This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
dex/TODO.md
Eric Chiang 3b0e10740f *: add TODO
While the issue tracker is being used for the master branch, add a
TODO file to record work to do on this branch. Issues are currently
unprioritized and do not indicate requirements for any particular
milestone.
2016-08-25 16:48:24 -07:00

1.9 KiB

TODOs in no particular order

OpenID Connect / OAuth2

  • Let clients require signing algorithms (see id_token_signed_response_alg)
  • Support ECDSA keys
  • Support client_secret_jwt client authentication
  • Add a "NextSigningKey" to the storage.Keys type so clients can cache more aggressively
  • Support grant_type=password

API

  • Determine best way to expose an API
    • Use access tokens so we don't expose the underlying credentials implementation
    • Support grant_type=client_credentials so clients can operate on their own
    • Figure out a spec for the access tokens so other services can use them
  • Group API, ability to list groups, members, etc.
  • Expose capabilities of the server (implicit support, group API, etc.)

Connectors

  • Port BitBucket connector
  • Port UAA connector
  • Simplify LDAP connector configuration
  • Create proposal for a minimal "local" connector implementation

User self-management

  • Implement the user object proposal
  • Provide user profile page
  • Let user's merge accounts when they have multiple remote identities
  • Let user's revoke clients with refresh tokens

Documentation

  • Describe motivation for a V2
  • Add OpenID Connect client library suggestions
  • Add getting started guide
  • Add more connector documentation
    • Include instructions for getting client credentials for upstream provider
  • Improve Kubernetes documentation and include client auth provider docs

Storage

  • Add SQL storage implementation
  • Utilize fixes for third party resources in Kubernetes 1.4

UX

  • Add 500 and 404 pages
  • Add an OBB template
  • Set an HTTP cookie so users aren't constantly reprompted for passwords
  • Add proposal for letting others style existing HTML templates
  • Support serving arbitrary static assets

Backend

  • Improve logging, possibly switch to logrus
  • Standardize OAuth2 error handling