mirror of
https://github.com/joaovitoriasilva/endurain.git
synced 2026-01-10 16:28:00 -05:00
4727732053
This update enforces PKCE for all OAuth flows, removes legacy cookie-based state, and unifies token handling for both web and mobile clients to comply with OAuth 2.1. It introduces a progressive lockout mechanism for MFA to prevent brute-force attacks, updates CSRF middleware to require only the header, and ensures refresh tokens are set as httpOnly cookies with SameSite=Strict. The frontend is updated to restore tokens on app initialization and handle SSO token exchange failures. Various backend endpoints and utilities are refactored for clarity, security, and consistency.