Concept finding: Auth

[MeFisto94]

Currently, we have no useful way of authentication. There is a packet, but it only sends the windows username.
To be of use, we need a (preferrably passwordless) approach that also leads to stable user identifiers.

My idea was to have a central hosted oidc compliant IdP (preferrably doing identity brokering with the major game stores).
Then, after logging in on the website, the JWTs (maybe the auth token, but especially the ID token) are used towards the individual user-hosted game servers. The tokens are signed, so the server can trust them, but is probably capable of using the auth token to query more information from an API endpoint (e.g. on which servers the user has been banned).

The only remaining question is how this interfers with #7 . It's much easier when we use an oidc flow from a desktop application than it probably is to cram into the red4ext DLL.