Simon Franken 946cd35832 Replace IDP token passthrough with backend-issued JWT for iOS auth ...

iOS clients now exchange the OIDC authorization code for a backend-signed
HS256 JWT via POST /auth/token. All subsequent API requests authenticate
using this JWT as a Bearer token, verified locally — no per-request IDP
call is needed. Web frontend session-cookie auth is unchanged.

2026-02-19 18:45:03 +01:00

806 B

Raw Blame History

View Raw