minauthator/docs/draft.md

OAuth2 spec

https://datatracker.ietf.org/doc/html/rfc6749

https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template

Oauth2 test

-> authorize

User flow

Invitation flow

• Create invite
  • generate A random
  • user.reset_password_token = A
  • user.status = "Invited"
  • Send email with link to https://instance/reset-password?token=A&reason=invitation
• GET /reset-password?token=A&reason=invitation
  • verification of token
  • show form
• POST /reset-password
  • BODY: with params token
  • check token validity
  • set new password hash
  • if user.status == "invited"
    • enable new account (user.status = "active")
    • send welcome email
  • redirect to login page with a message
    • we need to redirect to the login page, so the user remember how to login later, and can verify the setup of his/her password manager.

We can instead send link to https://instance/invitation?token=A

Reset password flow

• Reset password request
  • generate A random
  • user.reset_password_token = A
  • Send email with link to https://instance/reset-password?token=A&reason=lost_password
• GET /reset-password?token=A&reason=lost_password
  • verification of token
  • show form
• POST /reset-password
  • BODY: with params token
  • check token validity
  • set new password hash
  • redirect to login page with a message
    • we need to redirect to the login page, so the user remember how to login later, and can verify the setup of his/her password manager.

We can instead send link to https://instance/reset-password?token=A