53 lines
1.6 KiB
Markdown
53 lines
1.6 KiB
Markdown
# OAuth2 spec
|
|
|
|
https://datatracker.ietf.org/doc/html/rfc6749
|
|
|
|
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
|
|
|
|
## Oauth2 test
|
|
|
|
-> authorize
|
|
|
|
# User flow
|
|
|
|
## Invitation flow
|
|
|
|
- Create invite
|
|
- generate A random
|
|
- user.reset_password_token = A
|
|
- user.status = "Invited"
|
|
- Send email with link to https://instance/reset-password?token=A&reason=invitation
|
|
- GET /reset-password?token=A&reason=invitation
|
|
- verification of token
|
|
- show form
|
|
- POST /reset-password
|
|
- BODY: with params token
|
|
- check token validity
|
|
- set new password hash
|
|
- if user.status == "invited"
|
|
- enable new account (user.status = "active")
|
|
- send welcome email
|
|
- redirect to login page with a message
|
|
- we need to redirect to the login page, so the user remember how to login later, and can
|
|
verify the setup of his/her password manager.
|
|
|
|
We can instead send link to https://instance/invitation?token=A
|
|
|
|
## Reset password flow
|
|
|
|
- Reset password request
|
|
- generate A random
|
|
- user.reset_password_token = A
|
|
- Send email with link to https://instance/reset-password?token=A&reason=lost_password
|
|
- GET /reset-password?token=A&reason=lost_password
|
|
- verification of token
|
|
- show form
|
|
- POST /reset-password
|
|
- BODY: with params token
|
|
- check token validity
|
|
- set new password hash
|
|
- redirect to login page with a message
|
|
- we need to redirect to the login page, so the user remember how to login later, and can
|
|
verify the setup of his/her password manager.
|
|
|
|
We can instead send link to https://instance/reset-password?token=A
|