identity-server-api-using-node-js/changes at main · guihensanfer/identity-server-api-using-node-js · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27


_________________________

* OKDONE generate keys to cripty the tokens and codes info, every client app need to know about your own cript secret key

OK DONE *** security -> check if the loginWithCode is the refresh or otp token, because can the bad user try to login with a different token
    * do it for all endpoints, maybe we needs an enum to map all possibilities

OK DONE *** google callback today that is return the refreshtoken, change to return userinfotoken
** OK DONE (THERE IS NOT DEFAULT-LANGUAGE PROVIDER BY GOOGLE USER INFO ENDPOINT) OAUTH GOOGLE DEFAULT LANGUAGE SAVE
* OK DONE result json esta campos bit deve ser boolean a apresentação
* OK DONE pensar como a aplicação irá obter o contexto inicial ao abrir o identityserver. provavelmente usando uma conta super usuario
* OK DONE revisar todos os metodos novos
2 ok DONE Api endpoint result show 400 badrequest mensages with the word case correcty. There is situations when the attribute name is showing diferents word case
Examples:

Wrong ->  BadRequest 400 The Email is required.
OK    ->  BadRequest 400 The email is required.
1.2 OK DONE Standardize the GET queries from the GET request so that the login attribute names have similar nomenclatures;
For exemple: GET query name today -> token, correctily -> refreshToken (like the login body attribute)
* OK DONE login without password (login with email and code numbers)
*** OK DONE security: implement validation to count wrong tried log in to prevent robots requests.
*** OKDONE encript operations around the code, become to use the passwordEncryptServe
** OKDONE add description statusCode to body and 429 too many requests
*** OKDONE TOO MANY WRONG LOGGINS DISABLED CURRENT USER
** OKDONE google login we need to update the user too, not only create