Boards

Content Editing XP

Developer Experience

Documentation

Feature Requests

Strapi Cloud

Plugin Requests

Security

Powered by Canny

Security

Support 2FA (via users & permissions plugin)

If you're building an API which needs a high-security level, it can be very useful to use a 2FA. We could pretty easily support two-factor authentication using the current implementation of the Users & Permissions plugin. For more details, please see https://github.com/strapi/strapi/issues/786

Support 2FA (via Admin Panel)

I think it would be very easy to add something like TOTP 2FA (EG google authentication) http://www.passportjs.org/packages/passport-2fa-totp/

Use strapi as resource server when integrating with oauth2

When integrating with oauth2, I think it's more common to use strapi as resource server instead of client(strapi is headless). It's the duty of frontend (like nextjs) to get user authenticated and obtain the access token which used in Authentication header when access strapi, what strapi should do is validate access token and get user info from it. This make strapi more easy to integrate with other backend. see: https://github.com/strapi/strapi/issues/12207

Add Hierarchical RBAC permission capabilities

Currently any admin user with edit rights can edit any other admin user (including themselves) to elevate their permissions beyond their current role. Related EE TID: 8077

Enable MFA for administrator login

How can I enable MFA for administrator login? like: email token link third party authenticator

Add option for sending admin invite email instead of just a link to copy/paste

Currently when you add a new admin user we do not send an email to the user, we create a link that has to be manually copy/pasted over to the user.

Allow content over the api to have configurable access conditions like admin features do

Strapi's REST API allows for someone to create a request in a front-end application that is visible in the console, with which a third party could figure out how to view unpublished content. This is because access to unpublished content is achieved with a public query filter. Depending on the importance of the organisation, or the content, access to embargoed content could be seriously damaging. Access permissions for content should be made conditional, just as conditionProvider is used for access to parts of the admin.

Multiple authentication providers per user

The current implementation only supports one provider by user. This feature will allow your user to support multiple authentication providers like Google and Twitter for the same user. Related issue: https://github.com/strapi/strapi/issues/2468

Change user email

Currently, you cannot change the user email because it works like a unique ID. As we allow to edit the user password, we should also offer the ability to edit the email. This is the purpose of this feature. More details in this issue: https://github.com/strapi/strapi/issues/2691

Set password complexity

I would like to be able to set password complexity. It would be convenient to set restrictions to password length, big letters, small letters, numbers, etc see: https://github.com/strapi/strapi/issues/4990

Load More

→

Powered by Canny