# TODO

- [x] Login form
- [x] Register form
- [x] Redirect to login form if unauthenticated
- [x] Upload picture

- OAuth2
    - [x] Authorize form
    - [x] Verify authorize
    - [x] Get access token

- [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c)
    - .well-known/openid-configuration


- [ ] i18n strings in the http website.

- [ ] App config
    - Add app logo (URI?)

- [ ] Public endpoint to get user avatar by id
- [ ] Rework avatar upload to limit size and process the image?

- [ ] Authorize form
    - Show details about permissions
    - Show app logo

- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1

- [ ] UserWebGUI: Redirect to login when JWT expire
- [ ] UserWebGUI: Show user authorizations.
- [ ] UserWebGUI: Show available apps
- [ ] UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did
not started here.
- [ ] Add admin panel via API
- [ ] AdminWebGUI: Ability to create invitation links
- [ ] Add admin CLI

- [ ] add TOTP