# TODO

- [ ] better OIDC support
- [ ] better support of `profile` `openid` `email` `roles` scopes

- [ ] i18n strings in the http website.

- [ ] Instance customization support

- [ ] Public endpoint to get user avatar by id
- [ ] Rework avatar upload to limit size and process the image?

- Authorize form
    - [ ] Show details about permissions
    - [ ] Show app logo

- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1

- [ ] feat(perms): add groups and roles

- [ ] UserWebGUI: add TOTP
- [ ] send emails to users

- [x] Login form
- [x] Register form
- [x] Redirect to login form if unauthenticated
- [x] Upload picture

- OAuth2
    - [x] Authorize form
    - [x] Verify authorize
    - [x] Get access token

- [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c)
    - .well-known/openid-configuration

- [x] architecture refactor
- [x] AdminCLI: init
- [x] AdminCLI: list users
- [x] AdminCLI: create and invite user

- [x] UserWebGUI: Invitation

- [x] UserWebGUI: Redirect to login when JWT expire
- [x] UserWebGUI: Show user authorizations.
- [x] UserWebGUI: Allow to revoke an authorization
- [x] UserWebGUI: Show available apps (basic)
- [x] UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did not started here.
    - all apps must have a `/oauth2/login` URL that redirect to the right minauth /authorize URL, `login_uri` in config.toml

- [x] UserWebGUI: activate account with token

- [X] basic docker setup
- [ ] make `docker stop` working (handle SIGTERM/SIGINT)
- [ ] implement docker secrets. https://docs.docker.com/engine/swarm/secrets/

- [ ] Find a minimal OpenID client implementation like Listmonk but a little bit more mature