With regards to account management what additional requirements do we have for beta1?
Features I can think off to add now or in the future includes:
* Manage refresh tokens - view applications and clients that have refresh tokens, and the
ability to invalidate specific tokens
* Manage devices - view browsers and devices that have access (remember me cookie?), and
the ability to invalidate specific cookies
* Manage devices that can bypass totp - it seems to be quite common that it's possible
to not require asking for totp again for a specific device, I assume this is done by
setting a cookie, if we enable this it should be possible to view what devices have this
option, as well as invalidate them
* Manage applications - view all applications, be able to navigate to an application, and
the ability to invalidate access to specific application
* Manage clients - view all clients and what grants they have, and the ability to revoke
access to specific client
I think listing client grants, invalidate specific client grants, and a logout everything
option would be sufficient. The logout everything option would invalidate any refresh
tokens, remember me cookies, 'skip' totp cookies and do a sso-logout.