Docker/Maybe
Docker/Maybe
1
0
Fork 0
mirror of https://github.com/maybe-finance/maybe.git synced 2025-08-02 20:15:22 +02:00
Code Issues Releases Activity Actions

Add secure OAuth2-based mobile authentication

Browse source 
- Replace API keys with OAuth2 tokens for mobile apps
- Add device tracking and management for mobile sessions
- Implement 30-day token expiration with refresh tokens
- Add MFA/2FA support for mobile login
- Create dedicated auth endpoints (signup/login/refresh)
- Skip CSRF protection for API endpoints
- Return plaintext tokens (not hashed) in responses
- Track devices with unique IDs and metadata
- Enable seamless native mobile experience without OAuth redirects

This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Josh Pigford 2025-06-18 08:20:22 -05:00
parent cba0bdf0e2
commit 9336719242
15 changed files with 761 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
db/migrate/20250618120703_add_oauth_application_to_mobile_devices.rb Normal file
View file

@ -0,0 +1,6 @@
class AddOauthApplicationToMobileDevices < ActiveRecord::Migration[7.2]
def change
add_column :mobile_devices, :oauth_application_id, :integer
add_index :mobile_devices, :oauth_application_id
end
end