[feat]: next-drupal-starter - OpenID User Authentication Use Case

[backlineint]

Describe the problem

This starter kit currently handles authentication and authorization from the perspective of a machine user that sources data from Drupal. It would be desirable to demonstrate an example for user authentication as well - a user can authenticate via a login form and as a result gains access to specific resources based on their Drupal account.

Describe the proposed solution

Provide an OpenID based user authentication option.

Drupal:
Assumes that Simple oAuth and OpenID Connect are installed.

Next:
Using NextAuth

High level flow:

• User authenticates via next-auth / OpenID provider
• This information is used to authenticate with Drupal
  ** OpenID connect will create a Drupal account the first time a user authenticates if it does not exist. What I'm not clear on is if this will happen when accounts are created via API based registration requests and if the next-auth token provides enough information to make SSO with Drupal possible.
  ** If OpenID can't create accounts via API requests, this step instead would have to try to authenticate or check for the existence of a Drupal account (as the machine user,) and if the account doesn't exist, create an account.
• A user specific Drupal State store is created for that user. All user specific requests are made through that store.

Drupal State:

• For user authentication Drupal will need to be enhanced to support the password grant type. A related issue exists here: https://www.drupal.org/project/drupal_state/issues/3263740

Alternatives considered

There are many other auth methods that could satisfy this, but this approach has the benefit of taking advantage of Drupal's simple oAuth Ecosystem.

Importance

It would make my life easier

Additional Information

No response