shop/doc/systems/authentication/features.md

• authentication
  • "who are you?"
  • password hashing with argon2
  • JWT (15 min access) with refresh (30 days)
  • identity dependencies (current_user_claims, optional_user, get_current_user_id, oauth2_scheme)
  • room for growth: OAuth/SSO, API-tokens for third-party apps, 2FA, refresh-token rotation, impersonation