Improve Access to Operational Logs and Uploaded Asset Management

HIGASHI Kenjiro 30/11/2025 22:58

Is your feature request related to a problem? Please describe.
When operating a Decidim instance, administrators frequently face difficulties identifying why user login or signup attempts fail.
This is especially problematic when using OAuth2/OIDC authentication, where error details are often hidden and cannot be viewed by admins.

Similarly, it is difficult to manage uploaded assets (images/files) across the organization. There is no centralized place to list uploaded assets with metadata, making audits, cleanup, and operational monitoring challenging.

Describe the solution you'd like
I would like Decidim to provide an admin or system-level dashboard where operators can view operational information, including:

OAuth2/OIDC login failure logs
Standard signup and login error logs
Key error information such as
- reason for failure
- data received by the system except passwords
A centralized list of uploaded images and files, with
- file metadata (size, type, uploader, timestamp, model reference)
- organization-level filtering

This would greatly improve debugging, incident response, and operational oversight.

Describe alternatives you've considered

Checking server logs manually, which is not accessible to most operators.
Adding external infrastructure (e.g., reverse proxies, log collectors), which increases operational complexity.
Exporting database records directly, which is not safe or convenient for administrators.

Additional context
Many municipalities and organizations using Decidim rely on external identity providers (IdPs).
When login/signup fails, administrators have no visibility into failure causes, making support and user onboarding difficult.
For uploaded files, compliance and transparency requirements (especially in governmental institutions) require auditability.

Does this issue could impact on users private data?
Potentially yes, depending on design.
However, requested information excludes sensitive data such as passwords and should be limited to operational logs and metadata.
If implemented with appropriate access restrictions, the feature can comply with privacy and data protection requirements.

Filter results for: Expand interoperability

Comment

0 comments

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It is useful to ensure the content has not been tampered with, as a single modification would result in a totally different value.

Value: bea335f1bd98e059353c230ed7a26cd7efa433395350df50d86820dd5617f29a

Source:

{"body":{"en":"<p><strong>Is your feature request related to a problem? Please describe.</strong><br>When operating a Decidim instance, administrators frequently face difficulties identifying why user login or signup attempts fail.<br>This is especially problematic when using OAuth2/OIDC authentication, where error details are often hidden and cannot be viewed by admins.</p><p>Similarly, it is difficult to manage uploaded assets (images/files) across the organization. There is no centralized place to list uploaded assets with metadata, making audits, cleanup, and operational monitoring challenging.</p><p><strong>Describe the solution you'd like</strong><br>I would like Decidim to provide an <strong>admin or system-level dashboard</strong> where operators can view operational information, including:</p><ul><li><p>OAuth2/OIDC login failure logs</p></li><li><p>Standard signup and login error logs</p></li><li><p>Key error information such as</p><ul><li><p>reason for failure</p></li><li><p>data received by the system <em>except passwords</em></p></li></ul></li><li><p>A centralized list of <strong>uploaded images and files</strong>, with</p><ul><li><p>file metadata (size, type, uploader, timestamp, model reference)</p></li><li><p>organization-level filtering</p></li></ul></li></ul><p>This would greatly improve debugging, incident response, and operational oversight.</p><p><strong>Describe alternatives you've considered</strong></p><ul><li><p>Checking server logs manually, which is not accessible to most operators.</p></li><li><p>Adding external infrastructure (e.g., reverse proxies, log collectors), which increases operational complexity.</p></li><li><p>Exporting database records directly, which is not safe or convenient for administrators.</p></li></ul><p><strong>Additional context</strong><br>Many municipalities and organizations using Decidim rely on external identity providers (IdPs).<br>When login/signup fails, administrators have no visibility into failure causes, making support and user onboarding difficult.<br>For uploaded files, compliance and transparency requirements (especially in governmental institutions) require auditability.</p><p><strong>Does this issue could impact on users private data?</strong><br><strong>Potentially yes</strong>, depending on design.<br>However, requested information <strong>excludes sensitive data such as passwords</strong> and should be limited to operational logs and metadata.<br>If implemented with appropriate access restrictions, the feature can comply with privacy and data protection requirements.</p>"},"title":{"en":"Improve Access to Operational Logs and Uploaded Asset Management"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.

Essential

Preferences

Analytics and statistics

Marketing

Improve Access to Operational Logs and Uploaded Asset Management

Please log in

Cookie settings

Essential

Preferences

Analytics and statistics

Marketing

Improve Access to Operational Logs and Uploaded Asset Management

Share

QR Code

Improve Access to Operational Logs and Uploaded Asset Management

Confirm

Please log in