Strapi
Create
Log in / Sign up
Roadmap
Security
11
Create a Post
Category
Select Category
Title
Details
Create Post
Powered by Canny
1
Add option for sending admin invite email instead of just a link to copy/paste
Currently when you add a new admin user we do not send an email to the user, we create a link that has to be manually copy/pasted over to the user.
0
22
Set password complexity
I would like to be able to set password complexity. It would be convenient to set restrictions to password length, big letters, small letters, numbers, etc see: https://github.com/strapi/strapi/issues/4990
2
229
Support 2FA (via users & permissions plugin)
If you're building an API which needs a high-security level, it can be very useful to use a 2FA. We could pretty easily support two-factor authentication using the current implementation of the Users & Permissions plugin. For more details, please see https://github.com/strapi/strapi/issues/786
5
120
Change user email
Currently, you cannot change the user email because it works like a unique ID. As we allow to edit the user password, we should also offer the ability to edit the email. This is the purpose of this feature. More details in this issue: https://github.com/strapi/strapi/issues/2691
0
7
Support 2FA (via Admin Panel)
I think it would be very easy to add something like TOTP 2FA (EG google authentication) http://www.passportjs.org/packages/passport-2fa-totp/
0
127
Multiple authentication providers per user
The current implementation only supports one provider by user. This feature will allow your user to support multiple authentication providers like Google and Twitter for the same user. Related issue: https://github.com/strapi/strapi/issues/2468
4
55
Support authentication providers
Currently, the plugin which allows you to manage users and permissions doesn't support a provider system like it's already the case with the email plugin For more details, please see https://github.com/strapi/strapi/issues/1819
0
1
Prevent login overrides with SSO feature
The new SSO feature of Strapi is great and it has it's pros - however, also cons. And the biggest con is that it's possible for intruder to access another user's account by creating an account on some provider with an e-mail of such admin user. For example, let's say you have two provider: Google and Sign in with Apple. An admin panel user has an Apple ID, but doesn't have a Google account. An intruder wants to access the system and knows an email of the user. He creates a Google account with an e-mail address of a user. Then he logs in to the admin panel without any problems under that user's account and gains access to the data in Strapi. See: https://github.com/strapi/strapi/issues/9466
0
58
SSO: Permissions management via third-parties
Part of the SSO, we would like to support permissions management via third parties such as Active Directory, LDAP, JumpCloud, etc. It includes fields synchronization and roles mapping.
1
4
Use strapi as resource server when integrating with oauth2
When integrating with oauth2, I think it's more common to use strapi as resource server instead of client(strapi is headless). It's the duty of frontend (like nextjs) to get user authenticated and obtain the access token which used in Authentication header when access strapi, what strapi should do is validate access token and get user info from it. This make strapi more easy to integrate with other backend. see: https://github.com/strapi/strapi/issues/12207
0
Load More
→
Powered by Canny