# Todo

1. [x] Listing applications with admin_id in URL doesn't work.
2. [x] Password and PasswordHash is not written for both admins and users.
3. [x] No checking for essential fields in request body of all endpoints.
4. [x] Extra 'ID' in addition to an 'id' field in list applications response.
5. [ ] Edit API.md to include changes since last generated.
  - POSTPONED: Until issue 11 are resolved.
6. [ ] Deploy to a single instance ECS.
  - POSTPONED: Until issues 11, 5 are resolved.
7. [x] Figure out a better alternative HMAC based API keys.
8. [x] Implement refresh tokens (better HMAC alternative) for API keys.
9. [x] Authorise requests on /application endpoints using admin's JWT in authorization header.
10. [x] Authorise requests on /user endpoints using access token generated by application's refresh token.
11. [ ] Delete TemporaryAccessToken before pushing first stable version
12. [ ] Make sure all json tags are PascalCase.
13. [ ] GenerateRefreshTokenForApplicationHandler is making three requests to database. Try to reduce it to two.
  - SOLUTION: Could remove validation from db service and end up removing the update access token service entirely.