QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-18 19:44:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add secure OAuth2-based mobile authentication

Browse Source 
- Replace API keys with OAuth2 tokens for mobile apps
- Add device tracking and management for mobile sessions
- Implement 30-day token expiration with refresh tokens
- Add MFA/2FA support for mobile login
- Create dedicated auth endpoints (signup/login/refresh)
- Skip CSRF protection for API endpoints
- Return plaintext tokens (not hashed) in responses
- Track devices with unique IDs and metadata
- Enable seamless native mobile experience without OAuth redirects

This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Josh Pigford
2025-06-18 08:20:22 -05:00
parent cba0bdf0e2
commit 9336719242
15 changed files with 761 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/api/v1/base_controller.rb
View File

@@ -6,6 +6,9 @@ class Api::V1::BaseController < ApplicationController
# Skip regular session-based authentication for API
skip_authentication
# Skip CSRF protection for API endpoints
skip_before_action :verify_authenticity_token
# Skip onboarding requirements for API endpoints
skip_before_action :require_onboarding_and_upgrade