Skip to content

docs: Slice 2a Accounts & Identity design spec#28

Merged
malinfossum merged 2 commits into
mainfrom
docs/slice2a-accounts-spec
Jul 8, 2026
Merged

docs: Slice 2a Accounts & Identity design spec#28
malinfossum merged 2 commits into
mainfrom
docs/slice2a-accounts-spec

Conversation

@malinfossum

Copy link
Copy Markdown
Collaborator

Design spec for Slice 2a — Accounts & Identity (the first half of Slice 2, Sharing & Accounts).

Scope: public multi-user accounts on ASP.NET Core Identity + cookie auth; PostgreSQL with EF migrations adopted; custom minimal-API auth endpoints + hand-authored vanilla-JS screens; per-user data isolation; full account lifecycle (register, verify, login, reset, change email/password, delete, lockout, remember-me).

Stress-tested across security / privacy / accessibility / loopholes — 12 findings folded into the spec (session invalidation, login enumeration, token handling, unverified-account lifecycle, a privacy/legal section, auth-screen a11y, and lifecycle edge cases).

Direction confirmed by both owners; opening for sign-off review before the implementation plan.

@malinfossum
malinfossum merged commit d0db0ea into main Jul 8, 2026
1 check passed
@malinfossum
malinfossum deleted the docs/slice2a-accounts-spec branch July 8, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant