.png)
Cambios en "Improve access to operational logs"
Cuerpo (Català)
Cuerpo (English)
-
-
Is your feature request related to a problem? Please describe.
When operating a Decidim instance, administrators frequently face difficulties identifying why user login or signup attempts fail.
This is especially problematic when using OAuth2/OIDC authentication, where error details are often hidden and cannot be viewed by admins.Similarly, it is difficult to manage uploaded assets (images/files) across the organization. There is no centralized place to list uploaded assets with metadata, making audits, cleanup, and operational monitoring challenging.
Describe the solution you'd like
I would like Decidim to provide an admin or system-level dashboard where operators can view operational information, including:OAuth2/OIDC login failure logs
Standard signup and login error logs
-
Key error information such as
reason for failure
data received by the system except passwords
-
A centralized list of uploaded images and files, with
file metadata (size, type, uploader, timestamp, model reference)
organization-level filtering
This would greatly improve debugging, incident response, and operational oversight.
Describe alternatives you've considered
Checking server logs manually, which is not accessible to most operators.
Adding external infrastructure (e.g., reverse proxies, log collectors), which increases operational complexity.
Exporting database records directly, which is not safe or convenient for administrators.
Additional context
Many municipalities and organizations using Decidim rely on external identity providers (IdPs).
When login/signup fails, administrators have no visibility into failure causes, making support and user onboarding difficult.
For uploaded files, compliance and transparency requirements (especially in governmental institutions) require auditability.Does this issue could impact on users private data?
Potentially yes, depending on design.
However, requested information excludes sensitive data such as passwords and should be limited to operational logs and metadata.
If implemented with appropriate access restrictions, the feature can comply with privacy and data protection requirements. -
+
Is your feature request related to a problem? Please describe.
When operating a Decidim instance, administrators frequently struggle to understand why user login or signup attempts fail. This is particularly challenging with OAuth2/OIDC authentication, where detailed error information is not visible to administrators.
Describe the solution you'd like
Introduce an admin or system-level dashboard where operators can access operational information related to authentication, including:
- +
OAuth2/OIDC login failure logs
- +
Standard signup and login error logs
- +
-
+
Key failure details such as:
-
+
- +
reason for failure
- +
data received by the system, excluding passwords
- +
This dashboard would significantly improve debugging, incident response, and support for users.
Describe alternatives you've considered
Manually checking server logs, which is inaccessible to most administrators.
Relying on external infrastructure (reverse proxies, log collectors), which adds operational complexity.
Exporting raw database records, which is unsafe and inconvenient.
Additional context
Many institutions using Decidim depend on external identity providers. Without insight into authentication failures, administrators cannot effectively support onboarding or troubleshoot issues.
Could this issue impact on users private data?
Potentially yes, depending on the design. If implemented carefully (excluding sensitive data, never storing passwords, and restricting access to privileged admins) the feature can remain compliant with privacy requirements.
Cuerpo (Castellano)
Título (Català)
Título (English)
- -Improve Access to Operational Logs and Uploaded Asset Management
- +Improve Access to Operational Logs