# TODO - [x] Login form - [x] Register form - [x] Redirect to login form if unauthenticated - [x] Upload picture - OAuth2 - [x] Authorize form - [x] Verify authorize - [x] Get access token - [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c) - .well-known/openid-configuration - [ ] i18n strings in the http website. - [ ] App config - Add app logo (URI?) - [ ] Public endpoint to get user avatar by id - [ ] Rework avatar upload to limit size and process the image? - [ ] Authorize form - Show details about permissions - Show app logo - [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 - [x] UserWebGUI: Redirect to login when JWT expire - [x] UserWebGUI: Show user authorizations. - [x] UserWebGUI: Allow to revoke an authorization - [x] UserWebGUI: Show available apps (basic) - [x] UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did not started here. - all apps must have a `/oauth2/login` URL that redirect to the right minauth /authorize URL, `login_uri` in config.toml - [x] UserWebGUI: activate account with token - [x] feat: add groups and roles models - [ ] UserWebGUI: add TOTP - [ ] send emails to users - Architecture: do we have an admin API? - [ ] AdminCLI: init - [ ] AdminWebGUI: List users - [ ] AdminWebGUI: Assign groups to users - [ ] AdminWebGUI: Create invitation # Minimal flow - [ ] Invite user from command line bash script that will edit sqlite - [ ] Activation UI - [ ] Send email