mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-24 23:59:40 +02:00
9336719242
- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| active_record_encryption.rb | ||
| assets.rb | ||
| content_security_policy.rb | ||
| doorkeeper.rb | ||
| doorkeeper_csrf_protection.rb | ||
| doorkeeper_layout.rb | ||
| enable_yjit.rb | ||
| filter_parameter_logging.rb | ||
| generator.rb | ||
| inflections.rb | ||
| intercom.rb | ||
| mini_profiler.rb | ||
| pagy.rb | ||
| permissions_policy.rb | ||
| plaid.rb | ||
| rack_attack.rb | ||
| sentry.rb | ||
| sidekiq.rb | ||
| version.rb | ||