diff --git a/TODO.md b/TODO.md
new file mode 100644
index 0000000..7a811b2
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,14 @@
+# Fixes and Improvements
+
+* Add logging to provide a better debugging experience.
+* When anything goes wrong in communicating with the OpenID provider, trigger a
+  logout (at least) to prevent users ending up in an awkward or unrecoverable
+  situation of being logged in but not able to log out because the app is
+  broken due to the token being invalid.
+
+# Features
+
+* Handling and documentation of app-to-app authentication on behalf of users.
+* Handling and documentation of app-to-app authentication on behalf of apps.
+  (Service Accounts)
+* Example of service account usage.