An account system for my silly little projects
This is an accounts system, similar to Google or Microsoft! Accounts dont do much on their own, but they can be used to log into apps and services. In Googles case, these are things like Gmail, YouTube, GCP, Google Drive, Google Docs, etc etc you get the point.
This account system is designed to be just as flexable!
Currently Tally Accounts have no services to log into. I am currently working on migrating my past apps to this new system. My app Todo has its own account system.
When I tried to start a new project, I realized i would need to either make a completely seperate system for the new app, or deal with no accounts. This did not sit well with me so I started on this project
To create an account you have 2 options:
-
Username & Password
On the signup page, simply type in a username and password, hit create, and youre done!
-
Third party service
On the signup page, click on either the Discord or GitHub buttons. this will redirect you to their respective OAuth2 pages.
Once authenticated with GitHub or Discord, you will be prompted to pick a username, once you hit create, you now have your account!
Accounts can be edited in the edit page. Here you can:
- Upload/change your profile picture
- Change your username
- Change your password
- Remove your password
- Add a password
- Add a third party login
- Remove a third party login
- Set your bio & pronouns
- Set a display name
- Delete your account
To log in, enter your username and password, or click on the Discord or GitHub buttons to log in with those services.
If you attempt to log in with a third party service, but that service is not linked to an account, you will be prompted to create an account with that service.
To log out, simply click the logout button in the top right corner of the card in the @me page, or go to logout to log out.
ps: im gonna add a better way to log out in the nav bar i just forgot also pretend you didnt see this im breaking my formal-ish character okay bye
To delete your account, go to the edit page, scroll to the bottom, and click the delete account button.
After 4 confirmations, your account will be deleted. This is to prevent accidental deletions, so be careful!
Deleting your account immediately deletes all of your data, including:
- Your profile picture
- Your username (will be free immediately after deletion)
- Your password
- Your linked third party accounts
- Your bio & pronouns
- Your display name
There will be no trace of you*
*idk mabye the data still exists on disk but its marked as deleted and will be overwritten eventually, but for all intents and purposes, its gone
The whole point of this app is to authenticate with other apps! This is the system that lets that happen!
Apps can redirect the OAuth2 authorization page, where the user confirmes, and is redirected back to the with an access code to get an access token, which can be used to authenticate with the app.
To test this system out you can go to these links:
- Only Identity
- Identity + GitHub
- Identity + Discord
- Identity + GitHub + Discord
- Nothing? (just for fun)
These pages show what apps can see with each scope!
You can also test out the parameter signing and verification system! Here are a few links that have issues (they should error!)
- Missing signature
- Modified signature
- Modified scope
- Modified redirect url
- Incorrect redirect url (with valid signature (shouldnt happen but i still tested for it))
-
Add Google as a third party login option (this is a maybe)
-
Add more customization options for accounts (themes, profile layouts, etc)
-
Add a way to see and manage active sessions (see where youre logged in and remove sessions you dont recognize or dont use anymore)
-
Add 2fa for passwords (Technically already supported by the accounts system, I just did not create an api for it yet.)
-
Split up the edit page so everything isnt all smushed together into one page