Matthieu Bessat
02e16a7e74
- generate JWT id_token in token exchange - store optional nonce in authorization object - switch to RS256 algorithm for JWT signature - add JWKs endpoint to provide OIDC clients with public keys
1.7 KiB
TODO
-
better OIDC support
-
better support of
profileopenidemailrolesscopes -
i18n strings in the http website.
-
Instance customization support
-
Public endpoint to get user avatar by id
-
Rework avatar upload to limit size and process the image?
-
Authorize form
- Show details about permissions
- Show app logo
-
Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
-
feat(perms): add groups and roles
-
UserWebGUI: add TOTP
-
send emails to users
-
Login form
-
Register form
-
Redirect to login form if unauthenticated
-
Upload picture
-
OAuth2
- Authorize form
- Verify authorize
- Get access token
-
Support OpenID to use with demo client oauth2c
- .well-known/openid-configuration
-
architecture refactor
-
AdminCLI: init
-
AdminCLI: list users
-
AdminCLI: create and invite user
-
UserWebGUI: Invitation
-
UserWebGUI: Redirect to login when JWT expire
-
UserWebGUI: Show user authorizations.
-
UserWebGUI: Allow to revoke an authorization
-
UserWebGUI: Show available apps (basic)
-
UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did not started here.
- all apps must have a
/oauth2/loginURL that redirect to the right minauth /authorize URL,login_uriin config.toml
- all apps must have a
-
UserWebGUI: activate account with token
-
basic docker setup
-
make
docker stopworking (handle SIGTERM/SIGINT) -
implement docker secrets. https://docs.docker.com/engine/swarm/secrets/
-
Find a minimal OpenID client implementation like Listmonk but a little bit more mature