# OAuth2 spec https://datatracker.ietf.org/doc/html/rfc6749 https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template ## Oauth2 test -> authorize # User flow ## Invitation flow - Create invite - generate A random - user.reset_password_token = A - user.status = "Invited" - Send email with link to https://instance/reset-password?token=A&reason=invitation - GET /reset-password?token=A&reason=invitation - verification of token - show form - POST /reset-password - BODY: with params token - check token validity - set new password hash - if user.status == "invited" - enable new account (user.status = "active") - send welcome email - redirect to login page with a message - we need to redirect to the login page, so the user remember how to login later, and can verify the setup of his/her password manager. We can instead send link to https://instance/invitation?token=A ## Reset password flow - Reset password request - generate A random - user.reset_password_token = A - Send email with link to https://instance/reset-password?token=A&reason=lost_password - GET /reset-password?token=A&reason=lost_password - verification of token - show form - POST /reset-password - BODY: with params token - check token validity - set new password hash - redirect to login page with a message - we need to redirect to the login page, so the user remember how to login later, and can verify the setup of his/her password manager. We can instead send link to https://instance/reset-password?token=A