space

space copied to clipboard

Is using refresh tokens a security hole?

1

Refresh tokens are defined with an `eternalExpirationLength`. Is that a security hole in the system? It must be investigated whether refresh tokens could be reused in an undefined period of...

earaujoassis

Investigate pending requests on the front-end app

earaujoassis

Apply password-hashing function to `application_key`

1

earaujoassis

Improve error messages and error handling

1

It's been tricky to obtain error messages when requesting something from the API or from the view side (mostly, OAuth methods). The error message and handling should be improved on...

earaujoassis

User could update `first_name`, `last_name`, and `email`.

earaujoassis

Each registered user will have a fixed / limited amount of invites and s/he can send invites through e-mail for friends. Their friends will be able to create user accounts,...

earaujoassis

Create a test/mock environment for selected clients

1

A client application could "authenticate" fake users in a test/mock environment. Users authenticated through this method should no persist any data in the relational datastore. Only selected clients can mock...

earaujoassis

Related to #59

earaujoassis

earaujoassis

Set application configuration for UI copy

1

In order to make it usable for thirdy-party users, it should be possible to set the UI copy through a configuration scheme. The application name should be changeable wherever possible....

earaujoassis