3b0e10740f
While the issue tracker is being used for the master branch, add a TODO file to record work to do on this branch. Issues are currently unprioritized and do not indicate requirements for any particular milestone.
1.9 KiB
1.9 KiB
TODOs in no particular order
OpenID Connect / OAuth2
- Let clients require signing algorithms (see id_token_signed_response_alg)
- Support ECDSA keys
- Support client_secret_jwt client authentication
- Add a "NextSigningKey" to the storage.Keys type so clients can cache more aggressively
- Support grant_type=password
API
- Determine best way to expose an API
- Use access tokens so we don't expose the underlying credentials implementation
- Support grant_type=client_credentials so clients can operate on their own
- Figure out a spec for the access tokens so other services can use them
- Group API, ability to list groups, members, etc.
- Expose capabilities of the server (implicit support, group API, etc.)
Connectors
- Port BitBucket connector
- Port UAA connector
- Simplify LDAP connector configuration
- Create proposal for a minimal "local" connector implementation
User self-management
- Implement the user object proposal
- Provide user profile page
- Let user's merge accounts when they have multiple remote identities
- Let user's revoke clients with refresh tokens
Documentation
- Describe motivation for a V2
- Add OpenID Connect client library suggestions
- Add getting started guide
- Add more connector documentation
- Include instructions for getting client credentials for upstream provider
- Improve Kubernetes documentation and include client auth provider docs
Storage
- Add SQL storage implementation
- Utilize fixes for third party resources in Kubernetes 1.4
UX
- Add 500 and 404 pages
- Add an OBB template
- Set an HTTP cookie so users aren't constantly reprompted for passwords
- Add proposal for letting others style existing HTML templates
- Support serving arbitrary static assets
Backend
- Improve logging, possibly switch to logrus
- Standardize OAuth2 error handling