minauthator/TODO.md

TODO

• better OIDC support

  • better support of profile openid email roles scopes
  • support of custom id_token claims mapping/binding
    • example for Vikunja: vikunja_teams or vikunja_groups attribute
    • being able to say :
      • For this client, I want to add this claim
      • with the key X
      • and the value taken from an expression
      • eg "json_array(user.groups)"

• i18n strings in the HTTP website.

• Instance customization support

• Public endpoint to get user avatar by id

• Rework avatar upload to limit size and process the image?

• Authorize form

  • Show details about permissions
  • Show app logo

• Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1

• feat(perms): add groups and roles

• UserWebGUI: add TOTP

• send emails to users

• Login form

• Register form

• Redirect to login form if unauthenticated

• Upload picture

• OAuth2

  • Authorize form
  • Verify authorize
  • Get access token

• Support OpenID to use with demo client oauth2c

  • .well-known/openid-configuration

• architecture refactor

• AdminCLI: init

• AdminCLI: list users

• AdminCLI: create and invite user

• UserWebGUI: Invitation

• UserWebGUI: Redirect to login when JWT expire

• UserWebGUI: Show user authorizations.

• UserWebGUI: Allow to revoke an authorization

• UserWebGUI: Show available apps (basic)

• UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did not started here.

  • all apps must have a /oauth2/login URL that redirect to the right minauth /authorize URL, login_uri in config.toml

• UserWebGUI: activate account with token

• basic docker setup

• make docker stop working (handle SIGTERM/SIGINT)

• implement docker secrets. https://docs.docker.com/engine/swarm/secrets/

• Find a minimal OpenID client implementation like Listmonk but a little bit more mature