I think “disassociate” means simply removed associate oauth uid and user_id in local.
One more problem is that oauth credentials can be expired. The provider may ask for re-authorization. (When a plugin author wants to use the oauth2 credentials to trigger API, they would like to know this situation)
According to those 2 problems, an Authenticator
has to report association and expiration information. They are simply trying to find a user record implicit.
Now, Discourse has {google,facebook,github,instagram,twitter}_user_info
. Plugins can use oauth2_user_info
or PluginRow
. I would say a new model can represent all those information, for instance:
uid
, comes from provideremail
name
access_token
refresh_token
expired_at
- CustomFields or a JSON field, can use for other information storage.
Then a simple query can get a list of associated providers for the user. Disassociation is simply done by remove this record.
Beyond that, Authenticator
have to provide functions to determine:
- is there a existing user
- is the token fresh