Deleted the MFA backup codes API router test file. Expanded the authentication developer guide to document MFA backup code usage, format, error responses, and related endpoints for status and regeneration.
Enhanced the Content-Security-Policy header to allow inline images, styles, scripts, and OpenStreetMap tiles to allow frontend static serving from FastAPI.
Major expansion of authentication documentation: clarified OAuth 2.1 hybrid token storage, CSRF protection, refresh token rotation, session management, progressive account lockout, and best practices for web and mobile clients.
Updated backend and frontend to use '/auth/login', '/auth/refresh', '/auth/mfa/verify', and '/auth/logout' endpoints instead of legacy paths. Adjusted CSRF middleware, route prefixes, tests, documentation, and service utilities to match the new endpoint structure for improved clarity and consistency.
Implements database-backed OAuth state management to support secure PKCE flows for mobile SSO. Adds new models, CRUD, and scheduled cleanup for OAuth state, updates identity provider login and callback flows to use server-side state, and introduces a token exchange endpoint for mobile clients. Updates session and rate limiting logic, and maintains backward compatibility for web clients using cookie-based state.
Expanded the authentication documentation with a detailed step-by-step guide for implementing OAuth/SSO in mobile applications using WebView. The new section covers prerequisites, provider discovery, WebView handling, token extraction, secure storage, authenticated API requests, and token refresh logic.
Updated authentication documentation to reflect new public and profile-based identity provider API routes. Also added support for displaying the PocketID icon in the identity provider list component.
Split the monolithic developer-guide.md into three focused documents: setup-dev-env.md, authentication.md, and supported-types.md. Updated mkdocs.yml navigation to reflect the new structure, improving documentation clarity and maintainability.
