kiootic

@louischan-oursky @carmenlau Here's the planned breaking changes we would make from what I remembered. Please help to check if there is any missing points so that we can track it...

- Do we want to cleanup the `core` packages and remove irrelevant stuff/merge into `auth` package/new repo? - Do we want to do #1433 as part of refactor? (i.e. use...

> We may also want to cleanup the configuration. - double `api_version` in app_config? - `app_id` should not be needed. - flatten `app_config`? - template configuration need rework? - do...

- web UI remove webappstep & state, expose interaction.StepState directly - merge web UI state with interaction flow state - move web UI request decoding/redirection to handlers - so add...

- webapp static asset self-host (no CDN provided) - static asset pack into output binary (packr?) - development workflow: use parcel to watch & compile assets?

@chpapa updated.

Can we use traditional flash message for errors?

Actually I've spent the morning think about it, and now I think we should drop this issue for now: - There would be some sort of dependency between `user_create` and...

Yes, after finishing the promotion flow, the key ID is deleted and a new key is generated.

Login directly as existing user would 'lose' the anonymous user, along with its associated data. If developer forgot to configure it and deployed to production, it can cause destructive data...