OAuth2, 2FA & passkeys
Social login, TOTP, WebAuthn, and magic links.
oauth2 speaks OAuth2 + OIDC (GitHub, Google, Microsoft, Apple, Keycloak…) with a per-tenant provider registry. totp adds RFC-6238 2FA; passkey implements a pure-Rust WebAuthn ceremony; signed_url + auth_flows build magic-link login, password reset, and email verification.
// Magic link (15-min expiry):
let path = signed_url::sign(&secret, &format!("/auth/magic?uid={uid}"), Duration::from_secs(900));