Need username and email from OAuth2 API

[toolness]

In order to fully replace the existing Persona login, id.webmaker.org needs to provide a user's email and username to an authenticated client.

The need for the username is obvious and shouldn't impact user privacy.

The email, however, does impact privacy, and is needed for the transactional emails that teach-api sends out. That said, the email won't be shared with the front-end code that runs in the browser.

This information can either be provided through an OAuth2 call with a bearer token, or it can be provided in the info blob that is returned from /login/oauth/access_token, which is what Twitter does (albeit not with the email address, just the username).

[toolness]

Oops lol typo in the original issue title.

[toolness]

Note that simply documenting this API will help unblock mozilla/teach-api#11, so if it's faster for you to first document and implement later, that's cool too.

[jbuck]

Agreed, I think we need to add this to id.wm.o for now. I propose the following:

1. Document a new scope called "email", which allows the client application to access the email
2. Create a new route GET /user which checks the scopes on the oauth token, fetches information from login.wm.o, and returns user information based on the scopes. Akin to https://developer.github.com/v3/users/#get-the-authenticated-user

@toolness that sound right?

[jbuck]

@cadecairos do you have time to implement this addition?

[toolness]

Yeah that sounds great to me @jbuck! Thanks. If you can document that in as detailed a way as you do the rest of the calls in docs/oauth.md I can start implementing my side of it asap!

[cadecairos]

Fixed by #128