clinch

Author	SHA1	Message	Date
Dan Milne	3db466f5a2	Switch Access / Refresh tokens / Auth Code from bcrypt ( and plain ) to hmac. BCrypt is for low entropy passwords and prevents dictionary attacks - HMAC is suitable for 256-bit random data. Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-31 15:48:32 +11:00
Dan Milne	7c6ae7ab7e	Store only HMAC'd Auth codes, rather than plain text auth codes.	2025-12-31 15:00:00 +11:00
Dan Milne	c92e69fa4a	Add PCKE	2025-11-09 11:54:45 +11:00
Dan Milne	91573ee2b9	Add OIDC capability	2025-10-23 20:04:46 +11:00
Dan Milne	56f7dd7b3c	First crack Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-23 16:45:00 +11:00