mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-08-04 21:15:19 +02:00
Add secure OAuth2-based mobile authentication
- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Josh Pigford
parent
cba0bdf0e2
commit
9336719242
15 changed files with 761 additions and 6 deletions
|
|
@ -185,6 +185,11 @@ Rails.application.routes.draw do
|
|||
# API routes
|
||||
namespace :api do
|
||||
namespace :v1 do
|
||||
# Authentication endpoints
|
||||
post "auth/signup", to: "auth#signup"
|
||||
post "auth/login", to: "auth#login"
|
||||
post "auth/refresh", to: "auth#refresh"
|
||||
|
||||
# Production API endpoints
|
||||
resources :accounts, only: [ :index ]
|
||||
resources :transactions, only: [ :index, :show, :create, :update, :destroy ]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue