From 3b0e10740f5f3740d117acf1cf24b0dbc944001b Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Thu, 25 Aug 2016 14:54:53 -0700 Subject: [PATCH] *: add TODO While the issue tracker is being used for the master branch, add a TODO file to record work to do on this branch. Issues are currently unprioritized and do not indicate requirements for any particular milestone. --- TODO.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 TODO.md diff --git a/TODO.md b/TODO.md new file mode 100644 index 00000000..69418876 --- /dev/null +++ b/TODO.md @@ -0,0 +1,59 @@ +TODOs in no particular order + +OpenID Connect / OAuth2 + +- [ ] Let clients require signing algorithms (see id_token_signed_response_alg) +- [ ] Support ECDSA keys +- [ ] Support client_secret_jwt client authentication +- [ ] Add a "NextSigningKey" to the storage.Keys type so clients can cache more aggressively +- [ ] Support grant_type=password + +API + +- [ ] Determine best way to expose an API + - [ ] Use access tokens so we don't expose the underlying credentials implementation + - [ ] Support grant_type=client_credentials so clients can operate on their own + - [ ] Figure out a spec for the access tokens so other services can use them +- [ ] Group API, ability to list groups, members, etc. +- [ ] Expose capabilities of the server (implicit support, group API, etc.) + +Connectors + +- [ ] Port BitBucket connector +- [ ] Port UAA connector +- [ ] Simplify LDAP connector configuration +- [ ] Create proposal for a minimal "local" connector implementation + +User self-management + +- [ ] Implement the user object proposal +- [ ] Provide user profile page +- [ ] Let user's merge accounts when they have multiple remote identities +- [ ] Let user's revoke clients with refresh tokens + +Documentation + +- [ ] Describe motivation for a V2 +- [ ] Add OpenID Connect client library suggestions +- [ ] Add getting started guide +- [ ] Add more connector documentation + - [ ] Include instructions for getting client credentials for upstream provider +- [ ] Improve Kubernetes documentation and include client auth provider docs + +Storage + +- [ ] Add SQL storage implementation +- [ ] Utilize fixes for third party resources in Kubernetes 1.4 + +UX + +- [ ] Add 500 and 404 pages +- [ ] Add an OBB template +- [ ] Set an HTTP cookie so users aren't constantly reprompted for passwords +- [ ] Add proposal for letting others style existing HTML templates +- [ ] Support serving arbitrary static assets + +Backend + +- [ ] Improve logging, possibly switch to logrus +- [ ] Standardize OAuth2 error handling