microsoft auth integration (WB)

[kfarr]

tasks:

• - register as an oauth application in Microsoft - done for DEV - took 20 mins
• - add auth provider for Microsoft in GCP / firebase - done for DEV - took 2 mins
• - implement signup popup in login modal (add a button below google) - ETA 2 hours
• - implement getRedirectResult to handle successful auth - ETA 2 hours
• - handle auth/account-exists-with-different-credential to handle case where user has authe'd email via google but then auth's via microsoft: https://firebase.google.com/docs/auth/web/microsoft-oauth#expandable-1 - ETA 4 hours
• create production oauth app application in Microsoft
• research how an enterprise administrator can allow users to auth for apps
• use default profile icon when authenticated with microsoft (bonus, use msft logo when auth'ed)
• release v1 to production so that personal msft account users can auth
• wait for microsoft partner verification
• try fetching user profile image again after verification, see this branch: https://github.com/3DStreet/3dstreet/tree/microsoft-auth-profile-image
• announce / social media

[kfarr]

microsoft option works, but now need to handle error auth/account-exists-with-different-credential which is raised on line 33 of /editor/api/auth.js in the proposed PR when a user has an existing account with that email address from a different provider. For example, if a users auth's via google on user@email.com, then auth's via msft on user@email.com, they will need to "link" them together. Docs:
https://firebase.google.com/docs/auth/web/microsoft-oauth#expandable-1

[kfarr]

suggestion from Rahul:

Do they need to link things together? Can we just throw a ui error that’s like you already have an account with us from a different provider

[kfarr]

Adding publisher verification may be required for some enterprise environments, need to register in Partner Center and get MPN ID

[kfarr]

applied for mpn id, legal verification is in progress eta 2-3 days

after some more research, it appears that the recommended settings for microsoft "entra" enterprise apps only accept "verified" apps
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal

[kfarr]

tried getting profile image to work using this example: https://stackoverflow.com/questions/66192652/firebase-microsoft-social-auth-not-providing-photourl

it returns a 401. after some googling a 401 is expected when a user has not set a profile image. some users suggested that a 401 response may also happen if our app is not verified (partner verified) and therefore msft doesn't give the app access to the profile image. here is the branch:
https://github.com/3DStreet/3dstreet/tree/microsoft-auth-profile-image

i'll pause that effort, instead we should simply use the default profile when using microsoft for now, or even a "microsoft" logo profile to indicate the user has logged in w/microsoft.

Then we can release this even ahead of being verified since it does work for microsoft personal users.