Show a list of login history for users

aaronpk / Personal-IndieAuth-Server

Placeholder repo to collect ideas and issues for the personal indieauth server replacement of indieauth.com

1 stars 0 forks source link

Show a list of login history for users #2

Open aaronpk opened 10 years ago

aaronpk commented 10 years ago

After I sign in using my domain, I should be able to see a list of successful and unsuccessful login attempts for my domain. Each login attempt should show:

client_id
redirect_uri
User Agent
IP address

Example of a good reference for a security audit page: https://github.com/settings/security

kartikprabhu commented 10 years ago

looking at GMail's similar info maybe also some sort of Location info based on IP and whether this account is currently logged in elsewhere with ability to revoke access to it.

aaronpk commented 10 years ago

Location info is definitely interesting.

The "current logins" with revoke option is nice, but that part isn't handled by indieauth.com right now. Currently each consumer of indieauth.com just uses it to verify identity, but handles login sessions independently.

There is some similar work being done in some extensions to OAuth 2, such as token revokation but I'd probably want to see how that shakes out before going down that path.