connecteev/gist:49ecbebb1aaf54d301a929aa345fb932

## gistfile1.txt
Auth Requirements:

Phase 1:
* "Regular" auth - email and password, with: email validation (verify password flow), forgot / reset password flow, etc
* Allow an app to skip password verification (make it optional)
* social auth - login with Google, Facebook, Twitter, Linkedin
* Make it a microservice / api that any project can use
* Primarily for INTERNAL API consumption at first
* Unit tests, so there's 100% confidence inthe auth working
* Easily set up accounts on dev / test and production


Phase X:
* Open up to other INTERNAL servers for consumption (pre-created token / IP address whitelist etc)
* Open up for EXTERNAL API consumption (to 3rd parties)
* Two-factor authentication
* Valid email check ("does this email belong tosomeone") as the user enters it. There's some back-end service (may be paid) that does this.
* Impersonate a user as an Admin
	Auth Requirements:

	Phase 1:
	* "Regular" auth - email and password, with: email validation (verify password flow), forgot / reset password flow, etc
	* Allow an app to skip password verification (make it optional)
	* social auth - login with Google, Facebook, Twitter, Linkedin
	* Make it a microservice / api that any project can use
	* Primarily for INTERNAL API consumption at first
	* Unit tests, so there's 100% confidence inthe auth working
	* Easily set up accounts on dev / test and production


	Phase X:
	* Open up to other INTERNAL servers for consumption (pre-created token / IP address whitelist etc)
	* Open up for EXTERNAL API consumption (to 3rd parties)
	* Two-factor authentication
	* Valid email check ("does this email belong tosomeone") as the user enters it. There's some back-end service (may be paid) that does this.
	* Impersonate a user as an Admin