complete authentication #27
Description
hohwille
Issue body actions
- currently I can not see who I am after being logged in. This is IMHO a generic requirement of any app.
- currently there seems no way to log out
- I personally want to ask if we should do the authentication by the backend. What if I want to use the REST API without the client? You might have arguments against this point and I am open for discussion. The authentication scheme is provided by the backend. So shouldnt the backend be fully responsible then? If we change or extend the authentication (e.g. add TFA via TOTP or switch to FIDO2) shoud we always change the client? What if we have multiple clients (angular, Android, iOS, etc.)? Should be be forced to change all of them? Or would it be better to have a design where only the backend is in charge of controling the login process?
Reactions are currently unavailable