When retrieving userinfo with oauth2_fetch_user_details=true, we sometimes want to disallow account creation if an attribute is not fulfilled.

This PR adds a new register oauth2_basic_required_json_path which will kick in when retrieving userinfo. It can be used this way:

DiscoursePluginRegistry.register_oauth2_basic_required_json_path({
      path: "extra:account.is_allowed_member",
      required_value: true,
      error_message: I18n.t("login.unfulfilled_requirement"),
    }, self)

If the attribute does not satisfy the required value, we will see the specified error message when returning to the forum. The account is not created.

Alternatives

The alternatives I can think of is

1. monkey patching
2. creating a new authenticator

(1) is definitely brittle, and (2) does feel like there will be a lot of copy-work even within the method itself.

3. David did point out on(:after_auth) exists. However the event happens slightly too late - the associated account would have been created already, and the result would not contain the required attribute.