/hydra so that Pericyte can act as a compliant OpenID connect ID provider backed by keratin
3. SendGrid integration for sending emails - this sits on top of the redis worker queues - you can configure various templates for password reset, passwordless login, etc
4. Email verification - not clear this really fits, but this is a new token flow to verify a change in email, might apply when UsernameIsEmail. The token holds the account ID plus the email address.
5. A PostSignup endpoint and purely email based signup flow - you get a an email verification token - we maintain the invariant user can log in iff user's email has been verified
6. A kind of pattern for working with an embedded AccountStore and a Transactor that makes it reasonably neat to do updates to keratin and our user profile in a single shot whilst keeping the notional separation - we don't modify keratin tables or core services. This might make sense of an example of library usage. It took a bit of getting right.

Let me know if you'd like to see a bit more on any of the above, and I'll try to get round to it.

[cainlevy]

1. 👍 taskq looks like a direct upgrade to WebhookSender
2. Hydra integration is pretty awesome! Is this a responsibility of the host app, though? I would imagine the host app is responsible for providing Login and Consent but may rely on AuthN for functionality of the Login page in particular. Maybe this deserves a writeup for https://keratin.github.io/authn-server?
3. I consider this a responsibility of the host app. I don't want to get into email templating or SMTP vendor selection (but SendGrid is my favorite!).
4. Nice! I do the same in my Ruby app with a custom JWT. I've generalized the pattern for any one-click email action.
5. Maybe worth a writeup for https://keratin.github.io/authn-server?
6. I leave this one up to you. It could be something worth sharing, even if it's not under the Keratin umbrella.

[cainlevy]

Happy to consider these further, but any follow-up on a particular feature should move to a dedicated thread.