Document mobile auth, ApiToken, and auth limits Add comprehensive docs for the new mobile authentication flow and related helpers. New pages: ApiToken, AuthAttemptLimiter, AuthorizationHeader, Mobile-auth-app-setup, UiLogBarRenderer, and UiTheme. Updated API, ApiController, ApiResponse, Application, Configuration-file, Env, Home, LogBar, Mobile iOS/Android stack pages and others to describe: built-in mobile auth endpoints (/auth/*), short-lived access tokens with optional rotating refresh tokens stored in api_tokens, refresh rotation behavior, token lifetimes (env vars), auth resolution order (session header, ApiToken, OAuth2Token), rate-limiting for auth attempts and invalid bearer tokens, and OpenAPI/spec hints. Includes migration reminder (migrations/20260510_api_tokens.sql) and guidance for overriding registration/registration hooks and admin revocation endpoints.

viames committed May 10, 2026

Docs: mobile stacks, SocialAuth, session & config Add and update documentation for mobile stacks, social authentication, session handling, and related configuration. Introduces Mobile iOS/Android stack pages and Composer dist contents, adds SocialAuth service docs and new PAIR_SOCIAL_* env vars, documents AmazonS3 options for S3-compatible endpoints, and exposes LogBar asset path overrides. Document native PHP session cookie behavior and new Application session helpers (configureNativeSessionCookie/getSessionCookieName/getSessionCookieParams), add PAIR_ORIGIN_GZIP origin-compression controls, and clarify device-scoped remember-me semantics. Misc: update Home/Integrations/Upgrade notes and ErrorCodes/Env/LogBar references to reflect these features.

viames committed May 4, 2026