minauthator/docs/draft.md

54 lines
1.6 KiB
Markdown
Raw Permalink Normal View History

2024-11-02 16:37:57 +00:00
# OAuth2 spec
https://datatracker.ietf.org/doc/html/rfc6749
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
## Oauth2 test
-> authorize
# User flow
## Invitation flow
- Create invite
- generate A random
- user.reset_password_token = A
- user.status = "Invited"
- Send email with link to https://instance/reset-password?token=A&reason=invitation
- GET /reset-password?token=A&reason=invitation
- verification of token
- show form
- POST /reset-password
- BODY: with params token
- check token validity
- set new password hash
- if user.status == "invited"
- enable new account (user.status = "active")
- send welcome email
- redirect to login page with a message
- we need to redirect to the login page, so the user remember how to login later, and can
verify the setup of his/her password manager.
We can instead send link to https://instance/invitation?token=A
## Reset password flow
- Reset password request
- generate A random
- user.reset_password_token = A
- Send email with link to https://instance/reset-password?token=A&reason=lost_password
- GET /reset-password?token=A&reason=lost_password
- verification of token
- show form
- POST /reset-password
- BODY: with params token
- check token validity
- set new password hash
- redirect to login page with a message
- we need to redirect to the login page, so the user remember how to login later, and can
verify the setup of his/her password manager.
We can instead send link to https://instance/reset-password?token=A