mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-24 15:49:39 +02:00
9336719242
- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
7 lines
258 B
Ruby
7 lines
258 B
Ruby
class AddOwnerToOauthApplications < ActiveRecord::Migration[7.2]
|
|
def change
|
|
add_column :oauth_applications, :owner_id, :uuid
|
|
add_column :oauth_applications, :owner_type, :string
|
|
add_index :oauth_applications, [:owner_id, :owner_type]
|
|
end
|
|
end
|