Home

Welcome to the agile-idm-web-ui wiki!

Roadmap:

Requirements:
add Dropbox authentication
update the interface to the policy decision point and split this in a separate component
hash users' passwords
Nice to have:
list entities by type in separate endpoint for the api
improve errror handling when the redirect to is lost in the login page (url must be a string error)

change the console-based script to generate users and clients to use the API without enforcement to ensure that policies were created for every entity
bug fixes:
fix group issue reported in agile-idm-entity-storage: groups now can be deleted without removing entities first. Before there was an inconsistency when this was the case.
fix issue when the same user logs is with different clients: when the same user used different clients simultaneously, there was only one session valid.
fix to ensure that the client id is propagated to the provider strategies. This allows strategies to create tokens for a particular oauth2 flow and for a particular client, to ensure that there are no race conditions.
fix add expiration time, and deletion of tokens that expired (when they are queried). Also a general cleanup of the token db happens whenever tokens are iterated, so we keep only tokens that are valid.
fix session sync issue between passport and tokens stored in the db (this was generating an error when integrated with OS.js from which the only way to recover is to delete cookies from the browser)

Oauth Server functionality:
implements the authorization code authorization flow see example here
implements the client credential authorization flow see example here
implements the implicit grant see example here
Storage:
Proper handling of Oauth2 clients (through entities of type client)
Storage of tokens
Generic storage of entities in leveldb
Policy Enforcement
Uses owner policies to handle visibility of private attributes, such as the user's password
Uses role policies (admin) to protect creation of new entities and setting of roles and passwords.