Redirect to teach-api for login/logout flow

[toolness]

As mentioned in #445 (comment):

We're moving to using an OAuth2 flow for login via id.webmaker.org.

Since the OAuth2 client secret can only be stored in the teach API, I'm just doing all OAuthy stuff on the teach API (see mozilla/teach-api#11).

I've added an /auth/status endpoint in mozilla/teach-api#10 with an extremely strict CORS policy; essentially, every time the teach site loads, it needs to ping this endpoint to see if it's currently logged in.

Putting all the pieces together, the login flow will essentially work like this:

• User visits teach.mozilla.org for the first time. It pings /auth/status on the teach API and notices that no one is logged in.
• User clicks "login" or "create account" on teach.mozilla.org (either in the sidebar or through the add a club modal).
• User is transparently redirected to teach-api, which immediately redirects to id.webmaker.org, where the user logs in/signs up.
• id.webmaker.org redirects the user back to teach-api (via OAuth2 callback), which then redirects the user back to teach.mozilla.org.
• When teach.mozilla.org loads, it pings /auth/status on the teach API and notices that the user is logged in.

Phew. It's not particularly ideal, but I think we will be moving to a simpler solution once we actually give the teach site its own lightweight HTML-rendering server in v2 (we need to do this anyways to fully support our progressive enhancement strategy and some other things).

I should also note that logout follows a similar pattern, because for now we'll want logging out of the teach site to also log the user out of id.webmaker.org for usability reasons--see mozilla/id.webmaker.org#119 (comment) for more details on that.

Update: This was completed by the landing of #626.

[toolness]

An update on this:

TLDR: Our end of this is basically done but I want to ensure that the new login system at id.mofostaging.net is stable before we officially switch to it.

I've implemented the new login/logout flow in #608, and it's even deployed right now at http://mozteach.toolness.org/ if you want to try it out, but I don't want to merge it until id.mofostaging.net is ready for it. Right now I'm still experiencing lots of weird behavior when signing up for a new account, and because id.mofostaging.net is connected to the staging login server rather than production, it's not possible to log in with one's existing webmaker credentials. Because of that, I'm concerned that merging the PR and switching over to the new login system now will make it harder for us to test the parts of our site (like adding/editing a club) that require login.

Also, the "create an account" links are going to seem identical to the "log in" links until mozilla/id.webmaker.org#131 is fixed. As soon as that fix is deployed to id.mofostaging.net, the "create an account" links should start working as expected.

[hannahkane]

Thank you for the update!

[hannahkane]

Is this complete?

[toolness]

Ah yes, it is indeed finished as of the landing of #626. Closing!