[Feature Request] Customize authentication flow

[stevenmqnguyen]

Overview

Customize the authentication flow to prevent duplicate user accounts. Specifically to prevent officers from having duplicate accounts with their acmutd.co email.

The default functionality of NextAuth is to create a new user for each unique email. Since each officer is guaranteed to have a personal email and an acmutd.co email, this poses the problem where duplicate user accounts are created if an officer doesn't connect their acmutd.co account to their personal account.

This can be mitigated by customizing the sign in page to show every provider besides google internal acmutd.co. The officer is then forced to sign in with a personal account first.

An additional edge case is if an officer tries to sign in with google with their acmutd.co account. This can be prevented by handling using a sign in callback.

Tasks

• Customize sign-in page with all providers besides acmutd.co
• Add callback to prevent acmutd.co domain emails from google sign in
• Display proper sign in page error messages with hints
• Document the authentication flow with diagrams
• Submit PR to NextAuth's documentation with corrections

Supplemental Information

• NextAuth sign-in page errors
• There is an edge case where if a user signs in with a provider then logs out and signs in with a different provider with a different email, a new user is created and the two accounts are unable to be linked. This is mitigated if a user signs in with their initial account and connects any additional accounts while logged in before they try to sign in using a different provider with a different email.
• Try connecting multiple google accounts, it works!