Allow clients to obtain a auth token without credentials

[mStirner]

It would be awesome to pair apps/devices/clients without the need of credentials.
For that a simple pairing system could be implemented:

Logic:

    // pairing process
    // client = device/app/software thats want to pair
    // server = openhaus backend
    // user = admin user with valid token
    //
    // client: [post] /auth/pairing/<uuid v4>
    // server: 201, clients need check via polling for a token
    // user: receives notfication for pairing
    // user: "accepts" or "decline" request
    // user: [post] /auth/pairing/<uuid v4>/accept
    // server: 200 with new device token
    // user: [put] /auth/pairing/<uuid v4> token as json body
    // clients: checks via polling [get] /auth/pairing/<uuid v4>
    // server: 202, and token as json body & x-auth-header

Draft (router.auth.js):

const jwt = require("jsonwebtoken");
const C_USERS = require("../components/users");
const express = require("express");
const { version, validate } = require("uuid");

module.exports = (app, router) => {

    let pairingRouter = express.Router();
    let pairingClients = new Map();

    ....
  
    pairingRouter.param("uuid", (req, res, next) => {

        let { uuid = null } = req.params;

        if (version(uuid) !== 4 || !validate(uuid)) {
            return res.status(400).end();
        }

        req.uuid = uuid;

        next();

    });


    pairingRouter.post("/:uuid", (req, res) => {

        // here should be stored more information than just the uuid
        // - timestamp of this request Date.now()
        // - 6 digit pin
        // - timestamp of the pin creation
        // - pairing result, accept = null (default)
        /*
        let request = {
            created: Date.now(),
            pin: null,
            timestamp: null,
            accepted: null
        }
        */

        // check if server is in pairing mode
        if (false) {
            return res.status(401).end();
        }

        pairingClients.set(req.uuid, null);
        res.status(201).end();

    });

    pairingRouter.get("/:uuid", (req, res) => {

        if (pairingClients.has(req.uuid)) {
            if (!pairingClients.get(req.uuid)) {

                return res.status(202).end();

            } else {

                let token = pairingClients.get(req.uuid);
                pairingClients.delete(req.uuid);
                return res.status(200).json(token);

            }
        } else {

            res.status(401).end();

        }

    });

    pairingRouter.post("/:uuid/accept", (req, res) => {

        let token = {
            uuid: process.env.UUID,
            user: "foo@example.com"
        };

        res.setHeader("x-auht-token", token);
        res.status(200).json(token);

    });

    pairingRouter.post("/:uuid/decline", (req, res) => {

        pairingClients.delete(req.uuid);
        res.status(200).end();

    });

    pairingRouter.put("/:uuid", (req, res) => {

        pairingClients.set(req.uuid, req.body);
        res.status(200).end();

    });


    router.use("/pairing", pairingRouter);


};

A authenticated user could then approve/decline the request and create a new token.
Like plex does this with its devices & accounts.

Note: This could also be done in cloud environments, the logic under /auth/pairing needs just to be outsourced of the backend, and put into a microservice where nginx pass requests to.