In order to have maximum flexibility for customization, the UI should be separate from the service. The service should provide only data endpoints
[ ] info endpoint - provides the available issuers
[ ] User endpoint - provides the user info
[ ] Admin/issuer - provide admin details about the issuers
[ ] Admin/sessions - provide admin details about the current sessions (user+issuer)
[ ] Admin/users - configure the user scopes and origins
[ ] Admin/paths - allows checker to run against all URLs and use internal configs rather then server configs.
[ ] Internal and server configs must word side by side
[ ] The admin/* endpoints are checker protected.
[ ] The UI is checker protected
[ ] The UI has a separate repo/deployment
[ ] The ui uses the service endpoints to configure itself.
This separation gives more flexibility to integrate auth functions into a more complex application. An application can ask the endpoints to receive or update certain functions of the UI.
phish108
commented
1 year ago
In order to have maximum flexibility for customization, the UI should be separate from the service. The service should provide only data endpoints
checkerto run against all URLs and use internal configs rather then server configs.admin/*endpoints arecheckerprotected.checkerprotectedThis separation gives more flexibility to integrate auth functions into a more complex application. An application can ask the endpoints to receive or update certain functions of the UI.