release: 0.4.1

[ImgBot] Optimize images

.version

@@ -1 +1 @@
-0.3.0
+0.4.1

CHANGELOG.md

@@ -1,3 +1,38 @@
+## [](https://github.com/stonith404/pocket-id/compare/v0.4.0...v) (2024-09-06)
+
+
+### Features
+
+* add name claim to userinfo endpoint and id token ([4e7574a](https://github.com/stonith404/pocket-id/commit/4e7574a297307395603267c7a3285d538d4111d8))
+
+
+### Bug Fixes
+
+* limit width of content on large screens ([c6f83a5](https://github.com/stonith404/pocket-id/commit/c6f83a581ad385391d77fec7eeb385060742f097))
+* show error message if error occurs while authorizing new client ([8038a11](https://github.com/stonith404/pocket-id/commit/8038a111dd7fa8f5d421b29c3bc0c11d865dc71b))
+
+## [](https://github.com/stonith404/pocket-id/compare/v0.3.1...v) (2024-09-03)
+
+
+### Features
+
+* add setup details to oidc client details ([fd21ce5](https://github.com/stonith404/pocket-id/commit/fd21ce5aac1daeba04e4e7399a0720338ea710c2))
+* add support for more username formats ([903b0b3](https://github.com/stonith404/pocket-id/commit/903b0b39181c208e9411ee61849d2671e7c56dc5))
+
+
+### Bug Fixes
+
+* non pointer passed to create user ([e7861df](https://github.com/stonith404/pocket-id/commit/e7861df95a6beecab359d1c56f4383373f74bb73))
+* oidc client logo not displayed on authorize page ([28ed064](https://github.com/stonith404/pocket-id/commit/28ed064668afeec8f80adda59ba94f1fc2fbce17))
+* typo in hasLogo property of oidc dto ([2b9413c](https://github.com/stonith404/pocket-id/commit/2b9413c7575e1322f8547490a9b02a1836bad549))
+
+## [](https://github.com/stonith404/pocket-id/compare/v0.3.0...v) (2024-08-24)
+
+
+### Bug Fixes
+
+* empty lists don't get returned correctly from the api ([97f7fc4](https://github.com/stonith404/pocket-id/commit/97f7fc4e288c2bb49210072a7a151b58ef44f5b5))
+
 ## [](https://github.com/stonith404/pocket-id/compare/v0.2.1...v) (2024-08-23)
 
 

Dockerfile

@@ -8,7 +8,7 @@ RUN npm run build
 RUN npm prune --production
 
 # Stage 2: Build Backend
-FROM golang:1.22-alpine AS backend-builder
+FROM golang:1.23-alpine AS backend-builder
 WORKDIR /app/backend
 COPY ./backend/go.mod ./backend/go.sum ./
 RUN go mod download

README.md

@@ -41,7 +41,7 @@ Pocket ID is available as a template on the Community Apps store.
 Required tools:
 
 - [Node.js](https://nodejs.org/en/download/) >= 20
-- [Go](https://golang.org/doc/install) >= 1.22
+- [Go](https://golang.org/doc/install) >= 1.23
 - [Git](https://git-scm.com/downloads)
 - [PM2](https://pm2.keymetrics.io/)
 - [Caddy](https://caddyserver.com/docs/install) (optional)

backend/go.mod

@@ -1,19 +1,20 @@
 module github.com/stonith404/pocket-id/backend
 
-go 1.22
+go 1.23
 
 require (
-	github.com/caarlos0/env/v11 v11.2.0
+	github.com/caarlos0/env/v11 v11.2.2
 	github.com/fxamacker/cbor/v2 v2.7.0
 	github.com/gin-contrib/cors v1.7.2
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-co-op/gocron/v2 v2.11.0
-	github.com/go-webauthn/webauthn v0.11.0
+	github.com/go-playground/validator/v10 v10.22.0
+	github.com/go-webauthn/webauthn v0.11.1
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/golang-migrate/migrate/v4 v4.17.1
 	github.com/google/uuid v1.6.0
 	github.com/joho/godotenv v1.5.1
-	golang.org/x/crypto v0.25.0
+	golang.org/x/crypto v0.26.0
 	golang.org/x/time v0.6.0
 	gorm.io/driver/sqlite v1.5.6
 	gorm.io/gorm v1.25.11
@@ -28,7 +29,6 @@ require (
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.0 // indirect
 	github.com/go-webauthn/x v0.1.12 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/google/go-tpm v0.9.1 // indirect
@@ -57,7 +57,7 @@ require (
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/sys v0.23.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

backend/go.sum

@@ -3,8 +3,8 @@ github.com/bytedance/sonic v1.12.1/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKz
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/bytedance/sonic/loader v0.2.0 h1:zNprn+lsIP06C/IqCHs3gPQIvnvpKbbxyXQP1iU4kWM=
 github.com/bytedance/sonic/loader v0.2.0/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/caarlos0/env/v11 v11.2.0 h1:kvB1ZmwdWgI3JsuuVUE7z4cY/6Ujr03D0w2WkOOH4Xs=
-github.com/caarlos0/env/v11 v11.2.0/go.mod h1:LwgkYk1kDvfGpHthrWWLof3Ny7PezzFwS4QrsJdHTMo=
+github.com/caarlos0/env/v11 v11.2.2 h1:95fApNrUyueipoZN/EhA8mMxiNxrBwDa+oAZrMWl3Kg=
+github.com/caarlos0/env/v11 v11.2.2/go.mod h1:JBfcdeQiBoI3Zh1QRAWfe+tpiNTmDtcCj/hHHHMx0vc=
 github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
 github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
@@ -33,8 +33,8 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
 github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
-github.com/go-webauthn/webauthn v0.11.0 h1:2U0jWuGeoiI+XSZkHPFRtwaYtqmMUsqABtlfSq1rODo=
-github.com/go-webauthn/webauthn v0.11.0/go.mod h1:57ZrqsZzD/eboQDVtBkvTdfqFYAh/7IwzdPT+sPWqB0=
+github.com/go-webauthn/webauthn v0.11.1 h1:5G/+dg91/VcaJHTtJUfwIlNJkLwbJCcnUc4W8VtkpzA=
+github.com/go-webauthn/webauthn v0.11.1/go.mod h1:YXRm1WG0OtUyDFaVAgB5KG7kVqW+6dYCJ7FTQH4SxEE=
 github.com/go-webauthn/x v0.1.12 h1:RjQ5cvApzyU/xLCiP+rub0PE4HBZsLggbxGR5ZpUf/A=
 github.com/go-webauthn/x v0.1.12/go.mod h1:XlRcGkNH8PT45TfeJYc6gqpOtiOendHhVmnOxh+5yHs=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
@@ -122,8 +122,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/arch v0.9.0 h1:ub9TgUInamJ8mrZIGlBG6/4TqWeMszd4N8lNorbrr6k=
 golang.org/x/arch v0.9.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
@@ -132,8 +132,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
 golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=

backend/images/logo.svg

@@ -1,17 +1 @@
-<svg id="a"
-    xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1015 1015">
-    <path d="M506.6,0c209.52,0,379.98,170.45,379.98,379.96,0,82.33-25.9,160.68-74.91,226.54-48.04,64.59-113.78,111.51-190.13,135.71l-21.1,6.7-50.29-248.04,13.91-6.73c45.41-21.95,74.76-68.71,74.76-119.11,0-72.91-59.31-132.23-132.21-132.23s-132.23,59.32-132.23,132.23c0,50.4,29.36,97.16,74.77,119.11l13.65,6.61-81.01,499.24h-226.36V0h351.18Z" />
-    <style>
-     @media (prefers-color-scheme: dark) {
-            #a path {
-                fill: #ffffff;
-            }
-        }
-
-        @media (prefers-color-scheme: light) {
-            #a path {
-                fill: #000000;
-            }
-        }
-    </style>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" id="a" viewBox="0 0 1015 1015"><path d="M506.6,0c209.52,0,379.98,170.45,379.98,379.96,0,82.33-25.9,160.68-74.91,226.54-48.04,64.59-113.78,111.51-190.13,135.71l-21.1,6.7-50.29-248.04,13.91-6.73c45.41-21.95,74.76-68.71,74.76-119.11,0-72.91-59.31-132.23-132.21-132.23s-132.23,59.32-132.23,132.23c0,50.4,29.36,97.16,74.77,119.11l13.65,6.61-81.01,499.24h-226.36V0h351.18Z"/><style>@media (prefers-color-scheme:dark){#a path{fill:#fff}}@media (prefers-color-scheme:light){#a path{fill:#000}}</style></svg>

backend/internal/controller/well_known_controller.go

@@ -37,7 +37,7 @@ func (wkc *WellKnownController) openIDConfigurationHandler(c *gin.Context) {
 		"userinfo_endpoint":                     appUrl + "/api/oidc/userinfo",
 		"jwks_uri":                              appUrl + "/.well-known/jwks.json",
 		"scopes_supported":                      []string{"openid", "profile", "email"},
-		"claims_supported":                      []string{"sub", "given_name", "family_name", "email", "preferred_username"},
+		"claims_supported":                      []string{"sub", "given_name", "family_name", "name", "email", "preferred_username"},
 		"response_types_supported":              []string{"code", "id_token"},
 		"subject_types_supported":               []string{"public"},
 		"id_token_signing_alg_values_supported": []string{"RS256"},

backend/internal/dto/dto_mapper.go

@@ -7,6 +7,8 @@ import (
 
 // MapStructList maps a list of source structs to a list of destination structs
 func MapStructList[S any, D any](source []S, destination *[]D) error {
+	*destination = make([]D, 0, len(source))
+
 	for _, item := range source {
 		var destItem D
 		if err := MapStruct(item, &destItem); err != nil {

backend/internal/dto/oidc_dto.go

@@ -1,13 +1,13 @@
 package dto
 
 type PublicOidcClientDto struct {
-	ID   string `json:"id"`
-	Name string `json:"name"`
+	ID      string `json:"id"`
+	Name    string `json:"name"`
+	HasLogo bool   `json:"hasLogo"`
 }
 
 type OidcClientDto struct {
 	PublicOidcClientDto
-	HasLogo      bool     `json:"hasLogo"`
 	CallbackURLs []string `json:"callbackURLs"`
 	CreatedBy    UserDto  `json:"createdBy"`
 }

backend/internal/dto/user_dto.go

@@ -23,8 +23,3 @@ type OneTimeAccessTokenCreateDto struct {
 	UserID    string    `json:"userId" binding:"required"`
 	ExpiresAt time.Time `json:"expiresAt" binding:"required"`
 }
-
-type LoginUserDto struct {
-	Username string `json:"username" binding:"required"`
-	Password string `json:"password" binding:"required"`
-}

backend/internal/dto/validations.go

@@ -20,7 +20,10 @@ var validateUrlList validator.Func = func(fl validator.FieldLevel) bool {
 }
 
 var validateUsername validator.Func = func(fl validator.FieldLevel) bool {
-	regex := "^[a-z0-9_]*$"
+	// [a-zA-Z0-9]      : The username must start with an alphanumeric character
+	// [a-zA-Z0-9_.@-]* : The rest of the username can contain alphanumeric characters, dots, underscores, hyphens, and "@" symbols
+	// [a-zA-Z0-9]$     : The username must end with an alphanumeric character
+	regex := "^[a-zA-Z0-9][a-zA-Z0-9_.@-]*[a-zA-Z0-9]$"
 	matched, _ := regexp.MatchString(regex, fl.Field().String())
 	return matched
 }

backend/internal/service/oidc_service.go

@@ -303,6 +303,7 @@ func (s *OidcService) GetUserClaimsForClient(userID string, clientID string) (ma
 	profileClaims := map[string]interface{}{
 		"given_name":         user.FirstName,
 		"family_name":        user.LastName,
+		"name":               user.FirstName + " " + user.LastName,
 		"preferred_username": user.Username,
 	}
 

backend/internal/service/user_service.go

@@ -48,20 +48,20 @@ func (s *UserService) DeleteUser(userID string) error {
 }
 
 func (s *UserService) CreateUser(input dto.UserCreateDto) (model.User, error) {
-	user := &model.User{
+	user := model.User{
 		FirstName: input.FirstName,
 		LastName:  input.LastName,
 		Email:     input.Email,
 		Username:  input.Username,
 		IsAdmin:   input.IsAdmin,
 	}
-	if err := s.db.Create(user).Error; err != nil {
+	if err := s.db.Create(&user).Error; err != nil {
 		if errors.Is(err, gorm.ErrDuplicatedKey) {
-			return model.User{}, s.checkDuplicatedFields(*user)
+			return model.User{}, s.checkDuplicatedFields(user)
 		}
 		return model.User{}, err
 	}
-	return *user, nil
+	return user, nil
 }
 
 func (s *UserService) UpdateUser(userID string, updatedUser dto.UserCreateDto, updateOwnUser bool) (model.User, error) {

backend/internal/utils/controller_error_util.go

@@ -46,7 +46,7 @@ func handleValidationError(validationErrors validator.ValidationErrors) string {
 		case "email":
 			errorMessage = fmt.Sprintf("%s must be a valid email address", fieldName)
 		case "username":
-			errorMessage = fmt.Sprintf("%s must contain only lowercase letters, numbers, and underscores", fieldName)
+			errorMessage = fmt.Sprintf("%s must only contain lowercase letters, numbers, underscores, dots, hyphens, and '@' symbols and not start or end with a special character", fieldName)
 		case "url":
 			errorMessage = fmt.Sprintf("%s must be a valid URL", fieldName)
 		case "min":

frontend/package.json

@@ -12,46 +12,46 @@
     "format": "prettier --write ."
   },
   "devDependencies": {
-    "@playwright/test": "^1.46.0",
-    "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/adapter-node": "^5.2.0",
-    "@sveltejs/kit": "^2.0.0",
-    "@sveltejs/vite-plugin-svelte": "^3.0.0",
-    "@types/eslint": "^8.56.7",
+    "@playwright/test": "^1.46.1",
+    "@sveltejs/adapter-auto": "^3.2.4",
+    "@sveltejs/adapter-node": "^5.2.2",
+    "@sveltejs/kit": "^2.5.24",
+    "@sveltejs/vite-plugin-svelte": "^3.1.2",
+    "@types/eslint": "^9.6.0",
     "@types/jsonwebtoken": "^9.0.6",
-    "@types/node": "^22.1.0",
-    "autoprefixer": "^10.4.19",
+    "@types/node": "^22.5.0",
+    "autoprefixer": "^10.4.20",
     "cbor-js": "^0.1.0",
-    "eslint": "^9.0.0",
+    "eslint": "^9.9.1",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-svelte": "^2.36.0",
-    "globals": "^15.0.0",
-    "postcss": "^8.4.38",
-    "prettier": "^3.1.1",
-    "prettier-plugin-svelte": "^3.1.2",
-    "prettier-plugin-tailwindcss": "^0.6.4",
+    "eslint-plugin-svelte": "^2.40.0",
+    "globals": "^15.9.0",
+    "postcss": "^8.4.41",
+    "prettier": "^3.3.3",
+    "prettier-plugin-svelte": "^3.2.6",
+    "prettier-plugin-tailwindcss": "^0.6.6",
     "svelte": "^5.0.0-next.1",
-    "svelte-check": "^3.6.0",
-    "tailwindcss": "^3.4.4",
-    "tslib": "^2.4.1",
-    "typescript": "^5.0.0",
-    "typescript-eslint": "^8.0.0-alpha.20",
-    "vite": "^5.0.3"
+    "svelte-check": "^3.8.6",
+    "tailwindcss": "^3.4.10",
+    "tslib": "^2.7.0",
+    "typescript": "^5.5.4",
+    "typescript-eslint": "^8.2.0",
+    "vite": "^5.4.2"
   },
   "type": "module",
   "dependencies": {
     "@simplewebauthn/browser": "^10.0.0",
-    "axios": "^1.7.2",
-    "bits-ui": "^0.21.12",
+    "axios": "^1.7.5",
+    "bits-ui": "^0.21.13",
     "clsx": "^2.1.1",
     "crypto": "^1.0.1",
     "formsnap": "^1.0.1",
     "jsonwebtoken": "^9.0.2",
-    "lucide-svelte": "^0.399.0",
+    "lucide-svelte": "^0.435.0",
     "mode-watcher": "^0.4.1",
     "svelte-sonner": "^0.3.27",
-    "sveltekit-superforms": "^2.16.1",
-    "tailwind-merge": "^2.3.0",
+    "sveltekit-superforms": "^2.17.0",
+    "tailwind-merge": "^2.5.2",
     "tailwind-variants": "^0.2.1",
     "zod": "^3.23.8"
   }

frontend/src/lib/components/header/header-avatar.svelte

@@ -23,7 +23,7 @@
 			<Avatar.Fallback>{initials}</Avatar.Fallback>
 		</Avatar.Root></DropdownMenu.Trigger
 	>
-	<DropdownMenu.Content class="w-40" align="start">
+	<DropdownMenu.Content class="min-w-40" align="start">
 		<DropdownMenu.Label class="font-normal">
 			<div class="flex flex-col space-y-1">
 				<p class="text-sm font-medium leading-none">

frontend/src/lib/components/header/header.svelte

@@ -6,12 +6,13 @@
 	import HeaderAvatar from './header-avatar.svelte';
 
 	let isAuthPage = $derived(
-		!$page.error && ($page.url.pathname.startsWith('/authorize') || $page.url.pathname.startsWith('/login'))
+		!$page.error &&
+			($page.url.pathname.startsWith('/authorize') || $page.url.pathname.startsWith('/login'))
 	);
 </script>
 
 <div class=" w-full {isAuthPage ? 'absolute top-0 z-10 mt-4' : 'border-b'}">
-	<div class="mx-auto flex w-full max-w-[1520px] items-center justify-between px-4 md:px-10">
+	<div class="mx-auto flex w-full max-w-[1640px] items-center justify-between px-4 md:px-10">
 		<div class="flex h-16 items-center">
 			{#if !isAuthPage}
 				<Logo class="mr-3 h-10 w-10" />

frontend/src/routes/authorize/+page.svelte

@@ -83,16 +83,17 @@
 	<SignInWrapper>
 		<ClientProviderImages {client} {success} error={!!errorMessage} />
 		<h1 class="font-playfair mt-5 text-3xl font-bold sm:text-4xl">Sign in to {client.name}</h1>
-		{#if !authorizationRequired}
+		{#if errorMessage}
 			<p class="text-muted-foreground mb-10 mt-2">
-				{#if errorMessage}
-					{errorMessage}. Please try again.
-				{:else}
-					Do you want to sign in to <b>{client.name}</b> with your
-					<b>{$applicationConfigurationStore.appName}</b> account?
-				{/if}
+				{errorMessage}. Please try again.
 			</p>
-		{:else}
+		{/if}
+		{#if !authorizationRequired && !errorMessage}
+			<p class="text-muted-foreground mb-10 mt-2">
+				Do you want to sign in to <b>{client.name}</b> with your
+				<b>{$applicationConfigurationStore.appName}</b> account?
+			</p>
+		{:else if authorizationRequired}
 			<div transition:slide={{ duration: 300 }}>
 				<Card.Root class="mb-10 mt-6">
 					<Card.Header class="pb-5">

frontend/src/routes/settings/+layout.svelte

@@ -22,24 +22,28 @@
 </script>
 
 <section>
-	<div class="h-screen w-full">
-		<main class="flex min-h-screen flex-1 flex-col gap-4 bg-muted/40 p-4 md:gap-8 md:p-10">
-			<div class="mx-auto grid w-full max-w-[1440px] gap-2">
-				<h1 class="text-3xl font-semibold">Settings</h1>
-			</div>
-			<div
-				class="mx-auto grid w-full max-w-[1440px] items-start gap-6 md:grid-cols-[180px_1fr] lg:grid-cols-[250px_1fr]"
-			>
-				<nav class="grid gap-4 text-sm text-muted-foreground">
-					{#each links as { href, label }}
-						<a {href} class={$page.url.pathname.startsWith(href) ? 'font-bold text-primary' : ''}>
-							{label}
-						</a>
-					{/each}
-				</nav>
-				<div class="flex flex-col gap-5">
-					{@render children()}
+	<div class="bg-muted/40 h-screen w-full">
+		<main
+			class="mx-auto flex min-h-screen max-w-[1640px] flex-col gap-x-4 gap-y-10 p-4 md:p-10 lg:flex-row"
+		>
+			<div>
+				<div class="mx-auto grid w-full gap-2">
+					<h1 class="mb-5 text-3xl font-semibold">Settings</h1>
 				</div>
+				<div
+					class="mx-auto grid items-start gap-6 md:grid-cols-[180px_1fr] lg:grid-cols-[250px_1fr]"
+				>
+					<nav class="text-muted-foreground grid gap-4 text-sm">
+						{#each links as { href, label }}
+							<a {href} class={$page.url.pathname.startsWith(href) ? 'text-primary font-bold' : ''}>
+								{label}
+							</a>
+						{/each}
+					</nav>
+				</div>
+			</div>
+			<div class="flex w-full flex-col gap-5">
+				{@render children()}
 			</div>
 		</main>
 	</div>

frontend/src/routes/settings/admin/oidc-clients/[id]/+page.svelte

@@ -1,5 +1,6 @@
 <script lang="ts">
 	import { beforeNavigate } from '$app/navigation';
+	import { page } from '$app/stores';
 	import { openConfirmDialog } from '$lib/components/confirm-dialog';
 	import { Button } from '$lib/components/ui/button';
 	import * as Card from '$lib/components/ui/card';
@@ -10,13 +11,24 @@
 	import { axiosErrorToast } from '$lib/utils/error-util';
 	import { LucideChevronLeft, LucideRefreshCcw } from 'lucide-svelte';
 	import { toast } from 'svelte-sonner';
+	import { slide } from 'svelte/transition';
 	import OidcForm from '../oidc-client-form.svelte';
 
 	let { data } = $props();
 	let client = $state(data);
+	let showAllDetails = $state(false);
 
 	const oidcService = new OidcService();
 
+	const setupDetails = {
+		'Authorization URL': `https://${$page.url.hostname}/authorize`,
+		'OIDC Discovery URL': `https://${$page.url.hostname}/.well-known/openid-configuration`,
+		'Token URL': `https://${$page.url.hostname}/api/oidc/token`,
+		'Userinfo URL': `https://${$page.url.hostname}/api/oidc/userinfo`,
+		'Certificate URL': `https://${$page.url.hostname}/.well-known/jwks.json`,
+		PKCE: 'Disabled'
+	};
+
 	async function updateClient(updatedClient: OidcClientCreateWithLogo) {
 		let success = true;
 		const dataPromise = oidcService.updateClient(client.id, updatedClient);
@@ -74,23 +86,43 @@
 		<Card.Title>{client.name}</Card.Title>
 	</Card.Header>
 	<Card.Content>
-		<div class="flex">
-			<Label class="mb-0 w-44">Client ID</Label>
-			<span class="text-muted-foreground text-sm" data-testid="client-id"> {client.id}</span>
-		</div>
-		<div class="mt-3 flex items-center">
-			<Label class="mb-0 w-44">Client secret</Label>
-			<span class="text-muted-foreground text-sm" data-testid="client-secret"
-				>{$clientSecretStore ?? '••••••••••••••••••••••••••••••••'}</span
-			>
-			{#if !$clientSecretStore}
-				<Button
-					class="ml-2"
-					onclick={createClientSecret}
-					size="sm"
-					variant="ghost"
-					aria-label="Create new client secret"><LucideRefreshCcw class="h-3 w-3" /></Button
+		<div class="flex flex-col">
+			<div class="mb-2 flex">
+				<Label class="mb-0 w-44">Client ID</Label>
+				<span class="text-muted-foreground text-sm" data-testid="client-id"> {client.id}</span>
+			</div>
+			<div class="mb-2 mt-1 flex items-center">
+				<Label class="w-44">Client secret</Label>
+				<span class="text-muted-foreground text-sm" data-testid="client-secret"
+					>{$clientSecretStore ?? '••••••••••••••••••••••••••••••••'}</span
 				>
+				{#if !$clientSecretStore}
+					<Button
+						class="ml-2"
+						onclick={createClientSecret}
+						size="sm"
+						variant="ghost"
+						aria-label="Create new client secret"><LucideRefreshCcw class="h-3 w-3" /></Button
+					>
+				{/if}
+			</div>
+			{#if showAllDetails}
+				<div transition:slide>
+					{#each Object.entries(setupDetails) as [key, value]}
+						<div class="mb-5 flex">
+							<Label class="mb-0 w-44">{key}</Label>
+							<span class="text-muted-foreground text-sm">{value}</span>
+						</div>
+					{/each}
+				</div>
+			{/if}
+
+			{#if !showAllDetails}
+				<div class="mt-4 flex justify-center">
+					<Button on:click={() => (showAllDetails = true)} size="sm" variant="ghost"
+						>Show more details</Button
+					>
+				</div>
 			{/if}
 		</div>
 	</Card.Content>

frontend/src/routes/settings/admin/users/user-form.svelte

@@ -32,7 +32,10 @@
 			.string()
 			.min(2)
 			.max(30)
-			.regex(/^[a-z0-9_]+$/, 'Only lowercase letters, numbers, and underscores are allowed'),
+			.regex(
+				/^[a-z0-9_@.-]+$/,
+				"Username can only contain lowercase letters, numbers, underscores, dots, hyphens, and '@' symbols"
+			),
 		email: z.string().email(),
 		isAdmin: z.boolean()
 	});

frontend/tests/utils/cleanup.util.ts

@@ -1,5 +1,5 @@
 import axios from 'axios';
 
 export async function cleanupBackend() {
-	await axios.post('/api/test/reset');
+	await axios.post('http://localhost/api/test/reset');
 }