- Listing applications with admin_id in URL doesn't work.
- Password and PasswordHash is not written for both admins and users.
- No checking for essential fields in request body of all endpoints.
- Extra 'ID' in addition to an 'id' field in list applications response.
- Edit API.md to include changes since last generated.
- POSTPONED: Until issue 11 are resolved.
- Deploy to a single instance ECS.
- POSTPONED: Until issues 11, 5 are resolved.
- Figure out a better alternative HMAC based API keys.
- Implement refresh tokens (better HMAC alternative) for API keys.
- Authorise requests on /application endpoints using admin's JWT in authorization header.
- Authorise requests on /user endpoints using access token generated by application's refresh token.
- Delete TemporaryAccessToken before pushing first stable version
- Make sure all json tags are PascalCase.
- GenerateRefreshTokenForApplicationHandler is making three requests to database. Try to reduce it to two.
- SOLUTION: Could remove validation from db service and end up removing the update access token service entirely.