mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-08-05 13:35:21 +02:00
Add secure OAuth2-based mobile authentication
- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Josh Pigford
parent
cba0bdf0e2
commit
9336719242
15 changed files with 761 additions and 6 deletions
|
|
@ -255,7 +255,7 @@ Doorkeeper.configure do
|
|||
# NOTE: you must also run the rails g doorkeeper:application_owner generator
|
||||
# to provide the necessary support
|
||||
#
|
||||
# enable_application_owner confirmation: false
|
||||
enable_application_owner confirmation: false
|
||||
|
||||
# Define access token scopes for your provider
|
||||
# For more information go to
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue