Implicit OpenID Connect (OIDC) and OAuth 2.0 Provider with opinionated identity management.
heimdall is heavily focused on providing authentication and authorization mechanism to SPAs by generating id_token and access_token via implicit flow.
There are some missing functionality that should be implemented before v1.0.
- Split handlers into multiple classes (or files)
- Decision about custom
scopesandclaims - Implement todos written in comments
- Extract account management code
- Add
mongodbstore - Add
memorystore - Decision about configurable parameters
- Pass configuration from
YAMLfiles - Convert
parseAuthorizationfunction to a middleware - Silent callback
- Api resource scopes
- Create sample app repository
- Encrypt provider
access_tokeninmongodb - Add logging
- Add proper documentation and explain the decisions made (e.g. why there is no consent)