diff --git a/CHANGES.rst b/CHANGES.rst
index fd2efd08..e7136903 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,13 +4,13 @@ The format is based on `Keep a Changelog `
and this project adheres to `Semantic Versioning `_.
Added
-*****
+=====
- Add `created` and `last_modified` datetime for all models
- Sitemap to the documentation :pr:`169`
Changed
-*******
+=======
- Use default python logging configuration format. :issue:`188` :pr:`165`
- Bump to htmx 1.99.11 :pr:`166`
@@ -18,68 +18,68 @@ Changed
- Use shibuya as the documentation theme :pr:`168`
[0.0.42] - 2023-12-29
-=====================
+---------------------
Fixed
-*****
+=====
- Avoid to fail on imports if ``cryptography`` is missing.
[0.0.41] - 2023-12-25
-=====================
+---------------------
Added
-*****
+=====
- OIDC `prompt=create` support. :issue:`185` :pr:`164`
Fixed
-*****
+=====
- Correctly set up Client audience during OIDC dynamic registration.
- ``post_logout_redirect_uris`` was ignored during OIDC dynamic registration.
- Group field error prevented the registration form validation.
[0.0.40] - 2023-12-22
-=====================
+---------------------
Added
-*****
+=====
- ``THEME`` can be a relative path
[0.0.39] - 2023-12-15
-=====================
+---------------------
Fixed
-*****
+=====
- Crash when no ACL were defined
- OIDC Userinfo endpoint is also available in POST
- Fix redirection after password reset :issue:`159`
[0.0.38] - 2023-12-15
-=====================
+---------------------
Changed
-*******
+=======
- Convert all the png in webp. :pr:`162`
- Update to flask 3 :issue:`161` :pr:`163`
[0.0.37] - 2023-12-01
-=====================
+---------------------
Fixed
-*****
+=====
- Handle 4xx and 5xx error codes with htmx. :issue:`171` :pr:`161`
[0.0.36] - 2023-12-01
-=====================
+---------------------
Fixed
-*****
+=====
- Avoid crashing when LDAP groups references unexisting users.
- Password reset and initialization mails were only sent to the
@@ -90,36 +90,36 @@ Fixed
- Encrypt passwords in the SQL backend.
[0.0.35] - 2023-11-25
-=====================
+---------------------
Added
-*****
+=====
- Refresh token grant supports other client authentication methods. :pr:`157`
- Implement a SQLAlchemy backend. :issue:`30` :pr:`158`
Changed
-*******
+=======
- Model attributes cardinality is closer to SCIM model. :pr:`155`
- Bump to htmx 1.9.9 :pr:`159`
Fixed
-*****
+=====
- Disable HTMX boosting during the OIDC dance. :pr:`160`
[0.0.34] - 2023-10-02
-=====================
+---------------------
Fixed
-*****
+=====
- Canaille installations without account lockabilty could not
delete users. :pr:`153`
Added
-*****
+=====
- If users register or authenticate during a OAuth Authorization
phase, they get redirected back to that page afterwards.
@@ -130,32 +130,32 @@ Added
- Add support for python 3.12 :pr:`155`
[0.0.33] - 2023-08-26
-=====================
+---------------------
Fixed
-*****
+=====
- OIDC jwks endpoint do not return empty kid claim
Added
-*****
+=====
- Documentation details on the canaille models.
[0.0.32] - 2023-08-17
-=====================
+---------------------
Added
-*****
+=====
- Additional inmemory backend :issue:`30` :pr:`149`
- Installation extras :issue:`167` :pr:`150`
[0.0.31] - 2023-08-15
-=====================
+---------------------
Added
-*****
+=====
- Configuration option to disable the forced usage of OIDC nonce :pr:`143`
- Validate phone numbers with a regex :pr:`146`
@@ -163,56 +163,56 @@ Added
- Account registration :issue:`55` :pr:`133` :pr:`148`
Fixed
-*****
+=====
- The `check` command uses the default configuration values.
Changed
-*******
+=======
- Modals do not need use javascript at the moment. :issue:`158` :pr:`144`
[0.0.30] - 2023-07-06
-=====================
+---------------------
🚨Configuration files must be updated.🚨
Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``
Added
-*****
+=====
- Configuration option to disable javascript :pr:`141`
Changed
-*******
+=======
- Configuration ``USER_FILTER`` is parsed with jinja.
- Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``
[0.0.29] - 2023-06-30
-=====================
+---------------------
Fixed
-*****
+=====
- Disabled HTMX boosting on OIDC forms to avoid errors.
[0.0.28] - 2023-06-30
-=====================
+---------------------
Fixed
-*****
+=====
- A template variable was misnamed.
[0.0.27] - 2023-06-29
-=====================
+---------------------
🚨Configuration files must be updated.🚨
Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``
Added
-*****
+=====
- Configuration entries can be loaded from files if the entry key has a *_FILE* suffix
and the entry value is the path to the file. :issue:`134` :pr:`134`
@@ -220,44 +220,44 @@ Added
- Pages are boosted with HTMX :issue:`144` :issue:`145` :pr:`137`
Changed
-*******
+=======
- Bump to jquery 3.7.0 :pr:`138`
Fixed
-*****
+=====
- Profile edition when the user RDN was not ``uid`` :issue:`148` :pr:`139`
Removed
-*******
+=======
- Stop support for python 3.7 :pr:`131`
[0.0.26] - 2023-06-03
-=====================
+---------------------
Added
-*****
+=====
- Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+
:issue:`13` :pr:`118`
- Timezone configuration entry. :issue:`137` :pr:`130`
Fixed
-*****
+=====
- Avoid setting ``None`` in JWT claims when they have no value.
- Display password recovery button on OIDC login page. :pr:`129`
[0.0.25] - 2023-05-05
-=====================
+---------------------
🚨Configuration files must be updated.🚨
Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``
Changed
-*******
+=======
- Renamed user model attributes to match SCIM naming convention. :pr:`123`
- Moved OIDC related configuration entries in ``OIDC``
@@ -267,53 +267,53 @@ Changed
- Bumped to htmx 1.9.2 :pr:`127`
Fixed
-*****
+=====
- ``OIDC.JWT.MAPPING`` configuration entry is really optional now.
- Fixed empty model attributes registration :pr:`125`
- Password initialization mails were not correctly sent. :pr:`128`
[0.0.24] - 2023-04-07
-=====================
+---------------------
Fixed
-*****
+=====
- Fixed avatar update. :pr:`122`
[0.0.23] - 2023-04-05
-=====================
+---------------------
Added
-*****
+=====
- Organization field. :pr:`116`
- ETag and Last-Modified headers on user photos. :pr:`116`
- Dynamic form validation :pr:`120`
Changed
-*******
+=======
- UX rework. Submenu addition. :pr:`114`
- Properly handle LDAP date timezones. :pr:`117`
Fixed
-*****
+=====
- CSRF protection on every forms. :pr:`119`
[0.0.22] - 2023-03-13
-=====================
+---------------------
Fixed
-*****
+=====
- faker is not imported anymore when the `clean` command is called.
[0.0.21] - 2023-03-12
-=====================
+---------------------
Added
-*****
+=====
- Display TOS and policy URI on the consent list page. :pr:`102`
- Admin token deletion :pr:`100` :pr:`101`
@@ -329,21 +329,21 @@ Added
- Title edition support :pr:`113`
Fixed
-*****
+=====
- Client deletion also deletes related Consent, Token and
AuthorizationCode objects. :issue:`126` :pr:`98`
Changed
-*******
+=======
- Removed datatables.
[0.0.20] - 2023-01-28
-=====================
+---------------------
Added
-*****
+=====
- Spanish translation. :pr:`85` :pr:`88`
- Dedicated connectivity test email :pr:`89`
@@ -352,7 +352,7 @@ Added
- Update to datatables 1.13.1 :pr:`90`
Fixed
-*****
+=====
- Fix typos and grammar errors. :pr:`84`
- Fix wording and punctuations. :pr:`86`
@@ -361,45 +361,45 @@ Fixed
- Fixed dynamic registration scope management. :issue:`123` :pr:`93`
[0.0.19] - 2023-01-14
-=====================
+---------------------
Fixed
-*****
+=====
- Ensures the token `expires_in` claim and the `access_token` `exp` claim
have the same value. :pr:`83`
[0.0.18] - 2022-12-28
-=====================
+---------------------
Fixed
-*****
+=====
- OIDC end_session was not returning the ``state`` parameter in the
``post_logout_redirect_uri`` :pr:`82`
[0.0.17] - 2022-12-26
-=====================
+---------------------
Fixed
-*****
+=====
- Fixed group deletion button. :pr:`80`
- Fixed post requests in oidc clients views. :pr:`81`
[0.0.16] - 2022-12-15
-=====================
+---------------------
Fixed
-*****
+=====
- Fixed LDAP operational attributes handling.
[0.0.15] - 2022-12-15
-=====================
+---------------------
Added
-*****
+=====
- User can chose their favourite display name. :pr:`77`
- Bumped to authlib 1.2. :pr:`78`
@@ -408,17 +408,17 @@ Added
- Added ``nonce`` to the ``claims_supported`` server metadata list.
[0.0.14] - 2022-11-29
-=====================
+---------------------
Fixed
-*****
+=====
- Fixed translation mo files packaging.
[0.0.13] - 2022-11-21
-=====================
+---------------------
Fixed
-*****
+=====
- Fixed a bug on the contacts field in the admin client form following
the LDAP schema update of 0.0.12
@@ -432,14 +432,14 @@ Fixed
- Fixed client preconsent disabling. :pr:`72`
Added
-*****
+=====
- Python 3.11 support. :pr:`61`
- apparmor slapd configuration instructions in CONTRIBUTING.rst :pr:`66`
- ``preferredLanguage`` attribute support. :pr:`75`
Changed
-*******
+=======
- Replaced the use of the deprecated `FLASK_ENV` environment variable by
`FLASK_DEBUG`.
@@ -450,50 +450,50 @@ Changed
- The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`
[0.0.12] - 2022-10-24
-=====================
+---------------------
Added
-*****
+=====
- Basic WebFinger endpoint. :pr:`59`
- Bumped to FomanticUI 2.9.0 00ffffee
- Implemented Dynamic Client Registration :pr:`60`
[0.0.11] - 2022-08-11
-=====================
+---------------------
Added
-*****
+=====
- Default theme has a dark variant. :pr:`57`
Fixed
-*****
+=====
- Fixed missing ``canaille`` binary. :pr:`58`
[0.0.10] - 2022-07-07
-=====================
+---------------------
Fixed
-*****
+=====
- Online demo. :pr:`55`
- The consent page was displaying scopes not supported by clients. :pr:`56`
- Fixed end session when user are already disconnected.
[0.0.9] - 2022-06-05
-====================
+--------------------
Added
-*****
+=====
- ``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`
- ``edit_self`` ACL permission to control user self edition. :pr:`47`
- Implemented RP-initiated logout :pr:`54`
Changed
-*******
+=======
- Bumped to authlib 1 :pr:`48`
- documentation improvements :pr:`50`
@@ -501,59 +501,59 @@ Changed
- additional nonce tests :pr:`52`
Fixed
-*****
+=====
- ``HIDE_INVALID_LOGIN`` behavior and default value.
- mo files are not versionned anymore :pr:`49` :pr:`53`
[0.0.8] - 2022-03-15
-====================
+--------------------
Fixed
-*****
+=====
- Fixed dependencies
[0.0.7] - 2022-03-15
-====================
+--------------------
Fixed
-*****
+=====
- Fixed spaces and escaped special char in ldap cn/dn :pr:`43`
[0.0.6] - 2022-03-08
-====================
+--------------------
Changed
-*******
+=======
- Access token are JWT. :pr:`38`
Fixed
-*****
+=====
- Default groups on invitations :pr:`41`
- Schemas are shipped within the canaille package :pr:`42`
[0.0.5] - 2022-02-17
-====================
+--------------------
Changed
-*******
+=======
- LDAP model objects have new identifiers :pr:`37`
Fixed
-*****
+=====
- Admin menu dropdown display :pr:`39`
- `GROUP_ID_ATTRIBUTE` configuration typo :pr:`40`
[0.0.4] - 2022-02-16
-====================
+--------------------
Added
-*****
+=====
- Client preauthorization :pr:`11`
- LDAP permissions check with the check command :pr:`12`
@@ -576,7 +576,7 @@ Added
- LDAP backend refactoring :pr:`35`
Fixed
-*****
+=====
- Fixed ghost members in a group :pr:`14`
- Fixed email sender names :pr:`19`
@@ -588,10 +588,10 @@ Fixed
- Spelling typos :pr:`36`
[0.0.3] - 2021-10-13
-====================
+--------------------
Added
-*****
+=====
- Two-steps sign-in :issue:`49`
- Tokens can have several audiences. :issue:`62` :pr:`9`
@@ -599,16 +599,16 @@ Added
- Groups managament. :issue:`12` :pr:`6`
Fixed
-*****
+=====
- Introspection access bugfix. :issue:`63` :pr:`10`
- Introspection sub claim. :issue:`64` :pr:`7`
[0.0.2] - 2021-01-06
-====================
+--------------------
Added
-*****
+=====
- Login page is responsive. :issue:`1`
- Adapt mobile keyboards to login page fields. :issue:`2`
@@ -630,20 +630,20 @@ Added
- Password initialization mail. :pr:`51`
Fixed
-*****
+=====
- Form translations. :issue:`19` :issue:`23`
- Avoid to use Google Fonts. :issue:`21`
Removed
-*******
+=======
- 'My tokens' page. :issue:`22`
[0.0.1] - 2020-10-21
-====================
+--------------------
Added
-*****
+=====
- Initial release.
diff --git a/doc/reference.rst b/doc/reference.rst
index d814c66e..28be1303 100644
--- a/doc/reference.rst
+++ b/doc/reference.rst
@@ -1,6 +1,9 @@
Reference
#########
+This reference details the data models used by Canaille.
+This is mostly useful for developers.
+
.. automodule:: canaille.backends.models
:members:
:show-inheritance:
diff --git a/doc/specifications.rst b/doc/specifications.rst
index 10e5c86e..d1613dee 100644
--- a/doc/specifications.rst
+++ b/doc/specifications.rst
@@ -1,6 +1,8 @@
Specifications
##############
+This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers.
+
State of the specs in Canaille
==============================
@@ -55,7 +57,6 @@ Comparison with other providers
Here is a feature comparison with other OpenID Connect server software.
Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple.
-We are currently working on supporting SQL databases backends.
+---------------+-------+-----------+------+---------------------------+--------------+
| Software | Project | Protocols implementations | Backends |