Maybe

Docker/Maybe

Fork 0

mirror of https://github.com/maybe-finance/maybe.git synced 2025-07-21 22:29:38 +02:00

Commit graph

Author	SHA1	Message	Date
Josh Pigford	7aca5a2277	Fix remaining rubocop offenses Some checks failed Publish Docker image / ci (push) Has been cancelled Details Publish Docker image / Build docker image (push) Has been cancelled Details - Fix string literal style in doorkeeper.rb - Add missing final newlines - Remove trailing whitespace - Fix array bracket spacing in migrations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-18 08:38:04 -05:00
Josh Pigford	9336719242	Add secure OAuth2-based mobile authentication - Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-18 08:20:22 -05:00

Author

SHA1

Message

Date

Josh Pigford

7aca5a2277

Fix remaining rubocop offenses

Publish Docker image / ci (push) Has been cancelled

Details

Publish Docker image / Build docker image (push) Has been cancelled

Details

- Fix string literal style in doorkeeper.rb
- Add missing final newlines
- Remove trailing whitespace
- Fix array bracket spacing in migrations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-18 08:38:04 -05:00

Josh Pigford

9336719242

Add secure OAuth2-based mobile authentication

- Replace API keys with OAuth2 tokens for mobile apps
- Add device tracking and management for mobile sessions
- Implement 30-day token expiration with refresh tokens
- Add MFA/2FA support for mobile login
- Create dedicated auth endpoints (signup/login/refresh)
- Skip CSRF protection for API endpoints
- Return plaintext tokens (not hashed) in responses
- Track devices with unique IDs and metadata
- Enable seamless native mobile experience without OAuth redirects

This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-18 08:20:22 -05:00

2 commits