minauthator/TODO.md

# TODO

- [ ] better OIDC support
    - [ ] better support of `profile` `openid` `email` `roles` scopes
    - [ ] support of custom id_token claims mapping/binding
        - example for Vikunja: `vikunja_teams` or `vikunja_groups` attribute
        - being able to say :
            - For this client, I want to add this claim
            - with the key X
            - and the value taken from an expression
            - eg "json_array(user.groups)"

- [ ] i18n strings in the HTTP website.

- [ ] Instance customization support

- [ ] Public endpoint to get user avatar by id
- [ ] Rework avatar upload to limit size and process the image?

- Authorize form
    - [ ] Show details about permissions
    - [ ] Show app logo

- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1

- [ ] feat(perms): add groups and roles

- [ ] UserWebGUI: add TOTP
- [ ] send emails to users

- [x] Login form
- [x] Register form
- [x] Redirect to login form if unauthenticated
- [x] Upload picture

- OAuth2
    - [x] Authorize form
    - [x] Verify authorize
    - [x] Get access token

- [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c)
    - .well-known/openid-configuration

- [x] architecture refactor
- [x] AdminCLI: init
- [x] AdminCLI: list users
- [x] AdminCLI: create and invite user

- [x] UserWebGUI: Invitation

- [x] UserWebGUI: Redirect to login when JWT expire
- [x] UserWebGUI: Show user authorizations.
- [x] UserWebGUI: Allow to revoke an authorization
- [x] UserWebGUI: Show available apps (basic)
- [x] UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did not started here.
    - all apps must have a `/oauth2/login` URL that redirect to the right minauth /authorize URL, `login_uri` in config.toml

- [x] UserWebGUI: activate account with token

- [X] basic docker setup
- [ ] make `docker stop` working (handle SIGTERM/SIGINT)
- [ ] implement docker secrets. https://docs.docker.com/engine/swarm/secrets/

- [ ] Find a minimal OpenID client implementation like Listmonk but a little bit more mature
WIP: feat: add user details update 2024-11-02 17:37:57 +01:00			`# TODO`

feat: support OIDC id_token - generate JWT id_token in token exchange - store optional nonce in authorization object - switch to RS256 algorithm for JWT signature - add JWKs endpoint to provide OIDC clients with public keys 2024-12-09 09:38:39 +01:00			`- [ ] better OIDC support`
fix(oidc): assert openid configuration 2025-01-13 20:34:35 +01:00			- [ ] better support of `profile` `openid` `email` `roles` scopes
			`- [ ] support of custom id_token claims mapping/binding`
			- example for Vikunja: `vikunja_teams` or `vikunja_groups` attribute
			`- being able to say :`
			`- For this client, I want to add this claim`
			`- with the key X`
			`- and the value taken from an expression`
			`- eg "json_array(user.groups)"`

			`- [ ] i18n strings in the HTTP website.`
docs: update TODO 2024-12-03 19:20:03 +01:00
			`- [ ] Instance customization support`

			`- [ ] Public endpoint to get user avatar by id`
			`- [ ] Rework avatar upload to limit size and process the image?`

			`- Authorize form`
			`- [ ] Show details about permissions`
			`- [ ] Show app logo`

			`- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1`

			`- [ ] feat(perms): add groups and roles`

			`- [ ] UserWebGUI: add TOTP`
			`- [ ] send emails to users`

WIP: feat: add user details update 2024-11-02 17:37:57 +01:00			`- [x] Login form`
			`- [x] Register form`
fix: better scope handling 2024-11-11 23:16:50 +01:00			`- [x] Redirect to login form if unauthenticated`
feat(oauth2): get access token route and read basic user info 2024-11-11 14:49:17 +01:00			`- [x] Upload picture`
fix: better scope handling 2024-11-11 23:16:50 +01:00
			`- OAuth2`
			`- [x] Authorize form`
			`- [x] Verify authorize`
			`- [x] Get access token`

			`- [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c)`
			`- .well-known/openid-configuration`

docs: update TODO 2024-12-03 19:20:03 +01:00			`- [x] architecture refactor`
			`- [x] AdminCLI: init`
			`- [x] AdminCLI: list users`
			`- [x] AdminCLI: create and invite user`
fix: better scope handling 2024-11-11 23:16:50 +01:00
docs: update TODO 2024-12-03 19:20:03 +01:00			`- [x] UserWebGUI: Invitation`
feat(login): redirect to URL after login 2024-11-11 20:57:04 +01:00
feat(user_panel): basic authorizations management 2024-11-18 08:58:38 +01:00			`- [x] UserWebGUI: Redirect to login when JWT expire`
			`- [x] UserWebGUI: Show user authorizations.`
feat(ui/user): add apps listing 2024-11-25 09:07:30 +01:00			`- [x] UserWebGUI: Allow to revoke an authorization`
			`- [x] UserWebGUI: Show available apps (basic)`
			`- [x] UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did not started here.`
			- all apps must have a `/oauth2/login` URL that redirect to the right minauth /authorize URL, `login_uri` in config.toml

			`- [x] UserWebGUI: activate account with token`

feat: user avatar as public asset 2024-12-04 18:25:56 +01:00			`- [X] basic docker setup`
			- [ ] make `docker stop` working (handle SIGTERM/SIGINT)
			`- [ ] implement docker secrets. https://docs.docker.com/engine/swarm/secrets/`
feat: support OIDC id_token - generate JWT id_token in token exchange - store optional nonce in authorization object - switch to RS256 algorithm for JWT signature - add JWKs endpoint to provide OIDC clients with public keys 2024-12-09 09:38:39 +01:00
			`- [ ] Find a minimal OpenID client implementation like Listmonk but a little bit more mature`