fix: coderabbit suggestions

Merge branch 'main' into feat/sqlite
refactor: use db instance instead of service in auth service
2026-02-22 17:02:01 +00:00 · 2025-08-27 14:04:33 +03:00 · 2025-08-27 11:52:51 +03:00 · 2025-08-27 11:51:25 +03:00 · 2025-08-26 18:00:43 +03:00
174 changed files with 3203 additions and 11540 deletions
--- a/.coderabbit.yaml
+++ b/.coderabbit.yaml
@@ -1,3 +0,0 @@
 issue_enrichment:
  auto_enrich:
    enabled: false
--- a/.env.example
+++ b/.env.example
@@ -1,172 +1,33 @@
-# Tinyauth example configuration
+PORT=3000
-
+ADDRESS=0.0.0.0
-# The base URL where the app is hosted.
+APP_URL=http://localhost:3000
-TINYAUTH_APPURL=
+USERS=your_user_password_hash
-# The directory where resources are stored.
+USERS_FILE=users_file
-TINYAUTH_RESOURCESDIR="./resources"
+SECURE_COOKIE=false
-# The path to the database file.
+GITHUB_CLIENT_ID=github_client_id
-TINYAUTH_DATABASEPATH="./tinyauth.db"
+GITHUB_CLIENT_SECRET=github_client_secret
-# Disable analytics.
+GITHUB_CLIENT_SECRET_FILE=github_client_secret_file
-TINYAUTH_DISABLEANALYTICS=false
+GOOGLE_CLIENT_ID=google_client_id
-# Disable resources server.
+GOOGLE_CLIENT_SECRET=google_client_secret
-TINYAUTH_DISABLERESOURCES=false
+GOOGLE_CLIENT_SECRET_FILE=google_client_secret_file
-
+GENERIC_CLIENT_ID=generic_client_id
-# server config
+GENERIC_CLIENT_SECRET=generic_client_secret
-
+GENERIC_CLIENT_SECRET_FILE=generic_client_secret_file
-# The port on which the server listens.
+GENERIC_SCOPES=generic_scopes
-TINYAUTH_SERVER_PORT=3000
+GENERIC_AUTH_URL=generic_auth_url
-# The address on which the server listens.
+GENERIC_TOKEN_URL=generic_token_url
-TINYAUTH_SERVER_ADDRESS="0.0.0.0"
+GENERIC_USER_URL=generic_user_url
-# The path to the Unix socket.
+DISABLE_CONTINUE=false
-TINYAUTH_SERVER_SOCKETPATH=
+OAUTH_WHITELIST=
-
+GENERIC_NAME=My OAuth
-# auth config
+SESSION_EXPIRY=7200
-
+LOGIN_TIMEOUT=300
-# List of allowed IPs or CIDR ranges.
+LOGIN_MAX_RETRIES=5
-TINYAUTH_AUTH_IP_ALLOW=
+LOG_LEVEL=debug
-# List of blocked IPs or CIDR ranges.
+APP_TITLE=Tinyauth SSO
-TINYAUTH_AUTH_IP_BLOCK=
+FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
-# Comma-separated list of users (username:hashed_password).
+OAUTH_AUTO_REDIRECT=none
-TINYAUTH_AUTH_USERS=
+BACKGROUND_IMAGE=some_image_url
-# Path to the users file.
+GENERIC_SKIP_SSL=false
-TINYAUTH_AUTH_USERSFILE=
+RESOURCES_DIR=/data/resources
-# Enable secure cookies.
+DATABASE_PATH=/data/tinyauth.db
 TINYAUTH_AUTH_SECURECOOKIE=false
 # Session expiry time in seconds.
 TINYAUTH_AUTH_SESSIONEXPIRY=86400
 # Maximum session lifetime in seconds.
 TINYAUTH_AUTH_SESSIONMAXLIFETIME=0
 # Login timeout in seconds.
 TINYAUTH_AUTH_LOGINTIMEOUT=300
 # Maximum login retries.
 TINYAUTH_AUTH_LOGINMAXRETRIES=3
 # Comma-separated list of trusted proxy addresses.
 TINYAUTH_AUTH_TRUSTEDPROXIES=
 # apps config
 # The domain of the app.
 TINYAUTH_APPS_name_CONFIG_DOMAIN=
 # Comma-separated list of allowed users.
 TINYAUTH_APPS_name_USERS_ALLOW=
 # Comma-separated list of blocked users.
 TINYAUTH_APPS_name_USERS_BLOCK=
 # Comma-separated list of allowed OAuth groups.
 TINYAUTH_APPS_name_OAUTH_WHITELIST=
 # Comma-separated list of required OAuth groups.
 TINYAUTH_APPS_name_OAUTH_GROUPS=
 # List of allowed IPs or CIDR ranges.
 TINYAUTH_APPS_name_IP_ALLOW=
 # List of blocked IPs or CIDR ranges.
 TINYAUTH_APPS_name_IP_BLOCK=
 # List of IPs or CIDR ranges that bypass authentication.
 TINYAUTH_APPS_name_IP_BYPASS=
 # Custom headers to add to the response.
 TINYAUTH_APPS_name_RESPONSE_HEADERS=
 # Basic auth username.
 TINYAUTH_APPS_name_RESPONSE_BASICAUTH_USERNAME=
 # Basic auth password.
 TINYAUTH_APPS_name_RESPONSE_BASICAUTH_PASSWORD=
 # Path to the file containing the basic auth password.
 TINYAUTH_APPS_name_RESPONSE_BASICAUTH_PASSWORDFILE=
 # Comma-separated list of allowed paths.
 TINYAUTH_APPS_name_PATH_ALLOW=
 # Comma-separated list of blocked paths.
 TINYAUTH_APPS_name_PATH_BLOCK=
 # Comma-separated list of required LDAP groups.
 TINYAUTH_APPS_name_LDAP_GROUPS=
 # oauth config
 # Comma-separated list of allowed OAuth domains.
 TINYAUTH_OAUTH_WHITELIST=
 # The OAuth provider to use for automatic redirection.
 TINYAUTH_OAUTH_AUTOREDIRECT=
 # OAuth client ID.
 TINYAUTH_OAUTH_PROVIDERS_name_CLIENTID=
 # OAuth client secret.
 TINYAUTH_OAUTH_PROVIDERS_name_CLIENTSECRET=
 # Path to the file containing the OAuth client secret.
 TINYAUTH_OAUTH_PROVIDERS_name_CLIENTSECRETFILE=
 # OAuth scopes.
 TINYAUTH_OAUTH_PROVIDERS_name_SCOPES=
 # OAuth redirect URL.
 TINYAUTH_OAUTH_PROVIDERS_name_REDIRECTURL=
 # OAuth authorization URL.
 TINYAUTH_OAUTH_PROVIDERS_name_AUTHURL=
 # OAuth token URL.
 TINYAUTH_OAUTH_PROVIDERS_name_TOKENURL=
 # OAuth userinfo URL.
 TINYAUTH_OAUTH_PROVIDERS_name_USERINFOURL=
 # Allow insecure OAuth connections.
 TINYAUTH_OAUTH_PROVIDERS_name_INSECURE=false
 # Provider name in UI.
 TINYAUTH_OAUTH_PROVIDERS_name_NAME=
 # oidc config
 # Path to the private key file.
 TINYAUTH_OIDC_PRIVATEKEYPATH="./tinyauth_oidc_key"
 # Path to the public key file.
 TINYAUTH_OIDC_PUBLICKEYPATH="./tinyauth_oidc_key.pub"
 # OIDC client ID.
 TINYAUTH_OIDC_CLIENTS_name_CLIENTID=
 # OIDC client secret.
 TINYAUTH_OIDC_CLIENTS_name_CLIENTSECRET=
 # Path to the file containing the OIDC client secret.
 TINYAUTH_OIDC_CLIENTS_name_CLIENTSECRETFILE=
 # List of trusted redirect URIs.
 TINYAUTH_OIDC_CLIENTS_name_TRUSTEDREDIRECTURIS=
 # Client name in UI.
 TINYAUTH_OIDC_CLIENTS_name_NAME=
 # ui config
 # The title of the UI.
 TINYAUTH_UI_TITLE="Tinyauth"
 # Message displayed on the forgot password page.
 TINYAUTH_UI_FORGOTPASSWORDMESSAGE="You can change your password by changing the configuration."
 # Path to the background image.
 TINYAUTH_UI_BACKGROUNDIMAGE="/background.jpg"
 # Disable UI warnings.
 TINYAUTH_UI_DISABLEWARNINGS=false
 # ldap config
 # LDAP server address.
 TINYAUTH_LDAP_ADDRESS=
 # Bind DN for LDAP authentication.
 TINYAUTH_LDAP_BINDDN=
 # Bind password for LDAP authentication.
 TINYAUTH_LDAP_BINDPASSWORD=
 # Base DN for LDAP searches.
 TINYAUTH_LDAP_BASEDN=
 # Allow insecure LDAP connections.
 TINYAUTH_LDAP_INSECURE=false
 # LDAP search filter.
 TINYAUTH_LDAP_SEARCHFILTER="(uid=%s)"
 # Certificate for mTLS authentication.
 TINYAUTH_LDAP_AUTHCERT=
 # Certificate key for mTLS authentication.
 TINYAUTH_LDAP_AUTHKEY=
 # Cache duration for LDAP group membership in seconds.
 TINYAUTH_LDAP_GROUPCACHETTL=900
 # log config
 # Log level (trace, debug, info, warn, error).
 TINYAUTH_LOG_LEVEL="info"
 # Enable JSON formatted logs.
 TINYAUTH_LOG_JSON=false
 # Enable this log stream.
 TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_HTTP_LEVEL=
 # Enable this log stream.
 TINYAUTH_LOG_STREAMS_APP_ENABLED=true
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_APP_LEVEL=
 # Enable this log stream.
 TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,31 +18,17 @@ jobs:
      - name: Setup go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
          cd frontend
-          bun install --frozen-lockfile
+          bun install
      - name: Set version
        run: |
          echo testing > internal/assets/version
      - name: Lint frontend
        run: |
          cd frontend
          bun run lint
      - name: Build frontend
        run: |
          cd frontend
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -61,21 +61,12 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
          cd frontend
-          bun install --frozen-lockfile
+          bun install
      - name: Install backend dependencies
        run: |
@@ -89,7 +80,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X github.com/steveiliop56/tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
        env:
          CGO_ENABLED: 0
@@ -116,21 +107,12 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
          cd frontend
-          bun install --frozen-lockfile
+          bun install
      - name: Install backend dependencies
        run: |
@@ -144,7 +126,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X github.com/steveiliop56/tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
        env:
          CGO_ENABLED: 0
@@ -165,15 +147,6 @@ jobs:
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -198,9 +171,6 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -220,74 +190,6 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-distroless:
    runs-on: ubuntu-latest
    needs:
      - create-release
      - generate-metadata
      - image-build
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/amd64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-amd64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-build-arm:
    runs-on: ubuntu-24.04-arm
    needs:
@@ -299,15 +201,6 @@ jobs:
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -324,6 +217,10 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Set version
        run: |
          echo nightly > internal/assets/version
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
@@ -332,9 +229,6 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -354,74 +248,6 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-arm-distroless:
    runs-on: ubuntu-24.04-arm
    needs:
      - create-release
      - generate-metadata
      - image-build-arm
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/arm64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-arm64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-merge:
    runs-on: ubuntu-latest
    needs:
@@ -450,8 +276,6 @@ jobs:
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
          flavor: |
            latest=false
          tags: |
            type=raw,nightly
@@ -461,45 +285,6 @@ jobs:
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  image-merge-distroless:
    runs-on: ubuntu-latest
    needs:
      - image-build-distroless
      - image-build-arm-distroless
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-distroless-*
          merge-multiple: true
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
          flavor: |
            latest=false
          tags: |
            type=raw,nightly-distroless
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  update-release:
    runs-on: ubuntu-latest
    needs:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,21 +39,12 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
          cd frontend
-          bun install --frozen-lockfile
+          bun install
      - name: Install backend dependencies
        run: |
@@ -67,7 +58,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X github.com/steveiliop56/tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
        env:
          CGO_ENABLED: 0
@@ -91,21 +82,12 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
          cd frontend
-          bun install --frozen-lockfile
+          bun install
      - name: Install backend dependencies
        run: |
@@ -119,7 +101,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X github.com/steveiliop56/tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
        env:
          CGO_ENABLED: 0
@@ -137,15 +119,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -170,9 +143,6 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -192,71 +162,6 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-distroless:
    runs-on: ubuntu-latest
    needs:
      - generate-metadata
      - image-build
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/amd64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-amd64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-build-arm:
    runs-on: ubuntu-24.04-arm
    needs:
@@ -265,15 +170,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -298,9 +194,6 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -320,71 +213,6 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-arm-distroless:
    runs-on: ubuntu-24.04-arm
    needs:
      - generate-metadata
      - image-build-arm
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/arm64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-arm64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-merge:
    runs-on: ubuntu-latest
    needs:
@@ -413,55 +241,10 @@ jobs:
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
          flavor: |
            prefix=v,onlatest=false
          tags: |
-            type=semver,pattern={{version}}
+            type=semver,pattern={{version}},prefix=v
-            type=semver,pattern={{major}}
+            type=semver,pattern={{major}},prefix=v
-            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}.{{minor}},prefix=v
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  image-merge-distroless:
    runs-on: ubuntu-latest
    needs:
      - image-build-distroless
      - image-build-arm-distroless
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-distroless-*
          merge-multiple: true
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
          flavor: |
            latest=false
            prefix=v
            suffix=-distroless
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
--- a/.gitignore
+++ b/.gitignore
@@ -1,47 +1,29 @@
 # dist
-/internal/assets/dist
+internal/assets/dist
 # binaries
-/tinyauth
+tinyauth
 /tinyauth-arm64
 /tinyauth-amd64
 # test docker compose
-/docker-compose.test*
+docker-compose.test*
 # users file
-/users.txt
+users.txt
 # secret test file
-/secret*
+secret*
 # apple stuff
 .DS_Store
 # env
-/.env
+.env
 # tmp directory
-/tmp
+tmp
 # version files
 internal/assets/version
 # data directory
-/data
+data
 # config file
 /config.yml
 # binary out
 /tinyauth.db
 /resources
 # debug files
 __debug_*
 # infisical
 /.infisical.json
 # traefik data
 /traefik
 # generated markdown (for docs)
 /config.gen.md
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +0,0 @@
 [submodule "paerser"]
 	path = paerser
 	url = https://github.com/traefik/paerser
 	ignore = all
--- a/.zed/debug.json
+++ b/.zed/debug.json
@@ -1,13 +0,0 @@
 [
  {
    "label": "Attach to remote Delve",
    "adapter": "Delve",
    "mode": "remote",
    "remotePath": "/tinyauth",
    "request": "attach",
    "tcp_connection": {
      "host": "127.0.0.1",
      "port": 4000,
    },
  },
 ]
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@ Contributing is relatively easy, you just need to follow the steps below and you
 ## Requirements
 - Bun
- Golang 1.24.0+
+- Golang v1.23.2 and above
 - Git
 - Docker
@@ -18,21 +18,12 @@ git clone https://github.com/steveiliop56/tinyauth
 cd tinyauth
 ```
 ## Initialize submodules
 The project uses Git submodules for some dependencies, so you need to initialize them with:
 ```sh
 git submodule init
 git submodule update
 ```
 ## Install requirements
-Although you will not need the requirements in your machine since the development will happen in Docker, I still recommend to install them because this way you will not have import errors. To install the Go requirements run:
+Although you will not need the requirements in your machine since the development will happen in docker, I still recommend to install them because this way you will not have import errors. To install the go requirements run:
 ```sh
-go mod download
+go mod tidy
 ```
 You also need to download the frontend dependencies, this can be done like so:
@@ -42,21 +33,13 @@ cd frontend/
 bun install
 ```
 ## Apply patches
 Some of the dependencies need to be patched in order to work correctly with the project, you can apply the patches by running:
 ```sh
 git apply --directory paerser/ patches/nested_maps.diff
 ```
 ## Create your `.env` file
 In order to configure the app you need to create an environment file, this can be done by copying the `.env.example` file to `.env` and modifying the environment variables to suit your needs.
 ## Developing
-I have designed the development workflow to be entirely in Docker, this is because it will directly work with Traefik and you will not need to do any building in your host machine. The recommended development setup is to have a subdomain pointing to your machine like this:
+I have designed the development workflow to be entirely in docker, this is because it will directly work with traefik and you will not need to do any building in your host machine. The recommended development setup is to have a subdomain pointing to your machine like this:
 ```
 *.dev.example.com -> 127.0.0.1
@@ -66,7 +49,7 @@ dev.example.com -> 127.0.0.1
 > [!TIP]
 > You can use [sslip.io](https://sslip.io) as a domain if you don't have one to develop with.
-Then you can just make sure the domains are correct in the development Docker compose file and run:
+Then you can just make sure the domains are correct in the development docker compose file and run:
 ```sh
 docker compose -f docker-compose.dev.yml up --build
--- a/28
+++ b/28
@@ -1,12 +1,12 @@
 # Site builder
-FROM oven/bun:1.3.9-alpine AS frontend-builder
+FROM oven/bun:1.2.20-alpine AS frontend-builder
 WORKDIR /frontend
 COPY ./frontend/package.json ./
 COPY ./frontend/bun.lock ./
-RUN bun install --frozen-lockfile
+RUN bun install
 COPY ./frontend/public ./public
 COPY ./frontend/src ./src
@@ -28,41 +28,29 @@ ARG BUILD_TIMESTAMP
 WORKDIR /tinyauth
 COPY ./paerser ./paerser
 COPY go.mod ./
 COPY go.sum ./
 RUN go mod download
 COPY ./main.go ./
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
-RUN CGO_ENABLED=0 go build -ldflags "-s -w \
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${VERSION} -X tinyauth/internal/constants.CommitHash=${COMMIT_HASH} -X tinyauth/internal/constants.BuildTimestamp=${BUILD_TIMESTAMP}" 
    -X github.com/steveiliop56/tinyauth/internal/config.Version=${VERSION} \
    -X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${COMMIT_HASH} \
    -X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
 # Runner
-FROM alpine:3.23 AS runner
+FROM alpine:3.22 AS runner
 WORKDIR /tinyauth
-COPY --from=builder /tinyauth/tinyauth ./
+RUN apk add --no-cache curl
-RUN mkdir -p /data
+COPY --from=builder /tinyauth/tinyauth ./
 EXPOSE 3000
 VOLUME ["/data"]
-ENV TINYAUTH_DATABASEPATH=/data/tinyauth.db
+ENTRYPOINT ["./tinyauth"]
 ENV TINYAUTH_RESOURCESDIR=/data/resources
 ENV PATH=$PATH:/tinyauth
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]
 ENTRYPOINT ["tinyauth"]
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -2,24 +2,18 @@ FROM golang:1.25-alpine3.21
 WORKDIR /tinyauth
 COPY ./paerser ./paerser
 COPY go.mod ./
 COPY go.sum ./
 RUN go mod download
 RUN go install github.com/air-verse/air@v1.61.7
 RUN go install github.com/go-delve/delve/cmd/dlv@latest
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY ./main.go ./
 COPY ./air.toml ./
 RUN go install github.com/air-verse/air@v1.61.7
 EXPOSE 3000
 ENV TINYAUTH_DATABASEPATH=/data/tinyauth.db
 ENV TINYAUTH_RESOURCESDIR=/data/resources
 ENTRYPOINT ["air", "-c", "air.toml"]
--- a/Dockerfile.distroless
+++ b/Dockerfile.distroless
@@ -1,71 +0,0 @@
 # Site builder
 FROM oven/bun:1.3.9-alpine AS frontend-builder
 WORKDIR /frontend
 COPY ./frontend/package.json ./
 COPY ./frontend/bun.lock ./
 RUN bun install --frozen-lockfile
 COPY ./frontend/public ./public
 COPY ./frontend/src ./src
 COPY ./frontend/eslint.config.js ./
 COPY ./frontend/index.html ./
 COPY ./frontend/tsconfig.json ./
 COPY ./frontend/tsconfig.app.json ./
 COPY ./frontend/tsconfig.node.json ./
 COPY ./frontend/vite.config.ts ./
 RUN bun run build
 # Builder
 FROM golang:1.25-alpine3.21 AS builder
 ARG VERSION
 ARG COMMIT_HASH
 ARG BUILD_TIMESTAMP
 WORKDIR /tinyauth
 COPY ./paerser ./paerser
 COPY go.mod ./
 COPY go.sum ./
 RUN go mod download
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 RUN mkdir -p data
 RUN CGO_ENABLED=0 go build -ldflags "-s -w \
    -X github.com/steveiliop56/tinyauth/internal/config.Version=${VERSION} \
    -X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${COMMIT_HASH} \
    -X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
 # Runner
 FROM gcr.io/distroless/static-debian12:latest AS runner
 WORKDIR /tinyauth
 COPY --from=builder /tinyauth/tinyauth ./
 # Since it's distroless, we need to copy the data directory from the builder stage
 COPY --from=builder /tinyauth/data /data
 EXPOSE 3000
 VOLUME ["/data"]
 ENV TINYAUTH_DATABASEPATH=/data/tinyauth.db
 ENV TINYAUTH_RESOURCESDIR=/data/resources
 ENV PATH=$PATH:/tinyauth
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]
 ENTRYPOINT ["tinyauth"]
--- a/85
+++ b/85
@@ -1,85 +0,0 @@
 # Go specific stuff
 CGO_ENABLED := 0
 GOOS := $(shell go env GOOS)
 GOARCH := $(shell go env GOARCH)
 # Build out
 TAG_NAME := $(shell git describe --abbrev=0 --exact-match 2> /dev/null || echo "main")
 COMMIT_HASH := $(shell git rev-parse HEAD)
 BUILD_TIMESTAMP := $(shell date '+%Y-%m-%dT%H:%M:%S')
 BIN_NAME := tinyauth-$(GOARCH)
 # Development vars
 DEV_COMPOSE := $(shell test -f "docker-compose.test.yml" && echo "docker-compose.test.yml" || echo "docker-compose.dev.yml" )
 PROD_COMPOSE := $(shell test -f "docker-compose.test.prod.yml" && echo "docker-compose.test.prod.yml" || echo "docker-compose.example.yml" )
 # Deps
 deps:
 	bun install --cwd frontend
 	go mod download
 # Clean data
 clean-data:
 	rm -rf data/
 # Clean web UI build
 clean-webui:
 	rm -rf internal/assets/dist
 	rm -rf frontend/dist
 # Build the web UI
 webui: clean-webui
 	bun run --cwd frontend build
 	cp -r frontend/dist internal/assets
 # Build the binary
 binary: webui
 	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags "-s -w \
 	-X github.com/steveiliop56/tinyauth/internal/config.Version=${TAG_NAME} \
 	-X github.com/steveiliop56/tinyauth/internal/config.CommitHash=${COMMIT_HASH} \
 	-X github.com/steveiliop56/tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" \
 	-o ${BIN_NAME} ./cmd/tinyauth
 # Build for amd64
 binary-linux-amd64:
 	export BIN_NAME=tinyauth-amd64
 	export GOARCH=amd64
 	export GOOS=linux
 	$(MAKE) binary
 # Build for arm64
 binary-linux-arm64:
 	export BIN_NAME=tinyauth-arm64
 	export GOARCH=arm64
 	export GOOS=linux
 	$(MAKE) binary
 # Go test
 .PHONY: test
 test:
 	go test -v ./...
 # Development
 dev:
 	docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans --build
 # Development - Infisical
 dev-infisical:
 	infisical run --env=dev -- docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans --build
 # Production
 prod:
 	docker compose -f $(PROD_COMPOSE) up --force-recreate --pull=always --remove-orphans
 # Production - Infisical
 prod-infisical:
 	infisical run --env=dev -- docker compose -f $(PROD_COMPOSE) up --force-recreate --pull=always --remove-orphans
 # SQL
 .PHONY: sql
 sql:
 	sqlc generate
 # Go gen
 generate:
 	go run ./gen
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <div align="center">
    <img alt="Tinyauth" title="Tinyauth" width="96" src="assets/logo-rounded.png">
    <h1>Tinyauth</h1>
-    <p>The simplest way to protect your apps with a login screen.</p>
+    <p>The easiest way to secure your apps with a login screen.</p>
 </div>
 <div align="center">
@@ -14,7 +14,7 @@
 <br />
-Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
+Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github and any provider to all of your docker apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
 ![Screenshot](assets/screenshot.png)
@@ -23,7 +23,7 @@ Tinyauth is a simple authentication middleware that adds a simple login screen o
 ## Getting Started
-You can easily get started with Tinyauth by following the guide in the [documentation](https://tinyauth.app/docs/getting-started). There is also an available [docker compose](./docker-compose.example.yml) file that has Traefik, Whoami and Tinyauth to demonstrate its capabilities.
+You can easily get started with Tinyauth by following the guide in the [documentation](https://tinyauth.app/docs/getting-started.html). There is also an available [docker compose](./docker-compose.example.yml) file that has Traefik, Whoami and Tinyauth to demonstrate its capabilities.
 ## Demo
@@ -33,8 +33,6 @@ If you are still not sure if Tinyauth suits your needs you can try out the [demo
 You can find documentation and guides on all of the available configuration of Tinyauth in the [website](https://tinyauth.app).
 If you wish to contribute to the documentation head over to the [repository](https://github.com/steveiliop56/tinyauth-docs).
 ## Discord
 Tinyauth has a [discord](https://discord.gg/eHzVaCzRRd) server. Feel free to hop in to chat about self-hosting, homelabs and of course Tinyauth. See you there!
@@ -55,7 +53,7 @@ Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You ma
 A big thank you to the following people for providing me with more coffee:
-<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<a href="https://github.com/allgoewer"><img src="https:&#x2F;&#x2F;github.com&#x2F;allgoewer.png" width="64px" alt="User avatar: allgoewer" /></a>&nbsp;&nbsp;<a href="https://github.com/NEANC"><img src="https:&#x2F;&#x2F;github.com&#x2F;NEANC.png" width="64px" alt="User avatar: NEANC" /></a>&nbsp;&nbsp;<a href="https://github.com/algorist-ahmad"><img src="https:&#x2F;&#x2F;github.com&#x2F;algorist-ahmad.png" width="64px" alt="User avatar: algorist-ahmad" /></a>&nbsp;&nbsp;<!-- sponsors -->
+<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<!-- sponsors -->
 ## Acknowledgements
--- a/air.toml
+++ b/air.toml
@@ -2,10 +2,9 @@ root = "/tinyauth"
 tmp_dir = "tmp"
 [build]
-pre_cmd = ["mkdir -p internal/assets/dist", "mkdir -p /data", "echo 'backend running' > internal/assets/dist/index.html"]
+pre_cmd = ["mkdir -p internal/assets/dist", "echo 'backend running' > internal/assets/dist/index.html", "go install github.com/go-delve/delve/cmd/dlv@v1.25.0"]
-cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ./cmd/tinyauth"
+cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ."
-bin = "tmp/tinyauth"
+bin = "/go/bin/dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 full_bin = "dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 include_ext = ["go"]
 exclude_dir = ["internal/assets/dist"]
 exclude_regex = [".*_test\\.go"]
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -0,0 +1,134 @@
 package cmd
 import (
 	"strings"
 	totpCmd "tinyauth/cmd/totp"
 	userCmd "tinyauth/cmd/user"
 	"tinyauth/internal/bootstrap"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils"
 	"github.com/go-playground/validator/v10"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 var rootCmd = &cobra.Command{
 	Use:   "tinyauth",
 	Short: "The simplest way to protect your apps with a login screen.",
 	Long:  `Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic OAuth provider to all of your docker apps.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		var conf config.Config
 		err := viper.Unmarshal(&conf)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to parse config")
 		}
 		// Check if secrets have a file associated with them
 		conf.GithubClientSecret = utils.GetSecret(conf.GithubClientSecret, conf.GithubClientSecretFile)
 		conf.GoogleClientSecret = utils.GetSecret(conf.GoogleClientSecret, conf.GoogleClientSecretFile)
 		conf.GenericClientSecret = utils.GetSecret(conf.GenericClientSecret, conf.GenericClientSecretFile)
 		// Validate config
 		v := validator.New()
 		err = v.Struct(conf)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Invalid config")
 		}
 		log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel)))
 		log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting tinyauth")
 		// Create bootstrap app
 		app := bootstrap.NewBootstrapApp(conf)
 		// Run
 		err = app.Setup()
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to setup app")
 		}
 	},
 }
 func Execute() {
 	err := rootCmd.Execute()
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to execute command")
 	}
 }
 func init() {
 	rootCmd.AddCommand(userCmd.UserCmd())
 	rootCmd.AddCommand(totpCmd.TotpCmd())
 	viper.AutomaticEnv()
 	configOptions := []struct {
 		name        string
 		defaultVal  any
 		description string
 	}{
 		{"port", 3000, "Port to run the server on."},
 		{"address", "0.0.0.0", "Address to bind the server to."},
 		{"app-url", "", "The Tinyauth URL."},
 		{"users", "", "Comma separated list of users in the format username:hash."},
 		{"users-file", "", "Path to a file containing users in the format username:hash."},
 		{"secure-cookie", false, "Send cookie over secure connection only."},
 		{"github-client-id", "", "Github OAuth client ID."},
 		{"github-client-secret", "", "Github OAuth client secret."},
 		{"github-client-secret-file", "", "Github OAuth client secret file."},
 		{"google-client-id", "", "Google OAuth client ID."},
 		{"google-client-secret", "", "Google OAuth client secret."},
 		{"google-client-secret-file", "", "Google OAuth client secret file."},
 		{"generic-client-id", "", "Generic OAuth client ID."},
 		{"generic-client-secret", "", "Generic OAuth client secret."},
 		{"generic-client-secret-file", "", "Generic OAuth client secret file."},
 		{"generic-scopes", "", "Generic OAuth scopes."},
 		{"generic-auth-url", "", "Generic OAuth auth URL."},
 		{"generic-token-url", "", "Generic OAuth token URL."},
 		{"generic-user-url", "", "Generic OAuth user info URL."},
 		{"generic-name", "Generic", "Generic OAuth provider name."},
 		{"generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider."},
 		{"disable-continue", false, "Disable continue screen and redirect to app directly."},
 		{"oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth."},
 		{"oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)"},
 		{"session-expiry", 86400, "Session (cookie) expiration time in seconds."},
 		{"login-timeout", 300, "Login timeout in seconds after max retries reached (0 to disable)."},
 		{"login-max-retries", 5, "Maximum login attempts before timeout (0 to disable)."},
 		{"log-level", "info", "Log level."},
 		{"app-title", "Tinyauth", "Title of the app."},
 		{"forgot-password-message", "", "Message to show on the forgot password page."},
 		{"background-image", "/background.jpg", "Background image URL for the login page."},
 		{"ldap-address", "", "LDAP server address (e.g. ldap://localhost:389)."},
 		{"ldap-bind-dn", "", "LDAP bind DN (e.g. uid=user,dc=example,dc=com)."},
 		{"ldap-bind-password", "", "LDAP bind password."},
 		{"ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com)."},
 		{"ldap-insecure", false, "Skip certificate verification for the LDAP server."},
 		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
 		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
 	}
 	for _, opt := range configOptions {
 		switch v := opt.defaultVal.(type) {
 		case bool:
 			rootCmd.Flags().Bool(opt.name, v, opt.description)
 		case int:
 			rootCmd.Flags().Int(opt.name, v, opt.description)
 		case string:
 			rootCmd.Flags().String(opt.name, v, opt.description)
 		}
 		// Create uppercase env var name
 		envVar := strings.ReplaceAll(strings.ToUpper(opt.name), "-", "_")
 		viper.BindEnv(opt.name, envVar)
 	}
 	viper.BindPFlags(rootCmd.Flags())
 }
--- a/cmd/tinyauth/create.go
+++ b/cmd/tinyauth/create.go
@@ -1,95 +0,0 @@
 package main
 import (
 	"errors"
 	"fmt"
 	"strings"
 	"github.com/charmbracelet/huh"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 	"github.com/traefik/paerser/cli"
 	"golang.org/x/crypto/bcrypt"
 )
 type CreateUserConfig struct {
 	Interactive bool   `description:"Create a user interactively."`
 	Docker      bool   `description:"Format output for docker."`
 	Username    string `description:"Username."`
 	Password    string `description:"Password."`
 }
 func NewCreateUserConfig() *CreateUserConfig {
 	return &CreateUserConfig{
 		Interactive: false,
 		Docker:      false,
 		Username:    "",
 		Password:    "",
 	}
 }
 func createUserCmd() *cli.Command {
 	tCfg := NewCreateUserConfig()
 	loaders := []cli.ResourceLoader{
 		&cli.FlagLoader{},
 	}
 	return &cli.Command{
 		Name:          "create",
 		Description:   "Create a user",
 		Configuration: tCfg,
 		Resources:     loaders,
 		Run: func(_ []string) error {
 			tlog.NewSimpleLogger().Init()
 			if tCfg.Interactive {
 				form := huh.NewForm(
 					huh.NewGroup(
 						huh.NewInput().Title("Username").Value(&tCfg.Username).Validate((func(s string) error {
 							if s == "" {
 								return errors.New("username cannot be empty")
 							}
 							return nil
 						})),
 						huh.NewInput().Title("Password").Value(&tCfg.Password).Validate((func(s string) error {
 							if s == "" {
 								return errors.New("password cannot be empty")
 							}
 							return nil
 						})),
 						huh.NewSelect[bool]().Title("Format the output for Docker?").Options(huh.NewOption("Yes", true), huh.NewOption("No", false)).Value(&tCfg.Docker),
 					),
 				)
 				var baseTheme *huh.Theme = huh.ThemeBase()
 				err := form.WithTheme(baseTheme).Run()
 				if err != nil {
 					return fmt.Errorf("failed to run interactive prompt: %w", err)
 				}
 			}
 			if tCfg.Username == "" || tCfg.Password == "" {
 				return errors.New("username and password cannot be empty")
 			}
 			tlog.App.Info().Str("username", tCfg.Username).Msg("Creating user")
 			passwd, err := bcrypt.GenerateFromPassword([]byte(tCfg.Password), bcrypt.DefaultCost)
 			if err != nil {
 				return fmt.Errorf("failed to hash password: %w", err)
 			}
 			// If docker format is enabled, escape the dollar sign
 			passwdStr := string(passwd)
 			if tCfg.Docker {
 				passwdStr = strings.ReplaceAll(passwdStr, "$", "$$")
 			}
 			tlog.App.Info().Str("user", fmt.Sprintf("%s:%s", tCfg.Username, passwdStr)).Msg("User created")
 			return nil
 		},
 	}
 }
--- a/cmd/tinyauth/generate.go
+++ b/cmd/tinyauth/generate.go
@@ -1,118 +0,0 @@
 package main
 import (
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"
 	"github.com/pquerna/otp/totp"
 	"github.com/traefik/paerser/cli"
 )
 type GenerateTotpConfig struct {
 	Interactive bool   `description:"Generate a TOTP secret interactively."`
 	User        string `description:"Your current user (username:hash)."`
 }
 func NewGenerateTotpConfig() *GenerateTotpConfig {
 	return &GenerateTotpConfig{
 		Interactive: false,
 		User:        "",
 	}
 }
 func generateTotpCmd() *cli.Command {
 	tCfg := NewGenerateTotpConfig()
 	loaders := []cli.ResourceLoader{
 		&cli.FlagLoader{},
 	}
 	return &cli.Command{
 		Name:          "generate",
 		Description:   "Generate a TOTP secret",
 		Configuration: tCfg,
 		Resources:     loaders,
 		Run: func(_ []string) error {
 			tlog.NewSimpleLogger().Init()
 			if tCfg.Interactive {
 				form := huh.NewForm(
 					huh.NewGroup(
 						huh.NewInput().Title("Current user (username:hash)").Value(&tCfg.User).Validate((func(s string) error {
 							if s == "" {
 								return errors.New("user cannot be empty")
 							}
 							return nil
 						})),
 					),
 				)
 				var baseTheme *huh.Theme = huh.ThemeBase()
 				err := form.WithTheme(baseTheme).Run()
 				if err != nil {
 					return fmt.Errorf("failed to run interactive prompt: %w", err)
 				}
 			}
 			user, err := utils.ParseUser(tCfg.User)
 			if err != nil {
 				return fmt.Errorf("failed to parse user: %w", err)
 			}
 			docker := false
 			if strings.Contains(tCfg.User, "$$") {
 				docker = true
 			}
 			if user.TotpSecret != "" {
 				return fmt.Errorf("user already has a TOTP secret")
 			}
 			key, err := totp.Generate(totp.GenerateOpts{
 				Issuer:      "Tinyauth",
 				AccountName: user.Username,
 			})
 			if err != nil {
 				return fmt.Errorf("failed to generate TOTP secret: %w", err)
 			}
 			secret := key.Secret()
 			tlog.App.Info().Str("secret", secret).Msg("Generated TOTP secret")
 			tlog.App.Info().Msg("Generated QR code")
 			config := qrterminal.Config{
 				Level:     qrterminal.L,
 				Writer:    os.Stdout,
 				BlackChar: qrterminal.BLACK,
 				WhiteChar: qrterminal.WHITE,
 				QuietZone: 2,
 			}
 			qrterminal.GenerateWithConfig(key.URL(), config)
 			user.TotpSecret = secret
 			// If using docker escape re-escape it
 			if docker {
 				user.Password = strings.ReplaceAll(user.Password, "$", "$$")
 			}
 			tlog.App.Info().Str("user", fmt.Sprintf("%s:%s:%s", user.Username, user.Password, user.TotpSecret)).Msg("Add the totp secret to your authenticator app then use the verify command to ensure everything is working correctly.")
 			return nil
 		},
 	}
 }
--- a/cmd/tinyauth/healthcheck.go
+++ b/cmd/tinyauth/healthcheck.go
@@ -1,91 +0,0 @@
 package main
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"time"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 	"github.com/traefik/paerser/cli"
 )
 type healthzResponse struct {
 	Status  string `json:"status"`
 	Message string `json:"message"`
 }
 func healthcheckCmd() *cli.Command {
 	return &cli.Command{
 		Name:          "healthcheck",
 		Description:   "Perform a health check",
 		Configuration: nil,
 		Resources:     nil,
 		AllowArg:      true,
 		Run: func(args []string) error {
 			tlog.NewSimpleLogger().Init()
 			appUrl := "http://127.0.0.1:3000"
 			srvAddr := os.Getenv("TINYAUTH_SERVER_ADDRESS")
 			srvPort := os.Getenv("TINYAUTH_SERVER_PORT")
 			if srvAddr != "" && srvPort != "" {
 				appUrl = fmt.Sprintf("http://%s:%s", srvAddr, srvPort)
 			}
 			if len(args) > 0 {
 				appUrl = args[0]
 			}
 			if appUrl == "" {
 				return errors.New("Could not determine app URL")
 			}
 			tlog.App.Info().Str("app_url", appUrl).Msg("Performing health check")
 			client := http.Client{
 				Timeout: 30 * time.Second,
 			}
 			req, err := http.NewRequest("GET", appUrl+"/api/healthz", nil)
 			if err != nil {
 				return fmt.Errorf("failed to create request: %w", err)
 			}
 			resp, err := client.Do(req)
 			if err != nil {
 				return fmt.Errorf("failed to perform request: %w", err)
 			}
 			if resp.StatusCode != http.StatusOK {
 				return fmt.Errorf("service is not healthy, got: %s", resp.Status)
 			}
 			defer resp.Body.Close()
 			var healthResp healthzResponse
 			body, err := io.ReadAll(resp.Body)
 			if err != nil {
 				return fmt.Errorf("failed to read response: %w", err)
 			}
 			err = json.Unmarshal(body, &healthResp)
 			if err != nil {
 				return fmt.Errorf("failed to decode response: %w", err)
 			}
 			tlog.App.Info().Interface("response", healthResp).Msg("Tinyauth is healthy")
 			return nil
 		},
 	}
 }
--- a/cmd/tinyauth/tinyauth.go
+++ b/cmd/tinyauth/tinyauth.go
@@ -1,108 +0,0 @@
 package main
 import (
 	"fmt"
 	"github.com/steveiliop56/tinyauth/internal/bootstrap"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/utils/loaders"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 	"github.com/rs/zerolog/log"
 	"github.com/traefik/paerser/cli"
 )
 func main() {
 	tConfig := config.NewDefaultConfiguration()
 	loaders := []cli.ResourceLoader{
 		&loaders.FileLoader{},
 		&loaders.FlagLoader{},
 		&loaders.EnvLoader{},
 	}
 	cmdTinyauth := &cli.Command{
 		Name:          "tinyauth",
 		Description:   "The simplest way to protect your apps with a login screen.",
 		Configuration: tConfig,
 		Resources:     loaders,
 		Run: func(_ []string) error {
 			return runCmd(*tConfig)
 		},
 	}
 	cmdUser := &cli.Command{
 		Name:        "user",
 		Description: "Utilities for creating and verifying Tinyauth users.",
 	}
 	cmdTotp := &cli.Command{
 		Name:        "totp",
 		Description: "Utilities for creating Tinyauth TOTP users.",
 	}
 	err := cmdTinyauth.AddCommand(versionCmd())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add version command")
 	}
 	err = cmdUser.AddCommand(verifyUserCmd())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add verify command")
 	}
 	err = cmdTinyauth.AddCommand(healthcheckCmd())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add healthcheck command")
 	}
 	err = cmdTotp.AddCommand(generateTotpCmd())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add generate command")
 	}
 	err = cmdUser.AddCommand(createUserCmd())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add create command")
 	}
 	err = cmdTinyauth.AddCommand(cmdUser)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add user command")
 	}
 	err = cmdTinyauth.AddCommand(cmdTotp)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to add totp command")
 	}
 	err = cli.Execute(cmdTinyauth)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to execute command")
 	}
 }
 func runCmd(cfg config.Config) error {
 	logger := tlog.NewLogger(cfg.Log)
 	logger.Init()
 	tlog.App.Info().Str("version", config.Version).Msg("Starting tinyauth")
 	app := bootstrap.NewBootstrapApp(cfg)
 	err := app.Setup()
 	if err != nil {
 		return fmt.Errorf("failed to bootstrap app: %w", err)
 	}
 	return nil
 }
--- a/cmd/tinyauth/verify.go
+++ b/cmd/tinyauth/verify.go
@@ -1,118 +0,0 @@
 package main
 import (
 	"errors"
 	"fmt"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"
 	"github.com/traefik/paerser/cli"
 	"golang.org/x/crypto/bcrypt"
 )
 type VerifyUserConfig struct {
 	Interactive bool   `description:"Validate a user interactively."`
 	Username    string `description:"Username."`
 	Password    string `description:"Password."`
 	Totp        string `description:"TOTP code."`
 	User        string `description:"Hash (username:hash:totp)."`
 }
 func NewVerifyUserConfig() *VerifyUserConfig {
 	return &VerifyUserConfig{
 		Interactive: false,
 		Username:    "",
 		Password:    "",
 		Totp:        "",
 		User:        "",
 	}
 }
 func verifyUserCmd() *cli.Command {
 	tCfg := NewVerifyUserConfig()
 	loaders := []cli.ResourceLoader{
 		&cli.FlagLoader{},
 	}
 	return &cli.Command{
 		Name:          "verify",
 		Description:   "Verify a user is set up correctly.",
 		Configuration: tCfg,
 		Resources:     loaders,
 		Run: func(_ []string) error {
 			tlog.NewSimpleLogger().Init()
 			if tCfg.Interactive {
 				form := huh.NewForm(
 					huh.NewGroup(
 						huh.NewInput().Title("User (username:hash:totp)").Value(&tCfg.User).Validate((func(s string) error {
 							if s == "" {
 								return errors.New("user cannot be empty")
 							}
 							return nil
 						})),
 						huh.NewInput().Title("Username").Value(&tCfg.Username).Validate((func(s string) error {
 							if s == "" {
 								return errors.New("username cannot be empty")
 							}
 							return nil
 						})),
 						huh.NewInput().Title("Password").Value(&tCfg.Password).Validate((func(s string) error {
 							if s == "" {
 								return errors.New("password cannot be empty")
 							}
 							return nil
 						})),
 						huh.NewInput().Title("TOTP Code (optional)").Value(&tCfg.Totp),
 					),
 				)
 				var baseTheme *huh.Theme = huh.ThemeBase()
 				err := form.WithTheme(baseTheme).Run()
 				if err != nil {
 					return fmt.Errorf("failed to run interactive prompt: %w", err)
 				}
 			}
 			user, err := utils.ParseUser(tCfg.User)
 			if err != nil {
 				return fmt.Errorf("failed to parse user: %w", err)
 			}
 			if user.Username != tCfg.Username {
 				return fmt.Errorf("username is incorrect")
 			}
 			err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(tCfg.Password))
 			if err != nil {
 				return fmt.Errorf("password is incorrect: %w", err)
 			}
 			if user.TotpSecret == "" {
 				if tCfg.Totp != "" {
 					tlog.App.Warn().Msg("User does not have TOTP secret")
 				}
 				tlog.App.Info().Msg("User verified")
 				return nil
 			}
 			ok := totp.Validate(tCfg.Totp, user.TotpSecret)
 			if !ok {
 				return fmt.Errorf("TOTP code incorrect")
 			}
 			tlog.App.Info().Msg("User verified")
 			return nil
 		},
 	}
 }
--- a/cmd/tinyauth/version.go
+++ b/cmd/tinyauth/version.go
@@ -1,24 +0,0 @@
 package main
 import (
 	"fmt"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/traefik/paerser/cli"
 )
 func versionCmd() *cli.Command {
 	return &cli.Command{
 		Name:          "version",
 		Description:   "Print the version number of Tinyauth.",
 		Configuration: nil,
 		Resources:     nil,
 		Run: func(_ []string) error {
 			fmt.Printf("Version: %s\n", config.Version)
 			fmt.Printf("Commit Hash: %s\n", config.CommitHash)
 			fmt.Printf("Build Timestamp: %s\n", config.BuildTimestamp)
 			return nil
 		},
 	}
 }
--- a/cmd/totp/generate/generate.go
+++ b/cmd/totp/generate/generate.go
@@ -0,0 +1,99 @@
 package generate
 import (
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"
 	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
 var interactive bool
 // Input user
 var iUser string
 var GenerateCmd = &cobra.Command{
 	Use:   "generate",
 	Short: "Generate a totp secret",
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger = log.Level(zerolog.InfoLevel)
 		if interactive {
 			form := huh.NewForm(
 				huh.NewGroup(
 					huh.NewInput().Title("Current username:hash").Value(&iUser).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("user cannot be empty")
 						}
 						return nil
 					})),
 				),
 			)
 			var baseTheme *huh.Theme = huh.ThemeBase()
 			err := form.WithTheme(baseTheme).Run()
 			if err != nil {
 				log.Fatal().Err(err).Msg("Form failed")
 			}
 		}
 		user, err := utils.ParseUser(iUser)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to parse user")
 		}
 		dockerEscape := false
 		if strings.Contains(iUser, "$$") {
 			dockerEscape = true
 		}
 		if user.TotpSecret != "" {
 			log.Fatal().Msg("User already has a totp secret")
 		}
 		key, err := totp.Generate(totp.GenerateOpts{
 			Issuer:      "Tinyauth",
 			AccountName: user.Username,
 		})
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to generate totp secret")
 		}
 		secret := key.Secret()
 		log.Info().Str("secret", secret).Msg("Generated totp secret")
 		log.Info().Msg("Generated QR code")
 		config := qrterminal.Config{
 			Level:     qrterminal.L,
 			Writer:    os.Stdout,
 			BlackChar: qrterminal.BLACK,
 			WhiteChar: qrterminal.WHITE,
 			QuietZone: 2,
 		}
 		qrterminal.GenerateWithConfig(key.URL(), config)
 		user.TotpSecret = secret
 		// If using docker escape re-escape it
 		if dockerEscape {
 			user.Password = strings.ReplaceAll(user.Password, "$", "$$")
 		}
 		log.Info().Str("user", fmt.Sprintf("%s:%s:%s", user.Username, user.Password, user.TotpSecret)).Msg("Add the totp secret to your authenticator app then use the verify command to ensure everything is working correctly.")
 	},
 }
 func init() {
 	GenerateCmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "Run in interactive mode")
 	GenerateCmd.Flags().StringVar(&iUser, "user", "", "Your current username:hash")
 }
--- a/cmd/totp/totp.go
+++ b/cmd/totp/totp.go
@@ -0,0 +1,17 @@
 package cmd
 import (
 	"tinyauth/cmd/totp/generate"
 	"github.com/spf13/cobra"
 )
 func TotpCmd() *cobra.Command {
 	totpCmd := &cobra.Command{
 		Use:   "totp",
 		Short: "Totp utilities",
 		Long:  `Utilities for creating and verifying totp codes.`,
 	}
 	totpCmd.AddCommand(generate.GenerateCmd)
 	return totpCmd
 }
--- a/cmd/user/create/create.go
+++ b/cmd/user/create/create.go
@@ -0,0 +1,80 @@
 package create
 import (
 	"errors"
 	"fmt"
 	"strings"
 	"github.com/charmbracelet/huh"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
 )
 var interactive bool
 var docker bool
 // i stands for input
 var iUsername string
 var iPassword string
 var CreateCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create a user",
 	Long:  `Create a user either interactively or by passing flags.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger = log.Level(zerolog.InfoLevel)
 		if interactive {
 			form := huh.NewForm(
 				huh.NewGroup(
 					huh.NewInput().Title("Username").Value(&iUsername).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("username cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Password").Value(&iPassword).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("password cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewSelect[bool]().Title("Format the output for docker?").Options(huh.NewOption("Yes", true), huh.NewOption("No", false)).Value(&docker),
 				),
 			)
 			var baseTheme *huh.Theme = huh.ThemeBase()
 			err := form.WithTheme(baseTheme).Run()
 			if err != nil {
 				log.Fatal().Err(err).Msg("Form failed")
 			}
 		}
 		if iUsername == "" || iPassword == "" {
 			log.Fatal().Err(errors.New("error invalid input")).Msg("Username and password cannot be empty")
 		}
 		log.Info().Str("username", iUsername).Str("password", iPassword).Bool("docker", docker).Msg("Creating user")
 		password, err := bcrypt.GenerateFromPassword([]byte(iPassword), bcrypt.DefaultCost)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to hash password")
 		}
 		// If docker format is enabled, escape the dollar sign
 		passwordString := string(password)
 		if docker {
 			passwordString = strings.ReplaceAll(passwordString, "$", "$$")
 		}
 		log.Info().Str("user", fmt.Sprintf("%s:%s", iUsername, passwordString)).Msg("User created")
 	},
 }
 func init() {
 	CreateCmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "Create a user interactively")
 	CreateCmd.Flags().BoolVar(&docker, "docker", false, "Format output for docker")
 	CreateCmd.Flags().StringVar(&iUsername, "username", "", "Username")
 	CreateCmd.Flags().StringVar(&iPassword, "password", "", "Password")
 }
--- a/cmd/user/user.go
+++ b/cmd/user/user.go
@@ -0,0 +1,19 @@
 package cmd
 import (
 	"tinyauth/cmd/user/create"
 	"tinyauth/cmd/user/verify"
 	"github.com/spf13/cobra"
 )
 func UserCmd() *cobra.Command {
 	userCmd := &cobra.Command{
 		Use:   "user",
 		Short: "User utilities",
 		Long:  `Utilities for creating and verifying tinyauth compatible users.`,
 	}
 	userCmd.AddCommand(create.CreateCmd)
 	userCmd.AddCommand(verify.VerifyCmd)
 	return userCmd
 }
--- a/cmd/user/verify/verify.go
+++ b/cmd/user/verify/verify.go
@@ -0,0 +1,101 @@
 package verify
 import (
 	"errors"
 	"tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
 )
 var interactive bool
 var docker bool
 // i stands for input
 var iUsername string
 var iPassword string
 var iTotp string
 var iUser string
 var VerifyCmd = &cobra.Command{
 	Use:   "verify",
 	Short: "Verify a user is set up correctly",
 	Long:  `Verify a user is set up correctly meaning that it has a correct username, password and totp code.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger = log.Level(zerolog.InfoLevel)
 		if interactive {
 			form := huh.NewForm(
 				huh.NewGroup(
 					huh.NewInput().Title("User (username:hash:totp)").Value(&iUser).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("user cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Username").Value(&iUsername).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("username cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Password").Value(&iPassword).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("password cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Totp Code (if setup)").Value(&iTotp),
 				),
 			)
 			var baseTheme *huh.Theme = huh.ThemeBase()
 			err := form.WithTheme(baseTheme).Run()
 			if err != nil {
 				log.Fatal().Err(err).Msg("Form failed")
 			}
 		}
 		user, err := utils.ParseUser(iUser)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to parse user")
 		}
 		if user.Username != iUsername {
 			log.Fatal().Msg("Username is incorrect")
 		}
 		err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
 		if err != nil {
 			log.Fatal().Msg("Ppassword is incorrect")
 		}
 		if user.TotpSecret == "" {
 			if iTotp != "" {
 				log.Warn().Msg("User does not have 2fa secret")
 			}
 			log.Info().Msg("User verified")
 			return
 		}
 		ok := totp.Validate(iTotp, user.TotpSecret)
 		if !ok {
 			log.Fatal().Msg("Totp code incorrect")
 		}
 		log.Info().Msg("User verified")
 	},
 }
 func init() {
 	VerifyCmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "Create a user interactively")
 	VerifyCmd.Flags().BoolVar(&docker, "docker", false, "Is the user formatted for docker?")
 	VerifyCmd.Flags().StringVar(&iUsername, "username", "", "Username")
 	VerifyCmd.Flags().StringVar(&iPassword, "password", "", "Password")
 	VerifyCmd.Flags().StringVar(&iTotp, "totp", "", "Totp code")
 	VerifyCmd.Flags().StringVar(&iUser, "user", "", "Hash (username:hash:totp combination)")
 }
--- a/cmd/version.go
+++ b/cmd/version.go
@@ -0,0 +1,23 @@
 package cmd
 import (
 	"fmt"
 	"tinyauth/internal/config"
 	"github.com/spf13/cobra"
 )
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print the version number of Tinyauth",
 	Long:  `All software has versions. This is Tinyauth's`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Printf("Version: %s\n", config.Version)
 		fmt.Printf("Commit Hash: %s\n", config.CommitHash)
 		fmt.Printf("Build Timestamp: %s\n", config.BuildTimestamp)
 	},
 }
 func init() {
 	rootCmd.AddCommand(versionCmd)
 }
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -1,7 +1,7 @@
 services:
  traefik:
    container_name: traefik
-    image: traefik:v3.6
+    image: traefik:v3.3
    command: --api.insecure=true --providers.docker
    ports:
      - 80:80
@@ -13,7 +13,7 @@ services:
    image: traefik/whoami:latest
    labels:
      traefik.enable: true
-      traefik.http.routers.whoami.rule: Host(`whoami.127.0.0.1.sslip.io`)
+      traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
      traefik.http.routers.whoami.middlewares: tinyauth
  tinyauth-frontend:
@@ -27,21 +27,18 @@ services:
      - 5173:5173
    labels:
      traefik.enable: true
-      traefik.http.routers.tinyauth.rule: Host(`tinyauth.127.0.0.1.sslip.io`)
+      traefik.http.routers.tinyauth.rule: Host(`tinyauth.example.com`)
  tinyauth-backend:
    container_name: tinyauth-backend
    build:
      context: .
      dockerfile: Dockerfile.dev
      args:
        - VERSION=development
        - COMMIT_HASH=development
        - BUILD_TIMESTAMP=000-00-00T00:00:00Z
    env_file: .env
    volumes:
      - ./internal:/tinyauth/internal
      - ./cmd:/tinyauth/cmd
      - ./main.go:/tinyauth/main.go
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/data
    ports:
@@ -50,4 +47,3 @@ services:
    labels:
      traefik.enable: true
      traefik.http.middlewares.tinyauth.forwardauth.address: http://tinyauth-backend:3000/api/auth/traefik
      traefik.http.middlewares.tinyauth.forwardauth.authResponseHeaders: remote-user, remote-sub, remote-name, remote-email, remote-groups
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -1,7 +1,7 @@
 services:
  traefik:
    container_name: traefik
-    image: traefik:v3.6
+    image: traefik:v3.3
    command: --api.insecure=true --providers.docker
    ports:
      - 80:80
@@ -20,8 +20,8 @@ services:
    container_name: tinyauth
    image: ghcr.io/steveiliop56/tinyauth:v3
    environment:
-      - TINYAUTH_APPURL=https://tinyauth.example.com
+      - APP_URL=https://tinyauth.example.com
-      - TINYAUTH_AUTH_USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
+      - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
    volumes:
      - ./data:/data
    labels:
--- a/frontend/.gitignore
+++ b/frontend/.gitignore
@@ -22,6 +22,3 @@ dist-ssr
 *.njsproj
 *.sln
 *.sw?
 # Stats out
 stats.html
--- a/frontend/bun.lock
+++ b/frontend/bun.lock
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -8,11 +8,10 @@
    <link rel="shortcut icon" href="/favicon.ico" />
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
    <meta name="apple-mobile-web-app-title" content="Tinyauth" />
    <meta name="robots" content="nofollow, noindex" />
    <link rel="manifest" href="/site.webmanifest" />
    <title>Tinyauth</title>
  </head>
-  <body>
+  <body class="dark">
    <div id="root"></div>
    <script type="module" src="/src/main.tsx"></script>
  </body>
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "tinyauth",
+  "name": "tinyauth-shadcn",
  "private": true,
  "version": "0.0.0",
  "type": "module",
@@ -7,54 +7,52 @@
    "dev": "vite",
    "build": "tsc -b && vite build",
    "lint": "eslint .",
-    "preview": "vite preview",
+    "preview": "vite preview"
    "tsc": "tsc -b"
  },
  "dependencies": {
-    "@hookform/resolvers": "^5.2.2",
+    "@hookform/resolvers": "^5.2.1",
-    "@radix-ui/react-dropdown-menu": "^2.1.16",
+    "@radix-ui/react-label": "^2.1.7",
-    "@radix-ui/react-label": "^2.1.8",
+    "@radix-ui/react-select": "^2.2.5",
-    "@radix-ui/react-select": "^2.2.6",
+    "@radix-ui/react-separator": "^1.1.7",
-    "@radix-ui/react-separator": "^1.1.8",
+    "@radix-ui/react-slot": "^1.2.3",
-    "@radix-ui/react-slot": "^1.2.4",
+    "@tailwindcss/vite": "^4.1.11",
-    "@tailwindcss/vite": "^4.1.18",
+    "@tanstack/react-query": "^5.84.1",
-    "@tanstack/react-query": "^5.90.21",
+    "axios": "^1.11.0",
    "axios": "^1.13.5",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
-    "i18next": "^25.8.7",
+    "dompurify": "^3.2.6",
-    "i18next-browser-languagedetector": "^8.2.1",
+    "i18next": "^25.3.2",
    "i18next-browser-languagedetector": "^8.2.0",
    "i18next-resources-to-backend": "^1.2.1",
    "input-otp": "^1.4.2",
-    "lucide-react": "^0.564.0",
+    "lucide-react": "^0.539.0",
    "next-themes": "^0.4.6",
-    "react": "^19.2.4",
+    "react": "^19.1.1",
-    "react-dom": "^19.2.4",
+    "react-dom": "^19.1.1",
-    "react-hook-form": "^7.71.1",
+    "react-hook-form": "^7.62.0",
-    "react-i18next": "^16.5.4",
+    "react-i18next": "^15.6.1",
    "react-markdown": "^10.1.0",
-    "react-router": "^7.13.0",
+    "react-router": "^7.8.0",
    "sonner": "^2.0.7",
-    "tailwind-merge": "^3.4.1",
+    "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.18",
+    "tailwindcss": "^4.1.11",
-    "zod": "^4.3.6"
+    "zod": "^4.0.15"
  },
  "devDependencies": {
-    "@eslint/js": "^10.0.1",
+    "@eslint/js": "^9.32.0",
-    "@tanstack/eslint-plugin-query": "^5.91.4",
+    "@tanstack/eslint-plugin-query": "^5.83.1",
-    "@types/node": "^25.2.3",
+    "@types/node": "^24.2.0",
-    "@types/react": "^19.2.14",
+    "@types/react": "^19.1.9",
-    "@types/react-dom": "^19.2.3",
+    "@types/react-dom": "^19.1.7",
-    "@vitejs/plugin-react": "^5.1.4",
+    "@vitejs/plugin-react": "^5.0.0",
-    "eslint": "^10.0.0",
+    "eslint": "^9.32.0",
-    "eslint-plugin-react-hooks": "^7.0.1",
+    "eslint-plugin-react-hooks": "^5.2.0",
-    "eslint-plugin-react-refresh": "^0.5.0",
+    "eslint-plugin-react-refresh": "^0.4.19",
-    "globals": "^17.3.0",
+    "globals": "^16.3.0",
-    "prettier": "3.8.1",
+    "prettier": "3.6.2",
-    "rollup-plugin-visualizer": "^6.0.5",
+    "tw-animate-css": "^1.3.6",
-    "tw-animate-css": "^1.4.0",
+    "typescript": "~5.9.2",
-    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.39.0",
-    "typescript-eslint": "^8.55.0",
+    "vite": "^7.1.1"
    "vite": "^7.3.1"
  }
 }
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -5,8 +5,8 @@ export const App = () => {
  const { isLoggedIn } = useUserContext();
  if (isLoggedIn) {
-    return <Navigate to="/logout" replace />;
+    return <Navigate to="/logout" />;
  }
-  return <Navigate to="/login" replace />;
+  return <Navigate to="/login" />;
 };
--- a/frontend/src/components/auth/totp-form.tsx
+++ b/frontend/src/components/auth/totp-form.tsx
@@ -14,10 +14,11 @@ import z from "zod";
 interface Props {
  formId: string;
  onSubmit: (code: TotpSchema) => void;
  loading?: boolean;
 }
 export const TotpForm = (props: Props) => {
-  const { formId, onSubmit } = props;
+  const { formId, onSubmit, loading } = props;
  const { t } = useTranslation();
  z.config({
@@ -29,14 +30,6 @@ export const TotpForm = (props: Props) => {
    resolver: zodResolver(totpSchema),
  });
  const handleChange = (value: string) => {
    form.setValue("code", value, { shouldDirty: true, shouldValidate: true });
    if (value.length === 6) {
      onSubmit({ code: value });
    }
  };
  return (
    <Form {...form}>
      <form id={formId} onSubmit={form.handleSubmit(onSubmit)}>
@@ -48,10 +41,9 @@ export const TotpForm = (props: Props) => {
              <FormControl>
                <InputOTP
                  maxLength={6}
                  disabled={loading}
                  {...field}
                  autoComplete="one-time-code"
                  autoFocus
                  onChange={handleChange}
                >
                  <InputOTPGroup>
                    <InputOTPSlot index={0} />
--- a/frontend/src/components/domain-warning/domain-warning.tsx
+++ b/frontend/src/components/domain-warning/domain-warning.tsx
@@ -1,57 +0,0 @@
 import {
  Card,
  CardDescription,
  CardFooter,
  CardHeader,
  CardTitle,
 } from "../ui/card";
 import { Button } from "../ui/button";
 import { Trans, useTranslation } from "react-i18next";
 import { useLocation } from "react-router";
 interface Props {
  onClick: () => void;
  appUrl: string;
  currentUrl: string;
 }
 export const DomainWarning = (props: Props) => {
  const { onClick, appUrl, currentUrl } = props;
  const { t } = useTranslation();
  const { search } = useLocation();
  const searchParams = new URLSearchParams(search);
  const redirectUri = searchParams.get("redirect_uri");
  return (
    <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-3xl">{t("domainWarningTitle")}</CardTitle>
        <CardDescription>
          <Trans
            t={t}
            i18nKey="domainWarningSubtitle"
            values={{ appUrl, currentUrl }}
            components={{ code: <code /> }}
            shouldUnescape={true}
          />
        </CardDescription>
      </CardHeader>
      <CardFooter className="flex flex-col items-stretch gap-2">
        <Button onClick={onClick} variant="warning">
          {t("ignoreTitle")}
        </Button>
        <Button
          onClick={() =>
            window.location.assign(
              `${appUrl}/login?redirect_uri=${encodeURIComponent(redirectUri || "")}`,
            )
          }
          variant="outline"
        >
          {t("goToCorrectDomainTitle")}
        </Button>
      </CardFooter>
    </Card>
  );
 };
--- a/frontend/src/components/icons/generic.tsx
+++ b/frontend/src/components/icons/generic.tsx
@@ -1,6 +1,6 @@
 import type { SVGProps } from "react";
-export function OAuthIcon(props: SVGProps<SVGSVGElement>) {
+export function GenericIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
--- a/frontend/src/components/icons/microsoft.tsx
+++ b/frontend/src/components/icons/microsoft.tsx
@@ -1,18 +0,0 @@
 import type { SVGProps } from "react";
 export function MicrosoftIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      width="2em"
      height="2em"
      viewBox="0 0 256 256"
      {...props}
    >
      <path fill="#f1511b" d="M121.666 121.666H0V0h121.666z"></path>
      <path fill="#80cc28" d="M256 121.666H134.335V0H256z"></path>
      <path fill="#00adef" d="M121.663 256.002H0V134.336h121.663z"></path>
      <path fill="#fbbc09" d="M256 256.002H134.335V134.336H256z"></path>
    </svg>
  );
 }
--- a/frontend/src/components/icons/pocket-id.tsx
+++ b/frontend/src/components/icons/pocket-id.tsx
@@ -1,20 +0,0 @@
 import type { SVGProps } from "react";
 export function PocketIDIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      xmlSpace="preserve"
      width={512}
      height={512}
      viewBox="0 0 512 512"
      {...props}
    >
      <circle cx="256" cy="256" r="256" />
      <path
        d="M268.6 102.4c64.4 0 116.8 52.4 116.8 116.7 0 25.3-8 49.4-23 69.6-14.8 19.9-35 34.3-58.4 41.7l-6.5 2-15.5-76.2 4.3-2c14-6.7 23-21.1 23-36.6 0-22.4-18.2-40.6-40.6-40.6S228 195.2 228 217.6c0 15.5 9 29.8 23 36.6l4.2 2-25 153.4h-69.5V102.4z"
        className="fill-white"
      />
    </svg>
  );
 }
--- a/frontend/src/components/icons/tailscale.tsx
+++ b/frontend/src/components/icons/tailscale.tsx
@@ -1,26 +0,0 @@
 import type { SVGProps } from "react";
 export function TailscaleIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      xmlSpace="preserve"
      width={512}
      height={512}
      viewBox="0 0 512 512"
      {...props}
    >
      <path
        className="opacity-80"
        fill="currentColor"
        d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9m191.6 0c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m189.2-193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
      />
      <path
        d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512m191.6-384.3c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
        className="opacity-20"
        fill="currentColor"
      />
    </svg>
  );
 }
--- a/frontend/src/components/language/language.tsx
+++ b/frontend/src/components/language/language.tsx
@@ -18,10 +18,9 @@ export const LanguageSelector = () => {
    setLanguage(option as SupportedLanguage);
    i18n.changeLanguage(option as SupportedLanguage);
  };
  return (
    <Select onValueChange={handleSelect} value={language}>
-      <SelectTrigger>
+      <SelectTrigger className="absolute top-5 right-5">
        <SelectValue placeholder="Select language" />
      </SelectTrigger>
      <SelectContent>
--- a/frontend/src/components/layout/layout.tsx
+++ b/frontend/src/components/layout/layout.tsx
@@ -1,16 +1,9 @@
 import { useAppContext } from "@/context/app-context";
 import { LanguageSelector } from "../language/language";
 import { Outlet } from "react-router";
 import { useCallback, useEffect, useState } from "react";
 import { DomainWarning } from "../domain-warning/domain-warning";
 import { ThemeToggle } from "../theme-toggle/theme-toggle";
-const BaseLayout = ({ children }: { children: React.ReactNode }) => {
+export const Layout = () => {
-  const { backgroundImage, title } = useAppContext();
+  const { backgroundImage } = useAppContext();
  useEffect(() => {
    document.title = title;
  }, [title]);
  return (
    <div
@@ -21,42 +14,8 @@ const BaseLayout = ({ children }: { children: React.ReactNode }) => {
        backgroundPosition: "center",
      }}
    >
-      <div className="absolute top-5 right-5 flex flex-row gap-2">
+      <LanguageSelector />
-        <ThemeToggle />
+      <Outlet />
        <LanguageSelector />
      </div>
      {children}
    </div>
  );
 };
 export const Layout = () => {
  const { appUrl, disableUiWarnings } = useAppContext();
  const [ignoreDomainWarning, setIgnoreDomainWarning] = useState(() => {
    return window.sessionStorage.getItem("ignoreDomainWarning") === "true";
  });
  const currentUrl = window.location.origin;
  const handleIgnore = useCallback(() => {
    window.sessionStorage.setItem("ignoreDomainWarning", "true");
    setIgnoreDomainWarning(true);
  }, [setIgnoreDomainWarning]);
  if (!ignoreDomainWarning && !disableUiWarnings && appUrl !== currentUrl) {
    return (
      <BaseLayout>
        <DomainWarning
          appUrl={appUrl}
          currentUrl={currentUrl}
          onClick={() => handleIgnore()}
        />
      </BaseLayout>
    );
  }
  return (
    <BaseLayout>
      <Outlet />
    </BaseLayout>
  );
 };
--- a/frontend/src/components/providers/theme-provider.tsx
+++ b/frontend/src/components/providers/theme-provider.tsx
@@ -1,73 +0,0 @@
 import { createContext, useContext, useEffect, useState } from "react";
 type Theme = "dark" | "light" | "system";
 type ThemeProviderProps = {
  children: React.ReactNode;
  defaultTheme?: Theme;
  storageKey?: string;
 };
 type ThemeProviderState = {
  theme: Theme;
  setTheme: (theme: Theme) => void;
 };
 const initialState: ThemeProviderState = {
  theme: "system",
  setTheme: () => null,
 };
 const ThemeProviderContext = createContext<ThemeProviderState>(initialState);
 export function ThemeProvider({
  children,
  defaultTheme = "system",
  storageKey = "vite-ui-theme",
  ...props
 }: ThemeProviderProps) {
  const [theme, setTheme] = useState<Theme>(
    () => (localStorage.getItem(storageKey) as Theme) || defaultTheme,
  );
  useEffect(() => {
    const root = window.document.documentElement;
    root.classList.remove("light", "dark");
    if (theme === "system") {
      const systemTheme = window.matchMedia("(prefers-color-scheme: dark)")
        .matches
        ? "dark"
        : "light";
      root.classList.add(systemTheme);
      return;
    }
    root.classList.add(theme);
  }, [theme]);
  const value = {
    theme,
    setTheme: (theme: Theme) => {
      localStorage.setItem(storageKey, theme);
      setTheme(theme);
    },
  };
  return (
    <ThemeProviderContext.Provider {...props} value={value}>
      {children}
    </ThemeProviderContext.Provider>
  );
 }
 export const useTheme = () => {
  const context = useContext(ThemeProviderContext);
  if (context === undefined)
    throw new Error("useTheme must be used within a ThemeProvider");
  return context;
 };
--- a/frontend/src/components/theme-toggle/theme-toggle.tsx
+++ b/frontend/src/components/theme-toggle/theme-toggle.tsx
@@ -1,40 +0,0 @@
 import { Moon, Sun } from "lucide-react";
 import { Button } from "@/components/ui/button";
 import {
  DropdownMenu,
  DropdownMenuContent,
  DropdownMenuItem,
  DropdownMenuTrigger,
 } from "@/components/ui/dropdown-menu";
 import { useTheme } from "@/components/providers/theme-provider";
 export function ThemeToggle() {
  const { setTheme } = useTheme();
  return (
    <DropdownMenu>
      <DropdownMenuTrigger asChild>
        <Button
          className="bg-card text-card-foreground hover:bg-card/90"
          size="icon"
        >
          <Sun className="h-[1.2rem] w-[1.2rem] scale-100 rotate-0 transition-all dark:scale-0 dark:-rotate-90" />
          <Moon className="absolute h-[1.2rem] w-[1.2rem] scale-0 rotate-90 transition-all dark:scale-100 dark:rotate-0" />
          <span className="sr-only">Toggle theme</span>
        </Button>
      </DropdownMenuTrigger>
      <DropdownMenuContent align="end">
        <DropdownMenuItem onClick={() => setTheme("light")}>
          Light
        </DropdownMenuItem>
        <DropdownMenuItem onClick={() => setTheme("dark")}>
          Dark
        </DropdownMenuItem>
        <DropdownMenuItem onClick={() => setTheme("system")}>
          System
        </DropdownMenuItem>
      </DropdownMenuContent>
    </DropdownMenu>
  );
 }
--- a/frontend/src/components/ui/button.tsx
+++ b/frontend/src/components/ui/button.tsx
@@ -6,7 +6,7 @@ import { cn } from "@/lib/utils";
 import { Loader2 } from "lucide-react";
 const buttonVariants = cva(
-  "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive hover:cursor-pointer",
+  "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive",
  {
    variants: {
      variant: {
@@ -22,7 +22,7 @@ const buttonVariants = cva(
          "hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50",
        link: "text-primary underline-offset-4 hover:underline",
        warning:
-          "bg-amber-500 text-white shadow-xs hover:bg-amber-400 focus-visible:ring-amber-200/20 dark:focus-visible:ring-amber-400/40",
+          "bg-amber-500 text-white shadow-xs hover:bg-amber-400 focus-visible:ring-amber-200/20 dark:focus-visible:ring-amber-400/40 dark:bg-amber-600",
      },
      size: {
        default: "h-9 px-4 py-2 has-[>svg]:px-3",
--- a/frontend/src/components/ui/dropdown-menu.tsx
+++ b/frontend/src/components/ui/dropdown-menu.tsx
@@ -1,255 +0,0 @@
 import * as React from "react"
 import * as DropdownMenuPrimitive from "@radix-ui/react-dropdown-menu"
 import { CheckIcon, ChevronRightIcon, CircleIcon } from "lucide-react"
 import { cn } from "@/lib/utils"
 function DropdownMenu({
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Root>) {
  return <DropdownMenuPrimitive.Root data-slot="dropdown-menu" {...props} />
 }
 function DropdownMenuPortal({
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Portal>) {
  return (
    <DropdownMenuPrimitive.Portal data-slot="dropdown-menu-portal" {...props} />
  )
 }
 function DropdownMenuTrigger({
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Trigger>) {
  return (
    <DropdownMenuPrimitive.Trigger
      data-slot="dropdown-menu-trigger"
      {...props}
    />
  )
 }
 function DropdownMenuContent({
  className,
  sideOffset = 4,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Content>) {
  return (
    <DropdownMenuPrimitive.Portal>
      <DropdownMenuPrimitive.Content
        data-slot="dropdown-menu-content"
        sideOffset={sideOffset}
        className={cn(
          "bg-popover text-popover-foreground data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 max-h-(--radix-dropdown-menu-content-available-height) min-w-[8rem] origin-(--radix-dropdown-menu-content-transform-origin) overflow-x-hidden overflow-y-auto rounded-md border p-1 shadow-md",
          className
        )}
        {...props}
      />
    </DropdownMenuPrimitive.Portal>
  )
 }
 function DropdownMenuGroup({
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Group>) {
  return (
    <DropdownMenuPrimitive.Group data-slot="dropdown-menu-group" {...props} />
  )
 }
 function DropdownMenuItem({
  className,
  inset,
  variant = "default",
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Item> & {
  inset?: boolean
  variant?: "default" | "destructive"
 }) {
  return (
    <DropdownMenuPrimitive.Item
      data-slot="dropdown-menu-item"
      data-inset={inset}
      data-variant={variant}
      className={cn(
        "focus:bg-accent focus:text-accent-foreground data-[variant=destructive]:text-destructive data-[variant=destructive]:focus:bg-destructive/10 dark:data-[variant=destructive]:focus:bg-destructive/20 data-[variant=destructive]:focus:text-destructive data-[variant=destructive]:*:[svg]:!text-destructive [&_svg:not([class*='text-'])]:text-muted-foreground relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 data-[inset]:pl-8 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
        className
      )}
      {...props}
    />
  )
 }
 function DropdownMenuCheckboxItem({
  className,
  children,
  checked,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.CheckboxItem>) {
  return (
    <DropdownMenuPrimitive.CheckboxItem
      data-slot="dropdown-menu-checkbox-item"
      className={cn(
        "focus:bg-accent focus:text-accent-foreground relative flex cursor-default items-center gap-2 rounded-sm py-1.5 pr-2 pl-8 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
        className
      )}
      checked={checked}
      {...props}
    >
      <span className="pointer-events-none absolute left-2 flex size-3.5 items-center justify-center">
        <DropdownMenuPrimitive.ItemIndicator>
          <CheckIcon className="size-4" />
        </DropdownMenuPrimitive.ItemIndicator>
      </span>
      {children}
    </DropdownMenuPrimitive.CheckboxItem>
  )
 }
 function DropdownMenuRadioGroup({
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.RadioGroup>) {
  return (
    <DropdownMenuPrimitive.RadioGroup
      data-slot="dropdown-menu-radio-group"
      {...props}
    />
  )
 }
 function DropdownMenuRadioItem({
  className,
  children,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.RadioItem>) {
  return (
    <DropdownMenuPrimitive.RadioItem
      data-slot="dropdown-menu-radio-item"
      className={cn(
        "focus:bg-accent focus:text-accent-foreground relative flex cursor-default items-center gap-2 rounded-sm py-1.5 pr-2 pl-8 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
        className
      )}
      {...props}
    >
      <span className="pointer-events-none absolute left-2 flex size-3.5 items-center justify-center">
        <DropdownMenuPrimitive.ItemIndicator>
          <CircleIcon className="size-2 fill-current" />
        </DropdownMenuPrimitive.ItemIndicator>
      </span>
      {children}
    </DropdownMenuPrimitive.RadioItem>
  )
 }
 function DropdownMenuLabel({
  className,
  inset,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Label> & {
  inset?: boolean
 }) {
  return (
    <DropdownMenuPrimitive.Label
      data-slot="dropdown-menu-label"
      data-inset={inset}
      className={cn(
        "px-2 py-1.5 text-sm font-medium data-[inset]:pl-8",
        className
      )}
      {...props}
    />
  )
 }
 function DropdownMenuSeparator({
  className,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Separator>) {
  return (
    <DropdownMenuPrimitive.Separator
      data-slot="dropdown-menu-separator"
      className={cn("bg-border -mx-1 my-1 h-px", className)}
      {...props}
    />
  )
 }
 function DropdownMenuShortcut({
  className,
  ...props
 }: React.ComponentProps<"span">) {
  return (
    <span
      data-slot="dropdown-menu-shortcut"
      className={cn(
        "text-muted-foreground ml-auto text-xs tracking-widest",
        className
      )}
      {...props}
    />
  )
 }
 function DropdownMenuSub({
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.Sub>) {
  return <DropdownMenuPrimitive.Sub data-slot="dropdown-menu-sub" {...props} />
 }
 function DropdownMenuSubTrigger({
  className,
  inset,
  children,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.SubTrigger> & {
  inset?: boolean
 }) {
  return (
    <DropdownMenuPrimitive.SubTrigger
      data-slot="dropdown-menu-sub-trigger"
      data-inset={inset}
      className={cn(
        "focus:bg-accent focus:text-accent-foreground data-[state=open]:bg-accent data-[state=open]:text-accent-foreground [&_svg:not([class*='text-'])]:text-muted-foreground flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[inset]:pl-8 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
        className
      )}
      {...props}
    >
      {children}
      <ChevronRightIcon className="ml-auto size-4" />
    </DropdownMenuPrimitive.SubTrigger>
  )
 }
 function DropdownMenuSubContent({
  className,
  ...props
 }: React.ComponentProps<typeof DropdownMenuPrimitive.SubContent>) {
  return (
    <DropdownMenuPrimitive.SubContent
      data-slot="dropdown-menu-sub-content"
      className={cn(
        "bg-popover text-popover-foreground data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 min-w-[8rem] origin-(--radix-dropdown-menu-content-transform-origin) overflow-hidden rounded-md border p-1 shadow-lg",
        className
      )}
      {...props}
    />
  )
 }
 export {
  DropdownMenu,
  DropdownMenuPortal,
  DropdownMenuTrigger,
  DropdownMenuContent,
  DropdownMenuGroup,
  DropdownMenuLabel,
  DropdownMenuItem,
  DropdownMenuCheckboxItem,
  DropdownMenuRadioGroup,
  DropdownMenuRadioItem,
  DropdownMenuSeparator,
  DropdownMenuShortcut,
  DropdownMenuSub,
  DropdownMenuSubTrigger,
  DropdownMenuSubContent,
 }
--- a/frontend/src/components/ui/select.tsx
+++ b/frontend/src/components/ui/select.tsx
@@ -35,7 +35,7 @@ function SelectTrigger({
      data-slot="select-trigger"
      data-size={size}
      className={cn(
-        "hover:cursor-pointer border-input data-[placeholder]:text-card-foreground [&_svg:not([class*='text-'])]:text-card-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive flex w-fit items-center justify-between gap-2 rounded-md border bg-card hover:bg-card/90 px-3 py-2 text-sm whitespace-nowrap shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50 data-[size=default]:h-9 data-[size=sm]:h-8 *:data-[slot=select-value]:line-clamp-1 *:data-[slot=select-value]:flex *:data-[slot=select-value]:items-center *:data-[slot=select-value]:gap-2 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
+        "border-input data-[placeholder]:text-muted-foreground [&_svg:not([class*='text-'])]:text-muted-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive dark:bg-card dark:hover:bg-card/90 flex w-fit items-center justify-between gap-2 rounded-md border bg-card hover:bg-card/90 px-3 py-2 text-sm whitespace-nowrap shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50 data-[size=default]:h-9 data-[size=sm]:h-8 *:data-[slot=select-value]:line-clamp-1 *:data-[slot=select-value]:flex *:data-[slot=select-value]:items-center *:data-[slot=select-value]:gap-2 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
        className,
      )}
      {...props}
--- a/frontend/src/components/ui/sonner.tsx
+++ b/frontend/src/components/ui/sonner.tsx
@@ -1,8 +1,8 @@
-import { useTheme } from "../providers/theme-provider";
+import { useTheme } from "next-themes";
 import { Toaster as Sonner, ToasterProps } from "sonner";
 const Toaster = ({ ...props }: ToasterProps) => {
-  const { theme } = useTheme();
+  const { theme = "system" } = useTheme();
  return (
    <Sonner
--- a/frontend/src/index.css
+++ b/frontend/src/index.css
@@ -156,11 +156,7 @@ ul {
 }
 code {
-  @apply relative rounded bg-muted px-[0.2rem] py-[0.1rem] font-mono text-sm font-semibold break-all;
+  @apply relative rounded bg-muted px-[0.2rem] py-[0.1rem] font-mono text-sm font-semibold;
 }
 pre {
  @apply bg-accent border border-border rounded-md p-2 whitespace-break-spaces;
 }
 .lead {
--- a/frontend/src/lib/hooks/oidc.ts
+++ b/frontend/src/lib/hooks/oidc.ts
@@ -1,53 +0,0 @@
 export type OIDCValues = {
  scope: string;
  response_type: string;
  client_id: string;
  redirect_uri: string;
  state: string;
 };
 interface IuseOIDCParams {
  values: OIDCValues;
  compiled: string;
  isOidc: boolean;
  missingParams: string[];
 }
 const optionalParams: string[] = ["state"];
 export function useOIDCParams(params: URLSearchParams): IuseOIDCParams {
  let compiled: string = "";
  let isOidc = false;
  const missingParams: string[] = [];
  const values: OIDCValues = {
    scope: params.get("scope") ?? "",
    response_type: params.get("response_type") ?? "",
    client_id: params.get("client_id") ?? "",
    redirect_uri: params.get("redirect_uri") ?? "",
    state: params.get("state") ?? "",
  };
  for (const key of Object.keys(values)) {
    if (!values[key as keyof OIDCValues]) {
      if (!optionalParams.includes(key)) {
        missingParams.push(key);
      }
    }
  }
  if (missingParams.length === 0) {
    isOidc = true;
  }
  if (isOidc) {
    compiled = new URLSearchParams(values).toString();
  }
  return {
    values,
    compiled,
    isOidc,
    missingParams,
  };
 }
--- a/frontend/src/lib/hooks/redirect-uri.ts
+++ b/frontend/src/lib/hooks/redirect-uri.ts
@@ -1,64 +0,0 @@
 type IuseRedirectUri = {
  url?: URL;
  valid: boolean;
  trusted: boolean;
  allowedProto: boolean;
  httpsDowngrade: boolean;
 };
 export const useRedirectUri = (
  redirect_uri: string | null,
  cookieDomain: string,
 ): IuseRedirectUri => {
  let isValid = false;
  let isTrusted = false;
  let isAllowedProto = false;
  let isHttpsDowngrade = false;
  if (!redirect_uri) {
    return {
      valid: isValid,
      trusted: isTrusted,
      allowedProto: isAllowedProto,
      httpsDowngrade: isHttpsDowngrade,
    };
  }
  let url: URL;
  try {
    url = new URL(redirect_uri);
  } catch {
    return {
      valid: isValid,
      trusted: isTrusted,
      allowedProto: isAllowedProto,
      httpsDowngrade: isHttpsDowngrade,
    };
  }
  isValid = true;
  if (
    url.hostname == cookieDomain ||
    url.hostname.endsWith(`.${cookieDomain}`)
  ) {
    isTrusted = true;
  }
  if (url.protocol == "http:" || url.protocol == "https:") {
    isAllowedProto = true;
  }
  if (window.location.protocol == "https:" && url.protocol == "http:") {
    isHttpsDowngrade = true;
  }
  return {
    url,
    valid: isValid,
    trusted: isTrusted,
    allowedProto: isAllowedProto,
    httpsDowngrade: isHttpsDowngrade,
  };
 };
--- a/frontend/src/lib/hooks/use-is-mounted.ts
+++ b/frontend/src/lib/hooks/use-is-mounted.ts
@@ -0,0 +1,15 @@
 import { useCallback, useEffect, useRef } from "react";
 export function useIsMounted(): () => boolean {
  const isMounted = useRef(false);
  useEffect(() => {
    isMounted.current = true;
    return () => {
      isMounted.current = false;
    };
  }, []);
  return useCallback(() => isMounted.current, []);
 }
--- a/frontend/src/lib/i18n/i18n.ts
+++ b/frontend/src/lib/i18n/i18n.ts
@@ -14,11 +14,12 @@ i18n
  .init({
    fallbackLng: "en",
    debug: import.meta.env.MODE === "development",
-    nonExplicitSupportedLngs: true,
+
-    load: "currentOnly",
+    interpolation: {
-    detection: {
+      escapeValue: false,
      lookupLocalStorage: "tinyauth-lang",
    },
    load: "currentOnly",
  });
 export default i18n;
--- a/frontend/src/lib/i18n/locales.ts
+++ b/frontend/src/lib/i18n/locales.ts
@@ -18,8 +18,8 @@ export const languages = {
  "nl-NL": "Nederlands",
  "no-NO": "Norsk",
  "pl-PL": "Polski",
-  "pt-BR": "Português (Brasil)",
+  "pt-BR": "Português",
-  "pt-PT": "Português (Portugal)",
+  "pt-PT": "Português",
  "ro-RO": "Română",
  "ru-RU": "Русский",
  "sr-SP": "Српски",
@@ -28,7 +28,7 @@ export const languages = {
  "uk-UA": "Українська",
  "vi-VN": "Tiếng Việt",
  "zh-CN": "简体中文",
-  "zh-TW": "繁體中文",
+  "zh-TW": "繁體中文（台灣）",
 };
 export type SupportedLanguage = keyof typeof languages;
--- a/frontend/src/lib/i18n/locales/af-ZA.json
+++ b/frontend/src/lib/i18n/locales/af-ZA.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/ar-SA.json
+++ b/frontend/src/lib/i18n/locales/ar-SA.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "أخفق الحصول على رابط OAuth",
    "loginOauthSuccessTitle": "إعادة توجيه",
    "loginOauthSuccessSubtitle": "إعادة توجيه إلى مزود OAuth الخاص بك",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "متابعة",
    "continueRedirectingTitle": "إعادة توجيه...",
    "continueRedirectingSubtitle": "يجب إعادة توجيهك إلى التطبيق قريبا",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "إعادة توجيه غير صالحة",
    "continueInvalidRedirectSubtitle": "رابط إعادة التوجيه غير صالح",
    "continueInsecureRedirectTitle": "إعادة توجيه غير آمنة",
    "continueInsecureRedirectSubtitle": "أنت تحاول إعادة التوجيه من <code>https</code> إلى <code>http</code>، هل أنت متأكد أنك تريد المتابعة؟",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "متابعة",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "انقر الزر للمتابعة إلى التطبيق الخاص بك.",
    "logoutFailTitle": "فشل تسجيل الخروج",
    "logoutFailSubtitle": "يرجى إعادة المحاولة",
    "logoutSuccessTitle": "تم تسجيل الخروج",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "حاول مجددا",
    "untrustedRedirectTitle": "إعادة توجيه غير موثوقة",
    "untrustedRedirectSubtitle": "أنت تحاول إعادة التوجيه إلى نطاق لا يتطابق مع النطاق المكون الخاص بك (<code>{{domain}}</code>). هل أنت متأكد من أنك تريد المتابعة؟",
    "cancelTitle": "إلغاء",
    "forgotPasswordTitle": "نسيت كلمة المرور؟",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "حدث خطأ",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "تجاهل",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/ca-ES.json
+++ b/frontend/src/lib/i18n/locales/ca-ES.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/cs-CZ.json
+++ b/frontend/src/lib/i18n/locales/cs-CZ.json
@@ -1,81 +1,57 @@
 {
-    "loginTitle": "Vítejte zpět, přihlaste se pomocí",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Vítejte zpět, přihlaste se prosím",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Nebo",
+    "loginDivider": "Or",
-    "loginUsername": "Uživatelské jméno",
+    "loginUsername": "Username",
-    "loginPassword": "Heslo",
+    "loginPassword": "Password",
-    "loginSubmit": "Přihlásit",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Přihlášení se nezdařilo",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Zkontrolujte prosím své uživatelské jméno a heslo",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Přiliš mnoho neúspěšných pokusů přihlášení. Zkuste to prosím později",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Přihlášen",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Vítejte zpět!",
+    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "Došlo k chybě",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Nepodařilo se získat OAuth URL",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Přesměrování",
+    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Přesměrování k poskytovateli OAuth",
+    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "Automatické přesměrování OAuth",
+    "continueRedirectingTitle": "Redirecting...",
-    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueTitle": "Pokračovat",
+    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueRedirectingTitle": "Přesměrování...",
+    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueRedirectingSubtitle": "Brzy budete přesměrováni do aplikace",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueRedirectManually": "Redirect me manually",
+    "continueTitle": "Continue",
-    "continueInsecureRedirectTitle": "Nezabezpečené přesměrování",
+    "continueSubtitle": "Click the button to continue to your app.",
-    "continueInsecureRedirectSubtitle": "Pokoušíte se přesměrovat z <code>https</code> na <code>http</code>, které není bezpečné. Opravdu chcete pokračovat?",
+    "logoutFailTitle": "Failed to log out",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "logoutFailSubtitle": "Please try again",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "logoutSuccessTitle": "Logged out",
-    "logoutFailTitle": "Odhlášení se nezdařilo",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutFailSubtitle": "Zkuste to prosím znovu",
+    "logoutTitle": "Logout",
-    "logoutSuccessTitle": "Odhlášen",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutSuccessSubtitle": "Byl jste odhlášen",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
-    "logoutTitle": "Odhlásit",
+    "notFoundTitle": "Page not found",
-    "logoutUsernameSubtitle": "Jste přihlášen jako <code>{{username}}</code>. Pro odhlášení klikněte na tlačítko níže.",
+    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "logoutOauthSubtitle": "Jste přihlášen jako <code>{{username}}</code> pomocí {{provider}} poskytovatele OAuth. Pro odhlášení klikněte na tlačítko níže.",
+    "notFoundButton": "Go home",
-    "notFoundTitle": "Stránka nenalezena",
+    "totpFailTitle": "Failed to verify code",
-    "notFoundSubtitle": "Stránka, kterou hledáte, neexistuje.",
+    "totpFailSubtitle": "Please check your code and try again",
-    "notFoundButton": "Jít domů",
+    "totpSuccessTitle": "Verified",
-    "totpFailTitle": "Nepodařilo se ověřit kód",
+    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpFailSubtitle": "Zkontrolujte prosím kód a zkuste to znovu",
+    "totpTitle": "Enter your TOTP code",
-    "totpSuccessTitle": "Ověřeno",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "totpSuccessSubtitle": "Přesměrování do aplikace",
+    "unauthorizedTitle": "Unauthorized",
-    "totpTitle": "Zadejte TOTP kód",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "totpSubtitle": "Zadejte prosím kód z ověřovací aplikace.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedTitle": "Nepovoleno",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedResourceSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není oprávněn k přístupu ke zdroji <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není oprávněn k přihlášení.",
+    "unauthorizedButton": "Try again",
-    "unauthorizedGroupsSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není ve skupině potřebné k přístupu ke zdroji <code>{{resource}}</code>.",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "unauthorizedIpSubtitle": "Vaše IP adresa <code>{{ip}}</code> není oprávněna k přístupu ke zdroji <code>{{resource}}</code>.",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "unauthorizedButton": "Zkusit znovu",
+    "cancelTitle": "Cancel",
-    "cancelTitle": "Zrušit",
+    "forgotPasswordTitle": "Forgot your password?",
-    "forgotPasswordTitle": "Zapomněli jste heslo?",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "failedToFetchProvidersTitle": "Nepodařilo se načíst poskytovatele ověřování. Zkontrolujte prosím konfiguraci.",
+    "errorTitle": "An error occurred",
-    "errorTitle": "Došlo k chybě",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "errorSubtitle": "Nastala chyba při pokusu o provedení této akce. Pro více informací prosím zkontrolujte konzolu.",
+    "fieldRequired": "This field is required",
-    "forgotPasswordMessage": "Heslo můžete obnovit změnou proměnné `USERS`.",
+    "invalidInput": "Invalid input"
    "fieldRequired": "Toto pole je povinné",
    "invalidInput": "Neplatný údaj",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/da-DK.json
+++ b/frontend/src/lib/i18n/locales/da-DK.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Kunne ikke hente OAuth-URL",
    "loginOauthSuccessTitle": "Omdirigerer",
    "loginOauthSuccessSubtitle": "Omdirigerer til din OAuth-udbyder",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Fortsæt",
    "continueRedirectingTitle": "Omdirigerer...",
    "continueRedirectingSubtitle": "Du bør blive omdirigeret til appen snart",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Ugyldig omdirigering",
    "continueInvalidRedirectSubtitle": "Omdirigerings-URL'en er ugyldig",
    "continueInsecureRedirectTitle": "Usikker omdirigering",
    "continueInsecureRedirectSubtitle": "Du forsøger at omdirigere fra <code>https</code> til <code>http</code>, som ikke er sikker. Er du sikker på, at du vil fortsætte?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Fortsæt",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Klik på knappen for at fortsætte til din app.",
    "logoutFailTitle": "Log ud mislykkedes",
    "logoutFailSubtitle": "Prøv venligst igen",
    "logoutSuccessTitle": "Logget ud",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "Brugeren med brugernavnet <code>{{username}}</code> er ikke i de grupper, som ressourcen <code>{{resource}}</code> kræver.",
    "unauthorizedIpSubtitle": "Din IP adresse <code>{{ip}}</code> er ikke autoriseret til at tilgå ressourcen <code>{{resource}}</code>.",
    "unauthorizedButton": "Prøv igen",
    "untrustedRedirectTitle": "Usikker omdirigering",
    "untrustedRedirectSubtitle": "Du forsøger at omdirigere til et domæne, der ikke matcher dit konfigurerede domæne (<code>{{domain}}</code>). Er du sikker på, at du vil fortsætte?",
    "cancelTitle": "Annuller",
    "forgotPasswordTitle": "Glemt din adgangskode?",
    "failedToFetchProvidersTitle": "Kunne ikke indlæse godkendelsesudbydere. Tjek venligst din konfiguration.",
    "errorTitle": "Der opstod en fejl",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "Der opstod en fejl under forsøget på at udføre denne handling. Tjek venligst konsollen for mere information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/de-DE.json
+++ b/frontend/src/lib/i18n/locales/de-DE.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Fehler beim Abrufen der OAuth-URL",
    "loginOauthSuccessTitle": "Leite weiter",
    "loginOauthSuccessSubtitle": "Weiterleitung zu Ihrem OAuth-Provider",
    "loginOauthAutoRedirectTitle": "Automatische OAuth-Weiterleitung",
    "loginOauthAutoRedirectSubtitle": "Sie werden automatisch zu Ihrem OAuth-Anbieter weitergeleitet, um sich zu authentifizieren.",
    "loginOauthAutoRedirectButton": "Jetzt weiterleiten",
    "continueTitle": "Weiter",
    "continueRedirectingTitle": "Leite weiter...",
    "continueRedirectingSubtitle": "Sie sollten in Kürze zur App weitergeleitet werden",
-    "continueRedirectManually": "Manuell weiterleiten",
+    "continueInvalidRedirectTitle": "Ungültige Weiterleitung",
    "continueInvalidRedirectSubtitle": "Die Weiterleitungs-URL ist ungültig",
    "continueInsecureRedirectTitle": "Unsichere Weiterleitung",
    "continueInsecureRedirectSubtitle": "Sie versuchen von <code>https</code> auf <code>http</code> weiterzuleiten, was unsicher ist. Sind Sie sicher, dass Sie fortfahren möchten?",
-    "continueUntrustedRedirectTitle": "Nicht vertrauenswürdige Weiterleitung",
+    "continueTitle": "Weiter",
-    "continueUntrustedRedirectSubtitle": "Sie versuchen auf eine Domain umzuleiten, die nicht mit Ihrer konfigurierten Domain übereinstimmt (<code>{{cookieDomain}}</code>). Sind Sie sicher, dass Sie fortfahren möchten?",
+    "continueSubtitle": "Klicken Sie auf den Button, um zur App zu gelangen.",
    "logoutFailTitle": "Abmelden fehlgeschlagen",
    "logoutFailSubtitle": "Bitte versuchen Sie es erneut",
    "logoutSuccessTitle": "Abgemeldet",
@@ -34,7 +31,7 @@
    "logoutOauthSubtitle": "Sie sind derzeit als <code>{{username}}</code> über den OAuth-Anbieter {{provider}} angemeldet. Klicken Sie auf den Button unten, um sich abzumelden.",
    "notFoundTitle": "Seite nicht gefunden",
    "notFoundSubtitle": "Die gesuchte Seite existiert nicht.",
-    "notFoundButton": "Zurück",
+    "notFoundButton": "Nach Hause",
    "totpFailTitle": "Fehler beim Verifizieren des Codes",
    "totpFailSubtitle": "Bitte überprüfen Sie Ihren Code und versuchen Sie es erneut",
    "totpSuccessTitle": "Verifiziert",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "Der Benutzer mit Benutzername <code>{{username}}</code> ist nicht in den Gruppen, die von der Ressource <code>{{resource}}</code> benötigt werden.",
    "unauthorizedIpSubtitle": "Ihre IP-Adresse <code>{{ip}}</code> ist nicht berechtigt, auf die Ressource <code>{{resource}}</code> zuzugreifen.",
    "unauthorizedButton": "Erneut versuchen",
    "untrustedRedirectTitle": "Nicht vertrauenswürdige Weiterleitung",
    "untrustedRedirectSubtitle": "Sie versuchen auf eine Domain umzuleiten, die nicht mit Ihrer konfigurierten Domain übereinstimmt (<code>{{domain}}</code>). Sind Sie sicher, dass Sie fortfahren möchten?",
    "cancelTitle": "Abbrechen",
    "forgotPasswordTitle": "Passwort vergessen?",
    "failedToFetchProvidersTitle": "Fehler beim Laden der Authentifizierungsanbieter. Bitte überprüfen Sie Ihre Konfiguration.",
    "errorTitle": "Ein Fehler ist aufgetreten",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "Beim Versuch, diese Aktion auszuführen, ist ein Fehler aufgetreten. Bitte überprüfen Sie die Konsole für weitere Informationen.",
-    "forgotPasswordMessage": "Das Passwort kann durch Änderung der 'USERS' Variable zurückgesetzt werden.",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Dieses Feld ist notwendig",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Ungültige Eingabe",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Ungültige Domain",
    "domainWarningSubtitle": "Diese Instanz ist so konfiguriert, dass sie von <code>{{appUrl}}</code> aufgerufen werden kann, aber <code>{{currentUrl}}</code> wird verwendet. Wenn Sie fortfahren, können Probleme bei der Authentifizierung auftreten.",
    "ignoreTitle": "Ignorieren",
    "goToCorrectDomainTitle": "Zur korrekten Domain gehen",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/el-GR.json
+++ b/frontend/src/lib/i18n/locales/el-GR.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Αποτυχία λήψης OAuth URL",
    "loginOauthSuccessTitle": "Ανακατεύθυνση",
    "loginOauthSuccessSubtitle": "Ανακατεύθυνση στον πάροχο OAuth σας",
    "loginOauthAutoRedirectTitle": "Αυτόματη Ανακατεύθυνση OAuth",
    "loginOauthAutoRedirectSubtitle": "Θα ανακατευθυνθείτε αυτόματα στον πάροχο OAuth σας για να επαληθευτείτε.",
    "loginOauthAutoRedirectButton": "Ανακατεύθυνση τώρα",
    "continueTitle": "Συνέχεια",
    "continueRedirectingTitle": "Ανακατεύθυνση...",
    "continueRedirectingSubtitle": "Θα πρέπει να μεταφερθείτε σύντομα στην εφαρμογή σας",
-    "continueRedirectManually": "Χειροκίνητη ανακατεύθυνση",
+    "continueInvalidRedirectTitle": "Μη έγκυρη ανακατεύθυνση",
    "continueInvalidRedirectSubtitle": "Το URL ανακατεύθυνσης δεν είναι έγκυρο",
    "continueInsecureRedirectTitle": "Μη ασφαλής ανακατεύθυνση",
    "continueInsecureRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε από <code>https</code> σε <code>http</code> το οποίο δεν είναι ασφαλές. Είστε σίγουροι ότι θέλετε να συνεχίσετε;",
-    "continueUntrustedRedirectTitle": "Μη έμπιστη ανακατεύθυνση",
+    "continueTitle": "Συνέχεια",
-    "continueUntrustedRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε σε ένα domain που δεν ταιριάζει με το ρυθμισμένο domain σας (<code>{{cookieDomain}}</code>). Είστε βέβαιοι ότι θέλετε να συνεχίσετε;",
+    "continueSubtitle": "Κάντε κλικ στο κουμπί για να συνεχίσετε στην εφαρμογή σας.",
    "logoutFailTitle": "Αποτυχία αποσύνδεσης",
    "logoutFailSubtitle": "Παρακαλώ δοκιμάστε ξανά",
    "logoutSuccessTitle": "Αποσυνδεδεμένος",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "Ο χρήστης με όνομα χρήστη <code>{{username}}</code> δεν είναι στις ομάδες που απαιτούνται από τον πόρο <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Η διεύθυνση IP σας <code>{{ip}}</code> δεν είναι εξουσιοδοτημένη να έχει πρόσβαση στον πόρο <code>{{resource}}</code>.",
    "unauthorizedButton": "Προσπαθήστε ξανά",
    "untrustedRedirectTitle": "Μη έμπιστη ανακατεύθυνση",
    "untrustedRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε σε ένα domain που δεν ταιριάζει με τον ρυθμισμένο domain σας (<code>{{domain}}</code>). Είστε βέβαιοι ότι θέλετε να συνεχίσετε;",
    "cancelTitle": "Ακύρωση",
    "forgotPasswordTitle": "Ξεχάσατε το συνθηματικό σας;",
    "failedToFetchProvidersTitle": "Αποτυχία φόρτωσης παρόχων πιστοποίησης. Παρακαλώ ελέγξτε τις ρυθμίσεις σας.",
    "errorTitle": "Παρουσιάστηκε ένα σφάλμα",
    "errorSubtitleInfo": "Το ακόλουθο σφάλμα προέκυψε κατά την επεξεργασία του αιτήματός σας:",
    "errorSubtitle": "Παρουσιάστηκε σφάλμα κατά την προσπάθεια εκτέλεσης αυτής της ενέργειας. Ελέγξτε την κονσόλα για περισσότερες πληροφορίες.",
    "forgotPasswordMessage": "Μπορείτε να επαναφέρετε τον κωδικό πρόσβασής σας αλλάζοντας τη μεταβλητή περιβάλλοντος `USERS`.",
    "fieldRequired": "Αυτό το πεδίο είναι υποχρεωτικό",
-    "invalidInput": "Μη έγκυρη καταχώρηση",
+    "invalidInput": "Μη έγκυρη καταχώρηση"
    "domainWarningTitle": "Μη έγκυρο domain",
    "domainWarningSubtitle": "Αυτή η εφαρμογή έχει ρυθμιστεί για πρόσβαση από <code>{{appUrl}}</code>, αλλά <code>{{currentUrl}}</code> χρησιμοποιείται. Αν συνεχίσετε, μπορεί να αντιμετωπίσετε προβλήματα με την ταυτοποίηση.",
    "ignoreTitle": "Παράβλεψη",
    "goToCorrectDomainTitle": "Μεταβείτε στο σωστό domain",
    "authorizeTitle": "Εξουσιοδότηση",
    "authorizeCardTitle": "Συνέχεια στην εφαρμογή {{app}};",
    "authorizeSubtitle": "Θα θέλατε να συνεχίσετε σε αυτή την εφαρμογή; Παρακαλώ ελέγξτε προσεκτικά τα δικαιώματα που ζητούνται από την εφαρμογή.",
    "authorizeSubtitleOAuth": "Θα θέλατε να συνεχίσετε σε αυτή την εφαρμογή;",
    "authorizeLoadingTitle": "Φόρτωση...",
    "authorizeLoadingSubtitle": "Παρακαλώ περιμένετε όσο φορτώνουμε τις απαραίτητες πληροφορίες.",
    "authorizeSuccessTitle": "Εξουσιοδοτημένος",
    "authorizeSuccessSubtitle": "Θα μεταφερθείτε στην εφαρμογή σε λίγα δευτερόλεπτα.",
    "authorizeErrorClientInfo": "Παρουσιάστηκε σφάλμα κατά τη φόρτωση των πληροφοριών. Παρακαλώ προσπαθήστε ξανά αργότερα.",
    "authorizeErrorMissingParams": "Οι παρακάτω απαραίτητες πληροφορίες λείπουν από το αίτημά σας: {{missingParams}}",
    "openidScopeName": "Σύνδεση OpenID",
    "openidScopeDescription": "Επιτρέπει στην εφαρμογή την πρόσβαση στις πληροφορίες σύνδεσης OpenID.",
    "emailScopeName": "Διεύθυνση ηλεκτρονικού ταχυδρομείου",
    "emailScopeDescription": "Επιτρέπει στην εφαρμογή να έχει πρόσβαση στη διεύθυνση ηλεκτρονικού ταχυδρομείου σας.",
    "profileScopeName": "Προφίλ",
    "profileScopeDescription": "Επιτρέπει στην εφαρμογή να έχει πρόσβαση στις πληροφορίες του προφίλ σας.",
    "groupsScopeName": "Ομάδες",
    "groupsScopeDescription": "Επιτρέπει στην εφαρμογή την πρόσβαση στις πληροφορίες ομάδας σας."
 }
--- a/frontend/src/lib/i18n/locales/en-US.json
+++ b/frontend/src/lib/i18n/locales/en-US.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check your browser console or the app logs for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/en.json
+++ b/frontend/src/lib/i18n/locales/en.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check your browser console or the app logs for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/es-ES.json
+++ b/frontend/src/lib/i18n/locales/es-ES.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Error al obtener la URL de OAuth",
    "loginOauthSuccessTitle": "Redireccionando",
    "loginOauthSuccessSubtitle": "Redireccionando a tu proveedor de OAuth",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continuar",
    "continueRedirectingTitle": "Redireccionando...",
    "continueRedirectingSubtitle": "Pronto será redirigido a la aplicación",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Redirección inválida",
    "continueInvalidRedirectSubtitle": "La URL de redirección es inválida",
    "continueInsecureRedirectTitle": "Redirección insegura",
    "continueInsecureRedirectSubtitle": "Está intentando redirigir desde <code>https</code> a <code>http</code> lo cual no es seguro. ¿Está seguro que desea continuar?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continuar",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Haga clic en el botón para continuar hacia su aplicación.",
    "logoutFailTitle": "Fallo al cerrar sesión",
    "logoutFailSubtitle": "Por favor intente nuevamente",
    "logoutSuccessTitle": "Sesión cerrada",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "El usuario con nombre de usuario <code>{{username}}</code> no está en los grupos requeridos por el recurso <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Inténtelo de nuevo",
    "untrustedRedirectTitle": "Redirección no confiable",
    "untrustedRedirectSubtitle": "Está intentando redirigir a un dominio que no coincide con su dominio configurado (<code>{{domain}}</code>). ¿Está seguro que desea continuar?",
    "cancelTitle": "Cancelar",
    "forgotPasswordTitle": "¿Olvidó su contraseña?",
    "failedToFetchProvidersTitle": "Error al cargar los proveedores de autenticación. Por favor revise su configuración.",
    "errorTitle": "Ha ocurrido un error",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "Ocurrió un error mientras se trataba de realizar esta acción. Por favor, revise la consola para más información.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/fi-FI.json
+++ b/frontend/src/lib/i18n/locales/fi-FI.json
@@ -1,81 +1,57 @@
 {
-    "loginTitle": "Tervetuloa takaisin, kirjaudu sisään käyttäen",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Tervetuloa takaisin, ole hyvä ja kirjaudu",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Tai",
+    "loginDivider": "Or",
-    "loginUsername": "Käyttäjätunnus",
+    "loginUsername": "Username",
-    "loginPassword": "Salasana",
+    "loginPassword": "Password",
-    "loginSubmit": "Kirjaudu",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Kirjautuminen epäonnistui",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Tarkista käyttäjätunnuksesi ja salasanasi",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Kirjautuminen epäonnistui liian monta kertaa. Yritä myöhemmin uudelleen",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Olet kirjautunut sisään",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Tervetuloa takaisin!",
+    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "Tapahtui virhe",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "OAuthin URL-osoitteen haku epäonnistui",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Uudelleenohjataan",
+    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Uudelleenohjaus OAuth -palveluntarjoajallesi",
+    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "Automaattinen OAuth -uudelleenohjaus",
+    "continueRedirectingTitle": "Redirecting...",
-    "loginOauthAutoRedirectSubtitle": "Sinut ohjataan automaattisesti OAuth -palveluntarjoajallesi todentamista varten.",
+    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "loginOauthAutoRedirectButton": "Siirry nyt",
+    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueTitle": "Jatka",
+    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueRedirectingTitle": "Uudelleenohjataan...",
+    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueRedirectingSubtitle": "Sinun pitäisi ohjautua sovellukseen pian",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueRedirectManually": "Siirrä minut manuaalisesti",
+    "continueTitle": "Continue",
-    "continueInsecureRedirectTitle": "Turvaton uudelleenohjaus",
+    "continueSubtitle": "Click the button to continue to your app.",
-    "continueInsecureRedirectSubtitle": "Yrität siirtyä suojatusta <code>https</code> -sivusta suojaamattomalle <code>http</code> -sivulle. Oletko varma, että haluat jatkaa?",
+    "logoutFailTitle": "Failed to log out",
-    "continueUntrustedRedirectTitle": "Ei-luotettu uudelleenohjaus",
+    "logoutFailSubtitle": "Please try again",
-    "continueUntrustedRedirectSubtitle": "Yrität uudelleenohjata domainiin, joka ei vastaa määritettyä verkkotunnusta (<code>{{cookieDomain}}</code>). Oletko varma, että haluat jatkaa?",
+    "logoutSuccessTitle": "Logged out",
-    "logoutFailTitle": "Uloskirjautuminen epäonnistui",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutFailSubtitle": "Ole hyvä ja yritä uudelleen",
+    "logoutTitle": "Logout",
-    "logoutSuccessTitle": "Kirjauduttu ulos",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutSuccessSubtitle": "Sinut on kirjattu ulos",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
-    "logoutTitle": "Kirjaudu ulos",
+    "notFoundTitle": "Page not found",
-    "logoutUsernameSubtitle": "Olet kirjautuneena sisään tunnuksella <code>{{username}}</code>. Kirjaudu ulos alla olevasta painikkeesta.",
+    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "logoutOauthSubtitle": "Olet kirjautuneena sisään tunnuksella <code>{{username}}</code> OAuth palvelun {{provider}} kautta. Kirjaudu ulos alla olevasta painikkeesta.",
+    "notFoundButton": "Go home",
-    "notFoundTitle": "Sivua ei löydy",
+    "totpFailTitle": "Failed to verify code",
-    "notFoundSubtitle": "Sivua, jota etsit ei ole olemassa.",
+    "totpFailSubtitle": "Please check your code and try again",
-    "notFoundButton": "Palaa kotinäkymään",
+    "totpSuccessTitle": "Verified",
-    "totpFailTitle": "Koodin vahvistus epäonnistui",
+    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpFailSubtitle": "Tarkista koodisi ja yritä uudelleen",
+    "totpTitle": "Enter your TOTP code",
-    "totpSuccessTitle": "Vahvistettu",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "totpSuccessSubtitle": "Uudelleenohjataan sovelluksellesi",
+    "unauthorizedTitle": "Unauthorized",
-    "totpTitle": "Syötä TOTP -koodisi",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "totpSubtitle": "Ole hyvä ja syötä koodi todennussovelluksestasi.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedTitle": "Ei sallittu",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedResourceSubtitle": "Käyttäjällä <code>{{username}}</code> ei ole pääsyä kohteeseen <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Käyttäjällä <code>{{username}}</code> ei ole lupaa kirjautua.",
+    "unauthorizedButton": "Try again",
-    "unauthorizedGroupsSubtitle": "Käyttäjä <code>{{username}}</code> ei ole ryhmässä, joka vaaditaan pääsyyn kohteeseen <code>{{resource}}</code>.",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "unauthorizedIpSubtitle": "IP osoitteestasi <code>{{ip}}</code> ei ole pääsyä kohteeseen <code>{{resource}}</code>.",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "unauthorizedButton": "Yritä uudelleen",
+    "cancelTitle": "Cancel",
-    "cancelTitle": "Peruuta",
+    "forgotPasswordTitle": "Forgot your password?",
-    "forgotPasswordTitle": "Unohditko salasanasi?",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "failedToFetchProvidersTitle": "Todennuspalvelujen tarjoajien lataaminen epäonnistui. Tarkista määrityksesi.",
+    "errorTitle": "An error occurred",
-    "errorTitle": "Tapahtui virhe",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "errorSubtitle": "Tapahtui virhe yritettäessä suorittaa tämä toiminto. Ole hyvä ja tarkista konsoli saadaksesi lisätietoja.",
+    "fieldRequired": "This field is required",
-    "forgotPasswordMessage": "Voit nollata salasanasi vaihtamalla ympäristömuuttujan `USERS`.",
+    "invalidInput": "Invalid input"
    "fieldRequired": "Tämä kenttä on pakollinen",
    "invalidInput": "Virheellinen syöte",
    "domainWarningTitle": "Virheellinen verkkotunnus",
    "domainWarningSubtitle": "Tämä instanssi on määritelty käyttämään osoitetta <code>{{appUrl}}</code>, mutta nykyinen osoite on <code>{{currentUrl}}</code>. Jos jatkat, saatat törmätä ongelmiin autentikoinnissa.",
    "ignoreTitle": "Jätä huomiotta",
    "goToCorrectDomainTitle": "Siirry oikeaan verkkotunnukseen",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/fr-FR.json
+++ b/frontend/src/lib/i18n/locales/fr-FR.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Impossible d'obtenir l'URL OAuth",
    "loginOauthSuccessTitle": "Redirection",
    "loginOauthSuccessSubtitle": "Redirection vers votre fournisseur OAuth",
    "loginOauthAutoRedirectTitle": "Redirection automatique OAuth",
    "loginOauthAutoRedirectSubtitle": "Vous allez être automatiquement redirigé vers votre fournisseur OAuth pour vous authentifier.",
    "loginOauthAutoRedirectButton": "Rediriger",
    "continueTitle": "Continuer",
    "continueRedirectingTitle": "Redirection...",
    "continueRedirectingSubtitle": "Vous devriez être redirigé vers l'application bientôt",
-    "continueRedirectManually": "Redirection manuelle",
+    "continueInvalidRedirectTitle": "Redirection invalide",
    "continueInvalidRedirectSubtitle": "L'URL de redirection est invalide",
    "continueInsecureRedirectTitle": "Redirection non sécurisée",
    "continueInsecureRedirectSubtitle": "Vous tentez de rediriger de <code>https</code> vers <code>http</code>, ce qui n'est pas sécurisé. Êtes-vous sûr de vouloir continuer ?",
-    "continueUntrustedRedirectTitle": "Redirection non sécurisée",
+    "continueTitle": "Continuer",
-    "continueUntrustedRedirectSubtitle": "Vous essayez de rediriger vers un domaine qui ne correspond pas à votre domaine configuré (<code>{{cookieDomain}}</code>). Êtes-vous sûr de vouloir continuer ?",
+    "continueSubtitle": "Cliquez sur le bouton pour continuer vers votre application.",
    "logoutFailTitle": "Échec de la déconnexion",
    "logoutFailSubtitle": "Veuillez réessayer",
    "logoutSuccessTitle": "Déconnecté",
@@ -41,41 +38,20 @@
    "totpSuccessSubtitle": "Redirection vers votre application",
    "totpTitle": "Saisissez votre code TOTP",
    "totpSubtitle": "Veuillez saisir le code de votre application d'authentification.",
-    "unauthorizedTitle": "Non autorisé",
+    "unauthorizedTitle": "Unauthorized",
    "unauthorizedResourceSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'est pas autorisé à accéder à la ressource <code>{{resource}}</code>.",
    "unauthorizedLoginSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'est pas autorisé à se connecter.",
    "unauthorizedGroupsSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'appartient pas aux groupes requis par la ressource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Votre adresse IP <code>{{ip}}</code> n'est pas autorisée à accéder à la ressource <code>{{resource}}</code>.",
    "unauthorizedButton": "Réessayer",
    "untrustedRedirectTitle": "Redirection non fiable",
    "untrustedRedirectSubtitle": "Vous tentez de rediriger vers un domaine qui ne correspond pas à votre domaine configuré (<code>{{domain}}</code>). Êtes-vous sûr de vouloir continuer ?",
    "cancelTitle": "Annuler",
    "forgotPasswordTitle": "Mot de passe oublié ?",
    "failedToFetchProvidersTitle": "Échec du chargement des fournisseurs d'authentification. Veuillez vérifier votre configuration.",
    "errorTitle": "Une erreur est survenue",
    "errorSubtitleInfo": "L'erreur suivante s'est produite lors du traitement de votre requête :",
    "errorSubtitle": "Une erreur est survenue lors de l'exécution de cette action. Veuillez consulter la console pour plus d'informations.",
    "forgotPasswordMessage": "Vous pouvez réinitialiser votre mot de passe en modifiant la variable d'environnement `USERS`.",
-    "fieldRequired": "Ce champ est obligatoire",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Saisie non valide",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Domaine invalide",
    "domainWarningSubtitle": "Cette instance est configurée pour être accédée depuis <code>{{appUrl}}</code>, mais <code>{{currentUrl}}</code> est utilisé. Si vous continuez, vous pourriez rencontrer des problèmes d'authentification.",
    "ignoreTitle": "Ignorer",
    "goToCorrectDomainTitle": "Aller au bon domaine",
    "authorizeTitle": "Autoriser",
    "authorizeCardTitle": "Continuer vers {{app}} ?",
    "authorizeSubtitle": "Voulez-vous continuer vers cette application ? Veuillez examiner attentivement les autorisations demandées par l'application.",
    "authorizeSubtitleOAuth": "Voulez-vous continuer vers cette application ?",
    "authorizeLoadingTitle": "Chargement...",
    "authorizeLoadingSubtitle": "Veuillez patienter pendant que nous chargeons les informations du client.",
    "authorizeSuccessTitle": "Autorisé",
    "authorizeSuccessSubtitle": "Vous allez être redirigé vers l'application dans quelques secondes.",
    "authorizeErrorClientInfo": "Une erreur est survenue lors du chargement des informations du client. Veuillez réessayer plus tard.",
    "authorizeErrorMissingParams": "Les paramètres suivants sont manquants : {{missingParams}}",
    "openidScopeName": "Connexion OpenID",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Autorise l'application à accéder à votre adresse e-mail.",
    "profileScopeName": "Profil",
    "profileScopeDescription": "Autorise l'application à accéder aux informations de votre profil.",
    "groupsScopeName": "Groupes",
    "groupsScopeDescription": "Autorise une application à accéder aux informations de votre groupe."
 }
--- a/frontend/src/lib/i18n/locales/he-IL.json
+++ b/frontend/src/lib/i18n/locales/he-IL.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/hu-HU.json
+++ b/frontend/src/lib/i18n/locales/hu-HU.json
@@ -1,42 +1,39 @@
 {
    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Üdvözöljük, kérem jelentkezzen be",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Vagy",
+    "loginDivider": "Or",
-    "loginUsername": "Felhasználónév",
+    "loginUsername": "Username",
-    "loginPassword": "Jelszó",
+    "loginPassword": "Password",
-    "loginSubmit": "Bejelentkezés",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Sikertelen bejelentkezés",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Kérjük, ellenőrizze a felhasználónevét és jelszavát",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Túl sokszor próbálkoztál bejelentkezni. Próbáld újra később",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Bejelentkezve",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Üdvözöljük!",
+    "loginSuccessSubtitle": "Welcome back!",
    "loginOauthFailTitle": "An error occurred",
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Átirányítás",
+    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "continueRedirectingTitle": "Redirecting...",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Átirányítás...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
-    "logoutFailTitle": "Sikertelen kijelentkezés",
+    "logoutFailTitle": "Failed to log out",
-    "logoutFailSubtitle": "Próbálja újra",
+    "logoutFailSubtitle": "Please try again",
-    "logoutSuccessTitle": "Kijelentkezve",
+    "logoutSuccessTitle": "Logged out",
-    "logoutSuccessSubtitle": "Kijelentkeztél",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutTitle": "Kijelentkezés",
+    "logoutTitle": "Logout",
    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Page not found",
    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "notFoundButton": "Ugrás a kezdőlapra",
+    "notFoundButton": "Go home",
-    "totpFailTitle": "Érvénytelen kód",
+    "totpFailTitle": "Failed to verify code",
-    "totpFailSubtitle": "Kérjük ellenőrizze a kódot és próbálja újra",
+    "totpFailSubtitle": "Please check your code and try again",
    "totpSuccessTitle": "Verified",
    "totpSuccessSubtitle": "Redirecting to your app",
    "totpTitle": "Enter your TOTP code",
@@ -46,36 +43,15 @@
    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedButton": "Próbálja újra",
+    "unauthorizedButton": "Try again",
-    "cancelTitle": "Mégse",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "forgotPasswordTitle": "Elfelejtette jelszavát?",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "errorTitle": "Hiba történt",
+    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Ez egy kötelező mező",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/it-IT.json
+++ b/frontend/src/lib/i18n/locales/it-IT.json
@@ -1,30 +1,27 @@
 {
-    "loginTitle": "Bentornato, accedi con",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Bentornato, accedi al tuo account",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Oppure",
+    "loginDivider": "Or",
-    "loginUsername": "Nome utente",
+    "loginUsername": "Username",
    "loginPassword": "Password",
-    "loginSubmit": "Accesso",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Accesso non riuscito",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Verifica che il nome utente e la password siano corretti",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Hai effettuato troppi tentativi errati. Riprova più tardi",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Accesso effettuato",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Bentornato!",
+    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "Si è verificato un errore",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Impossibile ottenere l'URL di OAuth",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Prosegui",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -34,48 +31,27 @@
    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Page not found",
    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "notFoundButton": "Vai alla home",
+    "notFoundButton": "Go home",
-    "totpFailTitle": "Errore nella verifica del codice",
+    "totpFailTitle": "Failed to verify code",
-    "totpFailSubtitle": "Si prega di controllare il codice e riprovare",
+    "totpFailSubtitle": "Please check your code and try again",
-    "totpSuccessTitle": "Verificato",
+    "totpSuccessTitle": "Verified",
-    "totpSuccessSubtitle": "Reindirizzamento alla tua app",
+    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpTitle": "Inserisci il tuo codice TOTP",
+    "totpTitle": "Enter your TOTP code",
-    "totpSubtitle": "Inserisci il codice dalla tua app di autenticazione.",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Non Autorizzato",
+    "unauthorizedTitle": "Unauthorized",
-    "unauthorizedResourceSubtitle": "L'utente con username <code>{{username}}</code> non è autorizzato ad accedere alla risorsa <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "L'utente con username <code>{{username}}</code> non è autorizzato a effettuare l'accesso.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "L'utente con nome utente <code>{{username}}</code> non fa parte dei gruppi richiesti dalla risorsa <code>{{resource}}</code>.",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Il tuo indirizzo IP <code>{{ip}}</code> non è autorizzato ad accedere alla risorsa <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedButton": "Riprova",
+    "unauthorizedButton": "Try again",
-    "cancelTitle": "Annulla",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "forgotPasswordTitle": "Password dimenticata?",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "failedToFetchProvidersTitle": "Impossibile caricare i provider di autenticazione. Si prega di controllare la configurazione.",
+    "cancelTitle": "Cancel",
-    "errorTitle": "Si è verificato un errore",
+    "forgotPasswordTitle": "Forgot your password?",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "Puoi reimpostare la tua password modificando la variabile d'ambiente `USERS`.",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Questo campo è obbligatorio",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Input non valido",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Dominio non valido",
    "domainWarningSubtitle": "Questa istanza è configurata per essere accessibile da <code>{{appUrl}}</code>, ma <code>{{currentUrl}}</code> è in uso. Se procedi, potresti incorrere in problemi di autenticazione.",
    "ignoreTitle": "Ignora",
    "goToCorrectDomainTitle": "Vai al dominio corretto",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/ja-JP.json
+++ b/frontend/src/lib/i18n/locales/ja-JP.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/ko-KR.json
+++ b/frontend/src/lib/i18n/locales/ko-KR.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/nl-NL.json
+++ b/frontend/src/lib/i18n/locales/nl-NL.json
@@ -1,37 +1,34 @@
 {
    "loginTitle": "Welkom terug, log in met",
-    "loginTitleSimple": "Welkom terug, log in",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Of",
+    "loginDivider": "Or",
    "loginUsername": "Gebruikersnaam",
    "loginPassword": "Wachtwoord",
    "loginSubmit": "Log in",
    "loginFailTitle": "Mislukt om in te loggen",
    "loginFailSubtitle": "Controleer je gebruikersnaam en wachtwoord",
-    "loginFailRateLimit": "Inloggen is te vaak mislukt. Probeer het later opnieuw",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
    "loginSuccessTitle": "Ingelogd",
    "loginSuccessSubtitle": "Welkom terug!",
-    "loginOauthFailTitle": "Er is een fout opgetreden",
+    "loginOauthFailTitle": "An error occurred",
    "loginOauthFailSubtitle": "Fout bij het ophalen van OAuth URL",
    "loginOauthSuccessTitle": "Omleiden",
    "loginOauthSuccessSubtitle": "Omleiden naar je OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth automatische omleiding",
    "loginOauthAutoRedirectSubtitle": "Je wordt automatisch omgeleid naar je OAuth provider om te authenticeren.",
    "loginOauthAutoRedirectButton": "Nu omleiden",
    "continueTitle": "Ga verder",
    "continueRedirectingTitle": "Omleiden...",
    "continueRedirectingSubtitle": "Je wordt naar de app doorgestuurd",
-    "continueRedirectManually": "Stuur mij handmatig door",
+    "continueInvalidRedirectTitle": "Ongeldige omleiding",
    "continueInvalidRedirectSubtitle": "De omleidings-URL is ongeldig",
    "continueInsecureRedirectTitle": "Onveilige doorverwijzing",
-    "continueInsecureRedirectSubtitle": "Je probeert door te verwijzen van <code>https</code> naar <code>http</code> die niet veilig is. Weet je zeker dat je wilt doorgaan?",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Niet-vertrouwde doorverwijzing",
+    "continueTitle": "Ga verder",
-    "continueUntrustedRedirectSubtitle": "Je probeert door te sturen naar een domein dat niet overeenkomt met je geconfigureerde domein (<code>{{cookieDomain}}</code>). Weet je zeker dat je wilt doorgaan?",
+    "continueSubtitle": "Klik op de knop om door te gaan naar de app.",
    "logoutFailTitle": "Afmelden mislukt",
    "logoutFailSubtitle": "Probeer het opnieuw",
    "logoutSuccessTitle": "Afgemeld",
    "logoutSuccessSubtitle": "Je bent afgemeld",
    "logoutTitle": "Afmelden",
-    "logoutUsernameSubtitle": "Je bent momenteel ingelogd als <code>{{username}}</code>. Klik op de onderstaande knop om uit te loggen.",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutOauthSubtitle": "Je bent momenteel ingelogd als <code>{{username}}</code> met behulp van de {{provider}} OAuth provider. Klik op de onderstaande knop om uit te loggen.",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Pagina niet gevonden",
    "notFoundSubtitle": "De pagina die je zoekt bestaat niet.",
    "notFoundButton": "Naar startpagina",
@@ -40,42 +37,21 @@
    "totpSuccessTitle": "Geverifiëerd",
    "totpSuccessSubtitle": "Omleiden naar je app",
    "totpTitle": "Voer je TOTP-code in",
-    "totpSubtitle": "Voer de code van je authenticator-app in.",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
    "unauthorizedTitle": "Ongeautoriseerd",
-    "unauthorizedResourceSubtitle": "De gebruiker met gebruikersnaam <code>{{username}}</code> is niet gemachtigd om de bron <code>{{resource}}</code> te gebruiken.",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "De gebruiker met gebruikersnaam <code>{{username}}</code> is niet gemachtigd om in te loggen.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "De gebruiker met gebruikersnaam <code>{{username}}</code> maakt geen deel uit van de groepen die vereist zijn door de bron <code>{{resource}}</code>.",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Jouw IP-adres <code>{{ip}}</code> is niet gemachtigd om de bron <code>{{resource}}</code> te gebruiken.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Opnieuw proberen",
-    "cancelTitle": "Annuleren",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "forgotPasswordTitle": "Wachtwoord vergeten?",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "failedToFetchProvidersTitle": "Fout bij het laden van de authenticatie-providers. Controleer je configuratie.",
+    "cancelTitle": "Cancel",
-    "errorTitle": "Er is een fout opgetreden",
+    "forgotPasswordTitle": "Forgot your password?",
-    "errorSubtitleInfo": "De volgende fout is opgetreden bij het verwerken van het verzoek:",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "Je kunt je wachtwoord opnieuw instellen door de `USERS` omgevingsvariabele te wijzigen.",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Dit veld is verplicht",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Ongeldige invoer",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Ongeldig domein",
    "domainWarningSubtitle": "Deze instantie is geconfigureerd voor toegang tot <code>{{appUrl}}</code>, maar <code>{{currentUrl}}</code> wordt gebruikt. Als je doorgaat, kun je problemen ondervinden met authenticatie.",
    "ignoreTitle": "Negeren",
    "goToCorrectDomainTitle": "Ga naar het juiste domein",
    "authorizeTitle": "Autoriseren",
    "authorizeCardTitle": "Doorgaan naar {{app}}?",
    "authorizeSubtitle": "Doorgaan naar deze app? Controleer de machtigingen die door de app worden gevraagd.",
    "authorizeSubtitleOAuth": "Doorgaan naar deze app?",
    "authorizeLoadingTitle": "Laden...",
    "authorizeLoadingSubtitle": "Even geduld bij het laden van de cliëntinformatie.",
    "authorizeSuccessTitle": "Geautoriseerd",
    "authorizeSuccessSubtitle": "Je wordt binnen enkele seconden doorgestuurd naar de app.",
    "authorizeErrorClientInfo": "Er is een fout opgetreden tijdens het laden van de cliëntinformatie. Probeer het later opnieuw.",
    "authorizeErrorMissingParams": "De volgende parameters ontbreken: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Hiermee kan de app toegang krijgen tot jouw OpenID Connect-informatie.",
    "emailScopeName": "E-mail",
    "emailScopeDescription": "Hiermee kan de app toegang krijgen tot jouw e-mailadres.",
    "profileScopeName": "Profiel",
    "profileScopeDescription": "Hiermee kan de app toegang krijgen tot je profielinformatie.",
    "groupsScopeName": "Groepen",
    "groupsScopeDescription": "Hiermee kan de app toegang krijgen tot jouw groepsinformatie."
 }
--- a/frontend/src/lib/i18n/locales/no-NO.json
+++ b/frontend/src/lib/i18n/locales/no-NO.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/pl-PL.json
+++ b/frontend/src/lib/i18n/locales/pl-PL.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Nie udało się uzyskać adresu URL OAuth",
    "loginOauthSuccessTitle": "Przekierowywanie",
    "loginOauthSuccessSubtitle": "Przekierowywanie do Twojego dostawcy OAuth",
    "loginOauthAutoRedirectTitle": "Automatyczne przekierowanie OAuth",
    "loginOauthAutoRedirectSubtitle": "Nastąpi automatyczne przekierowanie do dostawcy OAuth w celu uwierzytelnienia.",
    "loginOauthAutoRedirectButton": "Przekieruj teraz",
    "continueTitle": "Kontynuuj",
    "continueRedirectingTitle": "Przekierowywanie...",
    "continueRedirectingSubtitle": "Wkrótce powinieneś zostać przekierowany do aplikacji",
-    "continueRedirectManually": "Przekieruj mnie ręcznie",
+    "continueInvalidRedirectTitle": "Nieprawidłowe przekierowanie",
    "continueInvalidRedirectSubtitle": "Adres przekierowania jest nieprawidłowy",
    "continueInsecureRedirectTitle": "Niezabezpieczone przekierowanie",
    "continueInsecureRedirectSubtitle": "Próbujesz przekierować z <code>https</code> do <code>http</code>, co nie jest bezpieczne. Czy na pewno chcesz kontynuować?",
-    "continueUntrustedRedirectTitle": "Niezaufane przekierowanie",
+    "continueTitle": "Kontynuuj",
-    "continueUntrustedRedirectSubtitle": "Próbujesz przekierować do domeny, która nie pasuje do skonfigurowanej domeny (<code>{{cookieDomain}}</code>). Czy na pewno chcesz kontynuować?",
+    "continueSubtitle": "Kliknij przycisk, aby przejść do aplikacji.",
    "logoutFailTitle": "Nie udało się wylogować",
    "logoutFailSubtitle": "Spróbuj ponownie",
    "logoutSuccessTitle": "Wylogowano",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "Użytkownik o nazwie <code>{{username}}</code> nie należy do grup wymaganych przez zasób <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Twój adres IP <code>{{ip}}</code> nie ma autoryzacji do dostępu do zasobu <code>{{resource}}</code>.",
    "unauthorizedButton": "Spróbuj ponownie",
    "untrustedRedirectTitle": "Niezaufane przekierowanie",
    "untrustedRedirectSubtitle": "Próbujesz przekierować do domeny, która nie pasuje do Twojej skonfigurowanej domeny (<code>{{domain}}</code>). Czy na pewno chcesz kontynuować?",
    "cancelTitle": "Anuluj",
    "forgotPasswordTitle": "Nie pamiętasz hasła?",
    "failedToFetchProvidersTitle": "Nie udało się załadować dostawców uwierzytelniania. Sprawdź swoją konfigurację.",
    "errorTitle": "Wystąpił błąd",
    "errorSubtitleInfo": "Podczas przetwarzania żądania wystąpił następujący błąd:",
    "errorSubtitle": "Wystąpił błąd podczas próby wykonania tej czynności. Sprawdź konsolę, aby uzyskać więcej informacji.",
    "forgotPasswordMessage": "Możesz zresetować hasło, zmieniając zmienną środowiskową `USERS`.",
    "fieldRequired": "To pole jest wymagane",
-    "invalidInput": "Nieprawidłowe dane wejściowe",
+    "invalidInput": "Nieprawidłowe dane wejściowe"
    "domainWarningTitle": "Nieprawidłowa domena",
    "domainWarningSubtitle": "Ta instancja jest skonfigurowana do uzyskania dostępu z <code>{{appUrl}}</code>, ale <code>{{currentUrl}}</code> jest w użyciu. Jeśli będziesz kontynuować, mogą wystąpić problemy z uwierzytelnianiem.",
    "ignoreTitle": "Zignoruj",
    "goToCorrectDomainTitle": "Przejdź do prawidłowej domeny",
    "authorizeTitle": "Autoryzuj",
    "authorizeCardTitle": "Kontynuować do {{app}}?",
    "authorizeSubtitle": "Czy chcesz kontynuować do tej aplikacji? Uważnie zapoznaj się z uprawnieniami żądanymi przez aplikację.",
    "authorizeSubtitleOAuth": "Czy chcesz kontynuować do tej aplikacji?",
    "authorizeLoadingTitle": "Wczytywanie...",
    "authorizeLoadingSubtitle": "Proszę czekać, aż załadujemy informacje o kliencie.",
    "authorizeSuccessTitle": "Autoryzowano",
    "authorizeSuccessSubtitle": "Za kilka sekund nastąpi przekierowanie do aplikacji.",
    "authorizeErrorClientInfo": "Wystąpił błąd podczas ładowania informacji o kliencie. Spróbuj ponownie później.",
    "authorizeErrorMissingParams": "Brakuje następujących parametrów: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Zezwala aplikacji na dostęp do informacji o OpenID Connect.",
    "emailScopeName": "E-mail",
    "emailScopeDescription": "Zezwala aplikacji na dostęp do adresów e-mail.",
    "profileScopeName": "Profil",
    "profileScopeDescription": "Zezwala aplikacji na dostęp do informacji o porfilu.",
    "groupsScopeName": "Grupy",
    "groupsScopeDescription": "Zezwala aplikacji na dostęp do informacji o grupie."
 }
--- a/frontend/src/lib/i18n/locales/pt-BR.json
+++ b/frontend/src/lib/i18n/locales/pt-BR.json
@@ -1,37 +1,34 @@
 {
    "loginTitle": "Bem-vindo de volta, acesse com",
-    "loginTitleSimple": "Bem-vindo de volta, faça o login",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Ou",
+    "loginDivider": "Or",
    "loginUsername": "Nome de usuário",
    "loginPassword": "Senha",
    "loginSubmit": "Entrar",
    "loginFailTitle": "Falha ao iniciar sessão",
    "loginFailSubtitle": "Por favor, verifique seu usuário e senha",
-    "loginFailRateLimit": "Você falhou em iniciar sessão muitas vezes, por favor tente novamente mais tarde",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
    "loginSuccessTitle": "Sessão Iniciada",
    "loginSuccessSubtitle": "Bem-vindo de volta!",
-    "loginOauthFailTitle": "Ocorreu um erro",
+    "loginOauthFailTitle": "An error occurred",
    "loginOauthFailSubtitle": "Falha ao obter URL de OAuth",
    "loginOauthSuccessTitle": "Redirecionando",
    "loginOauthSuccessSubtitle": "Redirecionando para seu provedor OAuth",
    "loginOauthAutoRedirectTitle": "Redirecionamento automático do OAuth",
    "loginOauthAutoRedirectSubtitle": "Você será automaticamente redirecionado para seu provedor OAuth para autenticar.",
    "loginOauthAutoRedirectButton": "Redirecionar agora",
    "continueTitle": "Continuar",
    "continueRedirectingTitle": "Redirecionando...",
    "continueRedirectingSubtitle": "Você deve ser redirecionado para o aplicativo em breve",
-    "continueRedirectManually": "Redirecionar-me manualmente",
+    "continueInvalidRedirectTitle": "Redirecionamento inválido",
    "continueInvalidRedirectSubtitle": "O endereço de redirecionamento é inválido",
    "continueInsecureRedirectTitle": "Redirecionamento inseguro",
-    "continueInsecureRedirectSubtitle": "Você está tentando redirecionar de <code>https</code> para <code>http</code>, você tem certeza que deseja continuar?",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Redirecionamento não confiável",
+    "continueTitle": "Continuar",
-    "continueUntrustedRedirectSubtitle": "Você está tentando redirecionar para um domínio que não corresponde ao seu domínio configurado (<code>{{cookieDomain}}</code>). Tem certeza que deseja continuar?",
+    "continueSubtitle": "Clique no botão para continuar para o seu aplicativo.",
    "logoutFailTitle": "Falha ao encerrar sessão",
    "logoutFailSubtitle": "Por favor, tente novamente",
    "logoutSuccessTitle": "Sessão encerrada",
    "logoutSuccessSubtitle": "Você foi desconectado",
    "logoutTitle": "Sair",
-    "logoutUsernameSubtitle": "Você está atualmente logado como <code>{{username}}</code>, clique no botão abaixo para sair.",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutOauthSubtitle": "Você está atualmente logado como <code>{{username}}</code> usando o provedor {{provider}} OAuth, clique no botão abaixo para sair.",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Página não encontrada",
    "notFoundSubtitle": "A página que você está procurando não existe.",
    "notFoundButton": "Voltar para a tela inicial",
@@ -40,42 +37,21 @@
    "totpSuccessTitle": "Verificado",
    "totpSuccessSubtitle": "Redirecionando para o seu aplicativo",
    "totpTitle": "Insira o seu código TOTP",
-    "totpSubtitle": "Por favor, insira o código do seu aplicativo de autenticação.",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
    "unauthorizedTitle": "Não autorizado",
-    "unauthorizedResourceSubtitle": "O usuário com nome de usuário <code>{{username}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "O usuário com o nome <code>{{username}}</code> não está autorizado a acessar.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "O usuário  <code>{{username}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Seu endereço IP <code>{{ip}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Tentar novamente",
    "untrustedRedirectTitle": "Redirecionamento não confiável",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancelar",
    "forgotPasswordTitle": "Esqueceu sua senha?",
-    "failedToFetchProvidersTitle": "Falha ao carregar provedores de autenticação. Verifique sua configuração.",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "errorTitle": "Ocorreu um erro",
+    "errorTitle": "An error occurred",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "errorSubtitle": "Ocorreu um erro ao tentar executar esta ação. Por favor, verifique o console para mais informações.",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "forgotPasswordMessage": "Você pode redefinir sua senha alterando a variável de ambiente `USERS`.",
+    "fieldRequired": "This field is required",
-    "fieldRequired": "Este campo é obrigatório",
+    "invalidInput": "Invalid input"
    "invalidInput": "Entrada Inválida",
    "domainWarningTitle": "Domínio inválido",
    "domainWarningSubtitle": "Esta instância está configurada para ser acessada de <code>{{appUrl}}</code>, mas <code>{{currentUrl}}</code> está sendo usado. Se você continuar, você pode encontrar problemas com a autenticação.",
    "ignoreTitle": "Ignorar",
    "goToCorrectDomainTitle": "Ir para o domínio correto",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/pt-PT.json
+++ b/frontend/src/lib/i18n/locales/pt-PT.json
@@ -1,81 +1,57 @@
 {
-    "loginTitle": "Bem-vindo de volta, inicia sessão com",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Bem-vindo de volta, inicia sessão",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Ou",
+    "loginDivider": "Or",
-    "loginUsername": "Nome de utilizador",
+    "loginUsername": "Username",
-    "loginPassword": "Palavra-passe",
+    "loginPassword": "Password",
-    "loginSubmit": "Iniciar sessão",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Falha ao iniciar sessão",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Verifica o nome de utilizador e a palavra-passe",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Falhaste o início de sessão demasiadas vezes. Tenta novamente mais tarde",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Sessão iniciada",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Bem-vindo de volta!",
+    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "Ocorreu um erro",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Não foi possível obter o URL OAuth",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "A redirecionar",
+    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "A redirecionar para o teu fornecedor OAuth",
+    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "Redirecionamento automático OAuth",
+    "continueRedirectingTitle": "Redirecting...",
-    "loginOauthAutoRedirectSubtitle": "Vais ser redirecionado automaticamente para o teu fornecedor OAuth para autenticação.",
+    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "loginOauthAutoRedirectButton": "Redirecionar agora",
+    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueTitle": "Continuar",
+    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueRedirectingTitle": "A redirecionar...",
+    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueRedirectingSubtitle": "Deverás ser redirecionado para a aplicação em breve",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueRedirectManually": "Redirecionar manualmente",
+    "continueTitle": "Continue",
-    "continueInsecureRedirectTitle": "Redirecionamento inseguro",
+    "continueSubtitle": "Click the button to continue to your app.",
-    "continueInsecureRedirectSubtitle": "Estás a tentar redirecionar de <code>https</code> para <code>http</code>, o que não é seguro. Tens a certeza de que queres continuar?",
+    "logoutFailTitle": "Failed to log out",
-    "continueUntrustedRedirectTitle": "Redirecionamento não fidedigno",
+    "logoutFailSubtitle": "Please try again",
-    "continueUntrustedRedirectSubtitle": "Estás a tentar redirecionar para um domínio que não corresponde ao domínio configurado (<code>{{cookieDomain}}</code>). Tens a certeza de que queres continuar?",
+    "logoutSuccessTitle": "Logged out",
-    "logoutFailTitle": "Falha ao terminar sessão",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutFailSubtitle": "Tenta novamente",
+    "logoutTitle": "Logout",
-    "logoutSuccessTitle": "Sessão terminada",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutSuccessSubtitle": "Terminaste a sessão com sucesso",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
-    "logoutTitle": "Terminar sessão",
+    "notFoundTitle": "Page not found",
-    "logoutUsernameSubtitle": "Estás com sessão iniciada como <code>{{username}}</code>. Clica no botão abaixo para terminar sessão.",
+    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "logoutOauthSubtitle": "Estás com sessão iniciada como <code>{{username}}</code> através do fornecedor OAuth {{provider}}. Clica no botão abaixo para terminar sessão.",
+    "notFoundButton": "Go home",
-    "notFoundTitle": "Página não encontrada",
+    "totpFailTitle": "Failed to verify code",
-    "notFoundSubtitle": "A página que procuras não existe.",
+    "totpFailSubtitle": "Please check your code and try again",
-    "notFoundButton": "Ir para o início",
+    "totpSuccessTitle": "Verified",
-    "totpFailTitle": "Falha na verificação do código",
+    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpFailSubtitle": "Verifica o código e tenta novamente",
+    "totpTitle": "Enter your TOTP code",
-    "totpSuccessTitle": "Verificado",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "totpSuccessSubtitle": "A redirecionar para a tua aplicação",
+    "unauthorizedTitle": "Unauthorized",
-    "totpTitle": "Introduz o teu código TOTP",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "totpSubtitle": "Introduz o código da tua aplicação de autenticação.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedTitle": "Não autorizado",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedResourceSubtitle": "O utilizador com o nome <code>{{username}}</code> não tem autorização para aceder ao recurso <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "O utilizador com o nome <code>{{username}}</code> não tem autorização para iniciar sessão.",
+    "unauthorizedButton": "Try again",
-    "unauthorizedGroupsSubtitle": "O utilizador com o nome <code>{{username}}</code> não pertence aos grupos exigidos pelo recurso <code>{{resource}}</code>.",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "unauthorizedIpSubtitle": "O teu endereço IP <code>{{ip}}</code> não tem autorização para aceder ao recurso <code>{{resource}}</code>.",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "unauthorizedButton": "Tentar novamente",
+    "cancelTitle": "Cancel",
-    "cancelTitle": "Cancelar",
+    "forgotPasswordTitle": "Forgot your password?",
-    "forgotPasswordTitle": "Esqueceste-te da palavra-passe?",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "failedToFetchProvidersTitle": "Falha ao carregar os fornecedores de autenticação. Verifica a configuração.",
+    "errorTitle": "An error occurred",
-    "errorTitle": "Ocorreu um erro",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "errorSubtitle": "Ocorreu um erro ao tentar executar esta ação. Consulta a consola para mais informações.",
+    "fieldRequired": "This field is required",
-    "forgotPasswordMessage": "Podes redefinir a tua palavra-passe alterando a variável de ambiente `USERS`.",
+    "invalidInput": "Invalid input"
    "fieldRequired": "Este campo é obrigatório",
    "invalidInput": "Entrada inválida",
    "domainWarningTitle": "Domínio inválido",
    "domainWarningSubtitle": "Esta instância está configurada para ser acedida a partir de <code>{{appUrl}}</code>, mas está a ser usado <code>{{currentUrl}}</code>. Se continuares, poderás ter problemas de autenticação.",
    "ignoreTitle": "Ignorar",
    "goToCorrectDomainTitle": "Ir para o domínio correto",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/ro-RO.json
+++ b/frontend/src/lib/i18n/locales/ro-RO.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/ru-RU.json
+++ b/frontend/src/lib/i18n/locales/ru-RU.json
@@ -1,6 +1,6 @@
 {
    "loginTitle": "С возвращением, войти с",
-    "loginTitleSimple": "С возвращением, пожалуйста войдите",
+    "loginTitleSimple": "Вход",
    "loginDivider": "Или",
    "loginUsername": "Имя пользователя",
    "loginPassword": "Пароль",
@@ -8,27 +8,24 @@
    "loginFailTitle": "Вход не удался",
    "loginFailSubtitle": "Проверьте имя пользователя и пароль",
    "loginFailRateLimit": "Слишком много ошибок входа. Попробуйте позже",
-    "loginSuccessTitle": "Вход выполнен",
+    "loginSuccessTitle": "Вы вошли",
    "loginSuccessSubtitle": "С возвращением!",
    "loginOauthFailTitle": "Произошла ошибка",
-    "loginOauthFailSubtitle": "Не удалось получить ссылку OAuth",
+    "loginOauthFailSubtitle": "Не удалось получить OAuth URL",
    "loginOauthSuccessTitle": "Перенаправление",
    "loginOauthSuccessSubtitle": "Перенаправление к поставщику OAuth",
    "loginOauthAutoRedirectTitle": "OAuth автоматическое перенаправление",
    "loginOauthAutoRedirectSubtitle": "Вы будете автоматически перенаправлены для авторизации у вашего поставщика OAuth.",
    "loginOauthAutoRedirectButton": "Перенаправить сейчас",
    "continueTitle": "Продолжить",
    "continueRedirectingTitle": "Перенаправление...",
    "continueRedirectingSubtitle": "Скоро вы будете перенаправлены в приложение",
-    "continueRedirectManually": "Перенаправить вручную",
+    "continueInvalidRedirectTitle": "Неверное перенаправление",
    "continueInvalidRedirectSubtitle": "URL перенаправления недействителен",
    "continueInsecureRedirectTitle": "Небезопасное перенаправление",
    "continueInsecureRedirectSubtitle": "Попытка перенаправления с <code>https</code> на <code>http</code>, уверены, что хотите продолжить?",
-    "continueUntrustedRedirectTitle": "Недоверенное перенаправление",
+    "continueTitle": "Продолжить",
-    "continueUntrustedRedirectSubtitle": "Вы пытаетесь перенаправить на домен, который не соответствует вашему настроенному домену (<code>{{cookieDomain}}</code>). Вы уверены, что хотите продолжить?",
+    "continueSubtitle": "Нажмите на кнопку, чтобы перейти к приложению.",
    "logoutFailTitle": "Не удалось выйти",
    "logoutFailSubtitle": "Попробуйте ещё раз",
    "logoutSuccessTitle": "Выход",
-    "logoutSuccessSubtitle": "Вы вышли",
+    "logoutSuccessSubtitle": "Вы вышли из системы",
    "logoutTitle": "Выйти",
    "logoutUsernameSubtitle": "Вход выполнен как <code>{{username}}</code>, нажмите на кнопку ниже, чтобы выйти.",
    "logoutOauthSubtitle": "Вход выполнен как <code>{{username}}</code> с использованием {{provider}} OAuth, нажмите кнопку ниже, чтобы выйти.",
@@ -40,42 +37,21 @@
    "totpSuccessTitle": "Подтверждён",
    "totpSuccessSubtitle": "Перенаправление в приложение",
    "totpTitle": "Введите код TOTP",
-    "totpSubtitle": "Пожалуйста, введите код из вашего приложения авторизации.",
+    "totpSubtitle": "Пожалуйста, введите код из вашего приложения — аутентификатора.",
-    "unauthorizedTitle": "Доступ запрещён",
+    "unauthorizedTitle": "Доступ запрещен",
-    "unauthorizedResourceSubtitle": "Пользователю <code>{{username}}</code> не разрешён доступ к <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "Пользователю <code>{{username}}</code> не разрешен доступ к <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Пользователю <code>{{username}}</code> не разрешён вход.",
+    "unauthorizedLoginSubtitle": "Пользователю <code>{{username}}</code> не разрешен вход.",
-    "unauthorizedGroupsSubtitle": "Пользователь <code>{{username}}</code> не состоит в группах, которым разрешён доступ к <code>{{resource}}</code>.",
+    "unauthorizedGroupsSubtitle": "Пользователь <code>{{username}}</code> не состоит в группах, которым разрешен доступ к <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Вашему IP-адресу <code>{{ip}}</code> не разрешён доступ к ресурсу <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Ваш IP адрес <code>{{ip}}</code> не авторизован для доступа к ресурсу <code>{{resource}}</code>.",
    "unauthorizedButton": "Повторить",
    "untrustedRedirectTitle": "Ненадежное перенаправление",
    "untrustedRedirectSubtitle": "Попытка перенаправить на домен, который не соответствует вашему заданному домену (<code>{{domain}}</code>). Уверены, что хотите продолжить?",
    "cancelTitle": "Отмена",
    "forgotPasswordTitle": "Забыли пароль?",
-    "failedToFetchProvidersTitle": "Не удалось загрузить поставщика авторизации. Пожалуйста, проверьте конфигурацию.",
+    "failedToFetchProvidersTitle": "Не удалось загрузить провайдеров аутентификации. Пожалуйста, проверьте конфигурацию.",
    "errorTitle": "Произошла ошибка",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "Произошла ошибка при попытке выполнить это действие. Проверьте консоль для дополнительной информации.",
-    "forgotPasswordMessage": "Вы можете сбросить свой пароль, изменив переменную окружения `USERS`.",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Это поле является обязательным",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Недопустимый ввод",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Неверный домен",
    "domainWarningSubtitle": "Этот экземпляр настроен на доступ к нему из <code>{{appUrl}}</code>, но <code>{{currentUrl}}</code> в настоящее время используется. Если вы продолжите, то могут возникнуть проблемы с авторизацией.",
    "ignoreTitle": "Игнорировать",
    "goToCorrectDomainTitle": "Перейти к правильному домену",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/sr-SP.json
+++ b/frontend/src/lib/i18n/locales/sr-SP.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Неуспело преузимање OAuth адресе",
    "loginOauthSuccessTitle": "Преусмеравање",
    "loginOauthSuccessSubtitle": "Преусмеравање на вашег OAuth провајдера",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Настави",
    "continueRedirectingTitle": "Преусмеравање...",
    "continueRedirectingSubtitle": "Требали би сте ускоро да будете преусмерени на апликацију",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Неисправно преусмеравање",
    "continueInvalidRedirectSubtitle": "Адреса за преусмеравање није исправна",
    "continueInsecureRedirectTitle": "Небезбедно преусмеравање",
    "continueInsecureRedirectSubtitle": "Покушавате да преусмерите са <code>https</code> на <code>http</code> што није безбедно. Да ли желите да наставите?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Настави",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Кликните на дугме да би сте наставили на нашу апликацију.",
    "logoutFailTitle": "Неуспешно одјављивање",
    "logoutFailSubtitle": "Молим вас покушајте поново",
    "logoutSuccessTitle": "Одјављени",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "Корисник са корисничким именом <code>{{username}}</code> није у групама које захтева ресурс <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Ваша IP адреса <code>{{ip}}</code> није ауторизована да приступи ресурсу <code>{{resource}}</code>.",
    "unauthorizedButton": "Покушајте поново",
    "untrustedRedirectTitle": "Преусмерење без поверења",
    "untrustedRedirectSubtitle": "Покушавате да преусмерите на домен који се не поклапа са подешеним доменом (<code>{{domain}}</code>). Да ли желите да наставите?",
    "cancelTitle": "Поништи",
    "forgotPasswordTitle": "Заборавили сте лозинку?",
    "failedToFetchProvidersTitle": "Није успело учитавање провајдера аутентификације. Молим вас проверите ваша подешавања.",
    "errorTitle": "Појавила се грешка",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "Појавила се грешка при покушају извршавања ове радње. Молим вас проверите конзолу за додатне информације.",
    "forgotPasswordMessage": "Можете поништити вашу лозинку променом `USERS` променљиве окружења.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/sv-SE.json
+++ b/frontend/src/lib/i18n/locales/sv-SE.json
@@ -1,35 +1,32 @@
 {
-    "loginTitle": "Välkommen tillbaka, logga in med",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Välkommen tillbaka, logga in",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Eller",
+    "loginDivider": "Or",
-    "loginUsername": "Användarnamn",
+    "loginUsername": "Username",
-    "loginPassword": "Lösenord",
+    "loginPassword": "Password",
-    "loginSubmit": "Logga in",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Kunde inte logga in",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Kontrollera ditt användarnamn och lösenord",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Du misslyckades med att logga in för många gånger. Försök igen senare",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Inloggad",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Välkommen tillbaka!",
+    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "Ett fel har uppstått",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Kunde inte hämta OAuth URL",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Omdirigerar",
+    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Omdirigera till din OAuth leverantör",
+    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "continueRedirectingTitle": "Redirecting...",
-    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueTitle": "Fortsätt",
+    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueRedirectingTitle": "Omdirigerar...",
+    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueRedirectingSubtitle": "Du bör omdirigeras till appen snart",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueRedirectManually": "Redirect me manually",
+    "continueTitle": "Continue",
-    "continueInsecureRedirectTitle": "Osäker omdirigering",
+    "continueSubtitle": "Click the button to continue to your app.",
-    "continueInsecureRedirectSubtitle": "Du försöker omdirigera från <code>https</code> till <code>http</code> som inte är säker. Är du säker på att du vill fortsätta?",
+    "logoutFailTitle": "Failed to log out",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "logoutFailSubtitle": "Please try again",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "logoutSuccessTitle": "Logged out",
-    "logoutFailTitle": "Kunde inte logga ut.",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutFailSubtitle": "Vänligen försök igen",
+    "logoutTitle": "Logout",
    "logoutSuccessTitle": "Utloggad",
    "logoutSuccessSubtitle": "Du har blivit utloggad",
    "logoutTitle": "Logga ut",
    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Page not found",
@@ -41,41 +38,20 @@
    "totpSuccessSubtitle": "Redirecting to your app",
    "totpTitle": "Enter your TOTP code",
    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Obehörig",
+    "unauthorizedTitle": "Unauthorized",
    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/tr-TR.json
+++ b/frontend/src/lib/i18n/locales/tr-TR.json
@@ -1,81 +1,57 @@
 {
-    "loginTitle": "Tekrar Hoş Geldiniz, giriş yapın",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Tekrar hoş geldiniz, lütfen giriş yapın",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Ya da",
+    "loginDivider": "Or",
    "loginUsername": "Kullanıcı Adı",
    "loginPassword": "Şifre",
    "loginSubmit": "Giriş Yap",
    "loginFailTitle": "Giriş yapılamadı",
-    "loginFailSubtitle": "Lütfen kullanıcı adınızı ve şifrenizi kontrol edin",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Çok fazla kez giriş yapma girişiminde bulundunuz. Lütfen daha sonra tekrar deneyin",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
    "loginSuccessTitle": "Giriş yapıldı",
    "loginSuccessSubtitle": "Tekrar hoş geldiniz!",
-    "loginOauthFailTitle": "Hata oluştu",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "OAuth URL'si alınamadı",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Yönlendiriliyor",
-    "loginOauthSuccessSubtitle": "OAuth sağlayıcınıza yönlendiriliyor",
+    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Otomatik Yönlendirme",
    "loginOauthAutoRedirectSubtitle": "Kimlik doğrulama işlemi için otomatik olarak OAuth sağlayıcınıza yönlendirileceksiniz.",
    "loginOauthAutoRedirectButton": "Şimdi Yönlendir",
    "continueTitle": "Devam et",
    "continueRedirectingTitle": "Yönlendiriliyor...",
-    "continueRedirectingSubtitle": "Kısa süre içinde uygulamaya yönlendirileceksiniz",
+    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Beni manuel olarak yönlendir",
+    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInsecureRedirectTitle": "Güvenli olmayan yönlendirme",
+    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueInsecureRedirectSubtitle": "<code>http</code> adresinden <code>http</code> adresine yönlendirme yapmaya çalışıyorsunuz, bu güvenli değil. Devam etmek istediğinizden emin misiniz?",
+    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueUntrustedRedirectTitle": "Güvenilmeyen yönlendirme",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectSubtitle": "Yapılandırdığınız alan adıyla eşleşmeyen bir alana yönlendirme yapmaya çalışıyorsunuz (<code>{{cookieDomain}}</code>). Devam etmek istediğinize emin misiniz?",
+    "continueTitle": "Devam et",
-    "logoutFailTitle": "Çıkış Yapılamadı",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Lütfen tekrar deneyin",
    "logoutSuccessTitle": "Çıkış yapıldı",
-    "logoutSuccessSubtitle": "Çıkış yaptınız",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutTitle": "Çıkış yap",
+    "logoutTitle": "Logout",
-    "logoutUsernameSubtitle": "<code>{{username}}</code> olarak giriş yapmış durumdasınız. Çıkış yapmak için aşağıdaki düğmeye tıklayın.",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutOauthSubtitle": "Şu anda {{provider}} OAuth sağlayıcısını kullanarak <code>{{username}}</code> olarak oturum açmış durumdasınız. Oturumunuzu kapatmak için aşağıdaki düğmeye tıklayın.",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Sayfa bulunamadı",
    "notFoundSubtitle": "Aradığınız sayfa mevcut değil.",
    "notFoundButton": "Ana sayfaya git",
    "totpFailTitle": "Kod doğrulanamadı",
-    "totpFailSubtitle": "Lütfen kodunuzu kontrol edin ve tekrar deneyin",
+    "totpFailSubtitle": "Please check your code and try again",
    "totpSuccessTitle": "Doğrulandı",
-    "totpSuccessSubtitle": "Uygulamanıza yönlendiriliyor",
+    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpTitle": "TOTP kodunuzu girin",
+    "totpTitle": "Enter your TOTP code",
-    "totpSubtitle": "Lütfen kimlik doğrulama uygulamanızdan aldığınız kodu girin.",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Yetkisiz",
+    "unauthorizedTitle": "Unauthorized",
-    "unauthorizedResourceSubtitle": "Kullanıcı adı <code>{{username}}</code> olan kullanıcının <code>{{resource}}</code> kaynağına erişim yetkisi bulunmamaktadır.",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Kullanıcı adı <code>{{username}}</code> olan kullanıcının oturum açma yetkisi yok.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "Kullanıcı adı <code>{{username}}</code> olan kullanıcı, <code>{{resource}}</code> kaynağının gerektirdiği gruplarda bulunmuyor.",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "IP adresiniz <code>{{ip}}</code>, <code>{{resource}}</code> kaynağına erişim yetkisine sahip değil.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedButton": "Tekrar deneyin",
+    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "İptal",
-    "forgotPasswordTitle": "Şifrenizi mi unuttunuz?",
+    "forgotPasswordTitle": "Forgot your password?",
-    "failedToFetchProvidersTitle": "Kimlik doğrulama sağlayıcıları yüklenemedi. Lütfen yapılandırmanızı kontrol edin.",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "errorTitle": "Bir hata oluştu",
+    "errorTitle": "An error occurred",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "Parolanızı `USERS` ortam değişkenini değiştirerek sıfırlayabilirsiniz.",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Bu alan zorunludur",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Geçersiz girdi",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Geçersiz alan adı",
    "domainWarningSubtitle": "Bu örnek, <code>{{appUrl}}</code> adresinden erişilecek şekilde yapılandırılmıştır, ancak <code>{{currentUrl}}</code> kullanılmaktadır. Devam ederseniz, kimlik doğrulama ile ilgili sorunlarla karşılaşabilirsiniz.",
    "ignoreTitle": "Yoksay",
    "goToCorrectDomainTitle": "Doğru alana gidin",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/uk-UA.json
+++ b/frontend/src/lib/i18n/locales/uk-UA.json
@@ -1,81 +1,57 @@
 {
-    "loginTitle": "З поверненням, увійдіть через",
+    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "З поверненням, будь ласка, авторизуйтесь",
+    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Або",
+    "loginDivider": "Or",
-    "loginUsername": "Ім'я користувача",
+    "loginUsername": "Username",
-    "loginPassword": "Пароль",
+    "loginPassword": "Password",
-    "loginSubmit": "Увійти",
+    "loginSubmit": "Login",
-    "loginFailTitle": "Не вдалося авторизуватися",
+    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Перевірте ім'я користувача та пароль",
+    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "Ви не змогли увійти занадто багато разів. Будь ласка, спробуйте ще раз пізніше",
+    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Вхід здійснено",
+    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "З поверненням!",
+    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "Виникла помилка",
+    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Не вдалося отримати OAuth URL",
+    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Перенаправляємо",
+    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Перенаправляємо до вашого провайдера OAuth",
+    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "Автоматичне переспрямування OAuth",
+    "continueRedirectingTitle": "Redirecting...",
-    "loginOauthAutoRedirectSubtitle": "Ви будете автоматично перенаправлені до вашого провайдера OAuth для автентифікації.",
+    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "loginOauthAutoRedirectButton": "Перейти зараз",
+    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueTitle": "Продовжити",
+    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueRedirectingTitle": "Перенаправлення...",
+    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueRedirectingSubtitle": "Незабаром ви будете перенаправлені в додаток",
+    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueRedirectManually": "Перенаправити мене вручну",
+    "continueTitle": "Continue",
-    "continueInsecureRedirectTitle": "Небезпечне перенаправлення",
+    "continueSubtitle": "Click the button to continue to your app.",
-    "continueInsecureRedirectSubtitle": "Ви намагаєтесь перенаправити з <code>https</code> на <code>http</code> який не є безпечним. Ви впевнені, що хочете продовжити?",
+    "logoutFailTitle": "Failed to log out",
-    "continueUntrustedRedirectTitle": "Недовірене перенаправлення",
+    "logoutFailSubtitle": "Please try again",
-    "continueUntrustedRedirectSubtitle": "Ви намагаєтесь перенаправити на домен, який не збігається з вашим налаштованим доменом (<code>{{cookieDomain}}</code>). Впевнені, що хочете продовжити?",
+    "logoutSuccessTitle": "Logged out",
-    "logoutFailTitle": "Не вдалося вийти",
+    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutFailSubtitle": "Будь ласка, спробуйте знову",
+    "logoutTitle": "Logout",
-    "logoutSuccessTitle": "Ви вийшли",
+    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutSuccessSubtitle": "Ви вийшли з системи",
+    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
-    "logoutTitle": "Вийти",
+    "notFoundTitle": "Page not found",
-    "logoutUsernameSubtitle": "Зараз ви увійшли як <code>{{username}}</code>. Натисніть кнопку нижче для виходу.",
+    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "logoutOauthSubtitle": "Наразі ви увійшли як <code>{{username}}</code> використовуючи провайдера {{provider}} OAuth. Натисніть кнопку нижче, щоб вийти.",
+    "notFoundButton": "Go home",
-    "notFoundTitle": "Сторінку не знайдено",
+    "totpFailTitle": "Failed to verify code",
-    "notFoundSubtitle": "Сторінка, яку ви шукаєте, не існує.",
+    "totpFailSubtitle": "Please check your code and try again",
-    "notFoundButton": "На головну",
+    "totpSuccessTitle": "Verified",
-    "totpFailTitle": "Не вдалося перевірити код",
+    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpFailSubtitle": "Перевірте ваш код і спробуйте ще раз",
+    "totpTitle": "Enter your TOTP code",
-    "totpSuccessTitle": "Перевірено",
+    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "totpSuccessSubtitle": "Перенаправлення до вашого додатку",
+    "unauthorizedTitle": "Unauthorized",
-    "totpTitle": "Введіть ваш TOTP код",
+    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "totpSubtitle": "Будь ласка, введіть код з вашого додатку для автентифікації.",
+    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedTitle": "Доступ обмежено",
+    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedResourceSubtitle": "Користувач з ім'ям користувача <code>{{username}}</code> не має права доступу до ресурсу <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Користувач з іменем <code>{{username}}</code> не авторизований для входу.",
+    "unauthorizedButton": "Try again",
-    "unauthorizedGroupsSubtitle": "Користувач з іменем <code>{{username}}</code> не входить до груп, що необхідні для ресурсу <code>{{resource}}</code>.",
+    "untrustedRedirectTitle": "Untrusted redirect",
-    "unauthorizedIpSubtitle": "Ваша IP-адреса <code>{{ip}}</code> не авторизована для доступу до ресурсу <code>{{resource}}</code>.",
+    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "unauthorizedButton": "Спробуйте ще раз",
+    "cancelTitle": "Cancel",
-    "cancelTitle": "Скасовувати",
+    "forgotPasswordTitle": "Forgot your password?",
-    "forgotPasswordTitle": "Забули пароль?",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "failedToFetchProvidersTitle": "Не вдалося завантажити провайдерів автентифікації. Будь ласка, перевірте вашу конфігурацію.",
+    "errorTitle": "An error occurred",
    "errorTitle": "Виникла помилка",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "Ви можете скинути пароль, змінивши змінну середовища \"USERS\".",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "Це поле обов'язкове для заповнення",
+    "fieldRequired": "This field is required",
-    "invalidInput": "Невірне введення",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Невірний домен",
    "domainWarningSubtitle": "Даний ресурс налаштований для доступу з <code>{{appUrl}}</code>, але використовується <code>{{currentUrl}}</code>. Якщо ви продовжите, можуть виникнути проблеми з автентифікацією.",
    "ignoreTitle": "Ігнорувати",
    "goToCorrectDomainTitle": "Перейти за коректним доменом",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/vi-VN.json
+++ b/frontend/src/lib/i18n/locales/vi-VN.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
-    "forgotPasswordTitle": "Bạn quên mật khẩu?",
+    "forgotPasswordTitle": "Forgot your password?",
-    "failedToFetchProvidersTitle": "Không tải được nhà cung cấp xác thực. Vui lòng kiểm tra cấu hình của bạn.",
+    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
    "errorTitle": "An error occurred",
-    "errorSubtitleInfo": "The following error occurred while processing your request:",
+    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "errorSubtitle": "Đã xảy ra lỗi khi thực hiện thao tác này. Vui lòng kiểm tra bảng điều khiển để biết thêm thông tin.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/zh-CN.json
+++ b/frontend/src/lib/i18n/locales/zh-CN.json
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "获取 OAuth URL 失败",
    "loginOauthSuccessTitle": "重定向中",
    "loginOauthSuccessSubtitle": "重定向到您的 OAuth 提供商",
    "loginOauthAutoRedirectTitle": "OAuth自动重定向",
    "loginOauthAutoRedirectSubtitle": "您将被自动重定向到您的 OAuth 提供商进行身份验证。",
    "loginOauthAutoRedirectButton": "立即跳转",
    "continueTitle": "继续",
    "continueRedirectingTitle": "正在重定向……",
    "continueRedirectingSubtitle": "您应该很快被重定向到应用",
-    "continueRedirectManually": "请手动跳转",
+    "continueInvalidRedirectTitle": "无效的重定向",
    "continueInvalidRedirectSubtitle": "重定向URL无效",
    "continueInsecureRedirectTitle": "不安全的重定向",
    "continueInsecureRedirectSubtitle": "您正在尝试从<code>https</code>重定向到<code>http</code>可能存在风险。您确定要继续吗？",
-    "continueUntrustedRedirectTitle": "不可信的重定向",
+    "continueTitle": "继续",
-    "continueUntrustedRedirectSubtitle": "您尝试跳转的域名与配置的域名（<code>{{cookieDomain}}</code>）不匹配。是否继续？",
+    "continueSubtitle": "点击按钮以继续您的应用。",
    "logoutFailTitle": "注销失败",
    "logoutFailSubtitle": "请重试",
    "logoutSuccessTitle": "已登出",
@@ -33,7 +30,7 @@
    "logoutUsernameSubtitle": "您当前登录用户为<code>{{username}}</code>。点击下方按钮注销。",
    "logoutOauthSubtitle": "您当前以<code>{{username}}</code>登录，使用的是{{provider}} OAuth 提供商。点击下方按钮注销。",
    "notFoundTitle": "无法找到页面",
-    "notFoundSubtitle": "您访问的页面不存在。",
+    "notFoundSubtitle": "您正在查找的页面不存在。",
    "notFoundButton": "回到主页",
    "totpFailTitle": "无法验证代码",
    "totpFailSubtitle": "请检查您的代码并重试",
@@ -45,37 +42,16 @@
    "unauthorizedResourceSubtitle": "用户名为<code>{{username}}</code>的用户无权访问资源<code>{{resource}}</code>。",
    "unauthorizedLoginSubtitle": "用户名为<code>{{username}}</code>的用户无权登录。",
    "unauthorizedGroupsSubtitle": "用户名为<code>{{username}}</code>的用户不在资源<code>{{resource}}</code>所需的组中。",
-    "unauthorizedIpSubtitle": "用户 <code>{{ip}}</code> 无权访问资源 <code>{{resource}}</code>。",
+    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "重试",
    "untrustedRedirectTitle": "不可信的重定向",
    "untrustedRedirectSubtitle": "您正在尝试重定向到一个与您已配置的域名 (<code>{{domain}}</code>) 不匹配的域名。您确定要继续吗？",
    "cancelTitle": "取消",
    "forgotPasswordTitle": "忘记密码？",
    "failedToFetchProvidersTitle": "加载身份验证提供程序失败，请检查您的配置。",
    "errorTitle": "发生了错误",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "执行此操作时发生错误，请检查控制台以获取更多信息。",
-    "forgotPasswordMessage": "您可以通过更改 `USERS ` 环境变量重置您的密码。",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "必添字段",
+    "fieldRequired": "This field is required",
-    "invalidInput": "无效的输入",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "无效域名",
    "domainWarningSubtitle": "当前实例配置的访问地址为 <code>{{appUrl}}</code>，但您正在使用 <code>{{currentUrl}}</code>。若继续操作，可能会遇到身份验证问题。",
    "ignoreTitle": "忽略",
    "goToCorrectDomainTitle": "转到正确的域名",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/i18n/locales/zh-TW.json
+++ b/frontend/src/lib/i18n/locales/zh-TW.json
@@ -1,5 +1,5 @@
 {
-    "loginTitle": "歡迎回來，請使用以下方式登入",
+    "loginTitle": "歡迎回來，請用以下方式登入",
    "loginTitleSimple": "歡迎回來，請登入",
    "loginDivider": "或",
    "loginUsername": "帳號",
@@ -14,17 +14,14 @@
    "loginOauthFailSubtitle": "無法取得 OAuth 網址",
    "loginOauthSuccessTitle": "重新導向中",
    "loginOauthSuccessSubtitle": "正在將您重新導向至 OAuth 供應商",
    "loginOauthAutoRedirectTitle": "OAuth 自動跳轉",
    "loginOauthAutoRedirectSubtitle": "自動跳轉到 OAuth 供應商進行身份驗證。",
    "loginOauthAutoRedirectButton": "立即重新導向",
    "continueTitle": "繼續",
    "continueRedirectingTitle": "重新導向中……",
    "continueRedirectingSubtitle": "您即將被重新導向至應用程式",
-    "continueRedirectManually": "手動重新導向",
+    "continueInvalidRedirectTitle": "無效的重新導向",
    "continueInvalidRedirectSubtitle": "重新導向的網址無效",
    "continueInsecureRedirectTitle": "不安全的重新導向",
    "continueInsecureRedirectSubtitle": "您正嘗試從安全的 <code>https</code> 重新導向至不安全的 <code>http</code>。您確定要繼續嗎？",
-    "continueUntrustedRedirectTitle": "不受信任的重新導向",
+    "continueTitle": "繼續",
-    "continueUntrustedRedirectSubtitle": "你嘗試重新導向的域名與設定不符(<code>{{cookieDomain}}</code>)。你確定要繼續嗎？",
+    "continueSubtitle": "點擊按鈕以繼續前往您的應用程式。",
    "logoutFailTitle": "登出失敗",
    "logoutFailSubtitle": "請再試一次",
    "logoutSuccessTitle": "登出成功",
@@ -47,35 +44,14 @@
    "unauthorizedGroupsSubtitle": "使用者 <code>{{username}}</code> 不在存取資源 <code>{{resource}}</code> 所需的群組中。",
    "unauthorizedIpSubtitle": "您的 IP 位址 <code>{{ip}}</code> 未被授權存取資源 <code>{{resource}}</code>。",
    "unauthorizedButton": "再試一次",
    "untrustedRedirectTitle": "不受信任的重新導向",
    "untrustedRedirectSubtitle": "您正嘗試重新導向至的網域與您設定的網域 (<code>{{domain}}</code>) 不符。您確定要繼續嗎？",
    "cancelTitle": "取消",
    "forgotPasswordTitle": "忘記密碼？",
    "failedToFetchProvidersTitle": "載入驗證供應商失敗。請檢查您的設定。",
    "errorTitle": "發生錯誤",
    "errorSubtitleInfo": "The following error occurred while processing your request:",
    "errorSubtitle": "執行此操作時發生錯誤。請檢查主控台以獲取更多資訊。",
-    "forgotPasswordMessage": "透過修改 `USERS` 環境變數，你可以重設你的密碼。",
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
-    "fieldRequired": "此為必填欄位",
+    "fieldRequired": "This field is required",
-    "invalidInput": "無效的輸入",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "無效的網域",
    "domainWarningSubtitle": "此服務設定為透過 <code>{{appUrl}}</code> 存取，但目前使用的是 <code>{{currentUrl}}</code>。若繼續操作，可能會遇到驗證問題。",
    "ignoreTitle": "忽略",
    "goToCorrectDomainTitle": "前往正確域名",
    "authorizeTitle": "Authorize",
    "authorizeCardTitle": "Continue to {{app}}?",
    "authorizeSubtitle": "Would you like to continue to this app? Please carefully review the permissions requested by the app.",
    "authorizeSubtitleOAuth": "Would you like to continue to this app?",
    "authorizeLoadingTitle": "Loading...",
    "authorizeLoadingSubtitle": "Please wait while we load the client information.",
    "authorizeSuccessTitle": "Authorized",
    "authorizeSuccessSubtitle": "You will be redirected to the app in a few seconds.",
    "authorizeErrorClientInfo": "An error occurred while loading the client information. Please try again later.",
    "authorizeErrorMissingParams": "The following parameters are missing: {{missingParams}}",
    "openidScopeName": "OpenID Connect",
    "openidScopeDescription": "Allows the app to access your OpenID Connect information.",
    "emailScopeName": "Email",
    "emailScopeDescription": "Allows the app to access your email address.",
    "profileScopeName": "Profile",
    "profileScopeDescription": "Allows the app to access your profile information.",
    "groupsScopeName": "Groups",
    "groupsScopeDescription": "Allows the app to access your group information."
 }
--- a/frontend/src/lib/utils.ts
+++ b/frontend/src/lib/utils.ts
@@ -5,6 +5,15 @@ export function cn(...inputs: ClassValue[]) {
  return twMerge(clsx(inputs));
 }
 export const isValidUrl = (url: string) => {
  try {
    new URL(url);
    return true;
  } catch (e) {
    return false;
  }
 };
 export const capitalize = (str: string) => {
  return str.charAt(0).toUpperCase() + str.slice(1);
 };
--- a/frontend/src/main.tsx
+++ b/frontend/src/main.tsx
@@ -16,8 +16,6 @@ import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
 import { AppContextProvider } from "./context/app-context.tsx";
 import { UserContextProvider } from "./context/user-context.tsx";
 import { Toaster } from "@/components/ui/sonner";
 import { ThemeProvider } from "./components/providers/theme-provider.tsx";
 import { AuthorizePage } from "./pages/authorize-page.tsx";
 const queryClient = new QueryClient();
@@ -26,28 +24,25 @@ createRoot(document.getElementById("root")!).render(
    <QueryClientProvider client={queryClient}>
      <AppContextProvider>
        <UserContextProvider>
-          <ThemeProvider defaultTheme="system" storageKey="tinyauth-theme">
+          <BrowserRouter>
-            <BrowserRouter>
+            <Routes>
-              <Routes>
+              <Route element={<Layout />} errorElement={<ErrorPage />}>
-                <Route element={<Layout />} errorElement={<ErrorPage />}>
+                <Route path="/" element={<App />} />
-                  <Route path="/" element={<App />} />
+                <Route path="/login" element={<LoginPage />} />
-                  <Route path="/login" element={<LoginPage />} />
+                <Route path="/logout" element={<LogoutPage />} />
-                  <Route path="/authorize" element={<AuthorizePage />} />
+                <Route path="/continue" element={<ContinuePage />} />
-                  <Route path="/logout" element={<LogoutPage />} />
+                <Route path="/totp" element={<TotpPage />} />
-                  <Route path="/continue" element={<ContinuePage />} />
+                <Route
-                  <Route path="/totp" element={<TotpPage />} />
+                  path="/forgot-password"
-                  <Route
+                  element={<ForgotPasswordPage />}
-                    path="/forgot-password"
+                />
-                    element={<ForgotPasswordPage />}
+                <Route path="/unauthorized" element={<UnauthorizedPage />} />
-                  />
+                <Route path="/error" element={<ErrorPage />} />
-                  <Route path="/unauthorized" element={<UnauthorizedPage />} />
+                <Route path="*" element={<NotFoundPage />} />
-                  <Route path="/error" element={<ErrorPage />} />
+              </Route>
-                  <Route path="*" element={<NotFoundPage />} />
+            </Routes>
-                </Route>
+          </BrowserRouter>
-              </Routes>
+          <Toaster />
            </BrowserRouter>
            <Toaster />
          </ThemeProvider>
        </UserContextProvider>
      </AppContextProvider>
    </QueryClientProvider>
--- a/frontend/src/pages/authorize-page.tsx
+++ b/frontend/src/pages/authorize-page.tsx
@@ -1,199 +0,0 @@
 import { useUserContext } from "@/context/user-context";
 import { useMutation, useQuery } from "@tanstack/react-query";
 import { Navigate, useNavigate } from "react-router";
 import { useLocation } from "react-router";
 import {
  Card,
  CardHeader,
  CardTitle,
  CardDescription,
  CardFooter,
  CardContent,
 } from "@/components/ui/card";
 import { getOidcClientInfoSchema } from "@/schemas/oidc-schemas";
 import { Button } from "@/components/ui/button";
 import axios from "axios";
 import { toast } from "sonner";
 import { useOIDCParams } from "@/lib/hooks/oidc";
 import { useTranslation } from "react-i18next";
 import { TFunction } from "i18next";
 import { Mail, Shield, User, Users } from "lucide-react";
 type Scope = {
  id: string;
  name: string;
  description: string;
  icon: React.ReactNode;
 };
 const scopeMapIconProps = {
  className: "stroke-card stroke-2.5",
 };
 const createScopeMap = (t: TFunction<"translation", undefined>): Scope[] => {
  return [
    {
      id: "openid",
      name: t("openidScopeName"),
      description: t("openidScopeDescription"),
      icon: <Shield {...scopeMapIconProps} />,
    },
    {
      id: "email",
      name: t("emailScopeName"),
      description: t("emailScopeDescription"),
      icon: <Mail {...scopeMapIconProps} />,
    },
    {
      id: "profile",
      name: t("profileScopeName"),
      description: t("profileScopeDescription"),
      icon: <User {...scopeMapIconProps} />,
    },
    {
      id: "groups",
      name: t("groupsScopeName"),
      description: t("groupsScopeDescription"),
      icon: <Users {...scopeMapIconProps} />,
    },
  ];
 };
 export const AuthorizePage = () => {
  const { isLoggedIn } = useUserContext();
  const { search } = useLocation();
  const { t } = useTranslation();
  const navigate = useNavigate();
  const scopeMap = createScopeMap(t);
  const searchParams = new URLSearchParams(search);
  const {
    values: props,
    missingParams,
    isOidc,
    compiled: compiledOIDCParams,
  } = useOIDCParams(searchParams);
  const scopes = props.scope ? props.scope.split(" ").filter(Boolean) : [];
  const getClientInfo = useQuery({
    queryKey: ["client", props.client_id],
    queryFn: async () => {
      const res = await fetch(`/api/oidc/clients/${props.client_id}`);
      const data = await getOidcClientInfoSchema.parseAsync(await res.json());
      return data;
    },
    enabled: isOidc,
  });
  const authorizeMutation = useMutation({
    mutationFn: () => {
      return axios.post("/api/oidc/authorize", {
        scope: props.scope,
        response_type: props.response_type,
        client_id: props.client_id,
        redirect_uri: props.redirect_uri,
        state: props.state,
      });
    },
    mutationKey: ["authorize", props.client_id],
    onSuccess: (data) => {
      toast.info(t("authorizeSuccessTitle"), {
        description: t("authorizeSuccessSubtitle"),
      });
      window.location.replace(data.data.redirect_uri);
    },
    onError: (error) => {
      window.location.replace(
        `/error?error=${encodeURIComponent(error.message)}`,
      );
    },
  });
  if (missingParams.length > 0) {
    return (
      <Navigate
        to={`/error?error=${encodeURIComponent(t("authorizeErrorMissingParams", { missingParams: missingParams.join(", ") }))}`}
        replace
      />
    );
  }
  if (!isLoggedIn) {
    return <Navigate to={`/login?${compiledOIDCParams}`} replace />;
  }
  if (getClientInfo.isLoading) {
    return (
      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
            {t("authorizeLoadingTitle")}
          </CardTitle>
          <CardDescription>{t("authorizeLoadingSubtitle")}</CardDescription>
        </CardHeader>
      </Card>
    );
  }
  if (getClientInfo.isError) {
    return (
      <Navigate
        to={`/error?error=${encodeURIComponent(t("authorizeErrorClientInfo"))}`}
        replace
      />
    );
  }
  return (
    <Card className="min-w-xs sm:min-w-sm mx-4">
      <CardHeader>
        <CardTitle className="text-3xl">
          {t("authorizeCardTitle", {
            app: getClientInfo.data?.name || "Unknown",
          })}
        </CardTitle>
        <CardDescription>
          {scopes.includes("openid")
            ? t("authorizeSubtitle")
            : t("authorizeSubtitleOAuth")}
        </CardDescription>
      </CardHeader>
      {scopes.includes("openid") && (
        <CardContent className="flex flex-col gap-4">
          {scopes.map((id) => {
            const scope = scopeMap.find((s) => s.id === id);
            if (!scope) return null;
            return (
              <div key={scope.id} className="flex flex-row items-center gap-3">
                <div className="p-2 flex flex-col items-center justify-center bg-card-foreground rounded-md">
                  {scope.icon}
                </div>
                <div className="flex flex-col gap-0.5">
                  <div className="text-md">{scope.name}</div>
                  <div className="text-sm text-muted-foreground">
                    {scope.description}
                  </div>
                </div>
              </div>
            );
          })}
        </CardContent>
      )}
      <CardFooter className="flex flex-col items-stretch gap-2">
        <Button
          onClick={() => authorizeMutation.mutate()}
          loading={authorizeMutation.isPending}
        >
          {t("authorizeTitle")}
        </Button>
        <Button
          onClick={() => navigate("/")}
          disabled={authorizeMutation.isPending}
          variant="outline"
        >
          {t("cancelTitle")}
        </Button>
      </CardFooter>
    </Card>
  );
 };
--- a/frontend/src/pages/continue-page.tsx
+++ b/frontend/src/pages/continue-page.tsx
@@ -8,121 +8,75 @@ import {
 } from "@/components/ui/card";
 import { useAppContext } from "@/context/app-context";
 import { useUserContext } from "@/context/user-context";
 import { isValidUrl } from "@/lib/utils";
 import { Trans, useTranslation } from "react-i18next";
 import { Navigate, useLocation, useNavigate } from "react-router";
-import { useCallback, useEffect, useRef, useState } from "react";
+import DOMPurify from "dompurify";
-import { useRedirectUri } from "@/lib/hooks/redirect-uri";
+import { useState } from "react";
 export const ContinuePage = () => {
  const { cookieDomain, disableUiWarnings } = useAppContext();
  const { isLoggedIn } = useUserContext();
  if (!isLoggedIn) {
    return <Navigate to="/login" />;
  }
  const { domain, disableContinue } = useAppContext();
  const { search } = useLocation();
  const [loading, setLoading] = useState(false);
  const searchParams = new URLSearchParams(search);
  const redirectURI = searchParams.get("redirect_uri");
  if (!redirectURI) {
    return <Navigate to="/logout" />;
  }
  if (!isValidUrl(DOMPurify.sanitize(redirectURI))) {
    return <Navigate to="/logout" />;
  }
  const handleRedirect = () => {
    setLoading(true);
    window.location.href = DOMPurify.sanitize(redirectURI);
  }
  if (disableContinue) {
    handleRedirect();
  }
  const { t } = useTranslation();
  const navigate = useNavigate();
-  const [isLoading, setIsLoading] = useState(false);
+  const url = new URL(redirectURI);
  const [showRedirectButton, setShowRedirectButton] = useState(false);
  const hasRedirected = useRef(false);
-  const searchParams = new URLSearchParams(search);
+  if (!(url.hostname == domain) && !url.hostname.endsWith(`.${domain}`)) {
  const redirectUri = searchParams.get("redirect_uri");
  const { url, valid, trusted, allowedProto, httpsDowngrade } = useRedirectUri(
    redirectUri,
    cookieDomain,
  );
  const urlHref = url?.href;
  const hasValidRedirect = valid && allowedProto;
  const showUntrustedWarning =
    hasValidRedirect && !trusted && !disableUiWarnings;
  const showInsecureWarning =
    hasValidRedirect && httpsDowngrade && !disableUiWarnings;
  const shouldAutoRedirect =
    isLoggedIn &&
    hasValidRedirect &&
    !showUntrustedWarning &&
    !showInsecureWarning;
  const redirectToTarget = useCallback(() => {
    if (!urlHref || hasRedirected.current) {
      return;
    }
    hasRedirected.current = true;
    window.location.assign(urlHref);
  }, [urlHref]);
  const handleRedirect = useCallback(() => {
    setIsLoading(true);
    redirectToTarget();
  }, [redirectToTarget]);
  useEffect(() => {
    if (!shouldAutoRedirect) {
      return;
    }
    const auto = setTimeout(() => {
      redirectToTarget();
    }, 100);
    const reveal = setTimeout(() => {
      setShowRedirectButton(true);
    }, 5000);
    return () => {
      clearTimeout(auto);
      clearTimeout(reveal);
    };
  }, [shouldAutoRedirect, redirectToTarget]);
  if (!isLoggedIn) {
    return (
-      <Navigate
+      <Card className="min-w-xs sm:min-w-sm">
        to={`/login${redirectUri ? `?redirect_uri=${encodeURIComponent(redirectUri)}` : ""}`}
        replace
      />
    );
  }
  if (!hasValidRedirect) {
    return <Navigate to="/logout" replace />;
  }
  if (showUntrustedWarning) {
    return (
      <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
-            {t("continueUntrustedRedirectTitle")}
+            {t("untrustedRedirectTitle")}
          </CardTitle>
          <CardDescription>
            <Trans
-              i18nKey="continueUntrustedRedirectSubtitle"
+              i18nKey="untrustedRedirectSubtitle"
              t={t}
              components={{
                code: <code />,
              }}
-              values={{ cookieDomain }}
+              values={{ domain }}
              shouldUnescape={true}
            />
          </CardDescription>
        </CardHeader>
        <CardFooter className="flex flex-col items-stretch gap-2">
          <Button
            onClick={handleRedirect}
-            loading={isLoading}
+            loading={loading}
            variant="destructive"
          >
            {t("continueTitle")}
          </Button>
-          <Button
+          <Button onClick={() => navigate("/logout")} variant="outline" disabled={loading}>
            onClick={() => navigate("/logout")}
            variant="outline"
            disabled={isLoading}
          >
            {t("cancelTitle")}
          </Button>
        </CardFooter>
@@ -130,9 +84,9 @@ export const ContinuePage = () => {
    );
  }
-  if (showInsecureWarning) {
+  if (url.protocol === "http:" && window.location.protocol === "https:") {
    return (
-      <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
+      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
            {t("continueInsecureRedirectTitle")}
@@ -150,16 +104,12 @@ export const ContinuePage = () => {
        <CardFooter className="flex flex-col items-stretch gap-2">
          <Button
            onClick={handleRedirect}
-            loading={isLoading}
+            loading={loading}
            variant="warning"
          >
            {t("continueTitle")}
          </Button>
-          <Button
+          <Button onClick={() => navigate("/logout")} variant="outline" disabled={loading}>
            onClick={() => navigate("/logout")}
            variant="outline"
            disabled={isLoading}
          >
            {t("cancelTitle")}
          </Button>
        </CardFooter>
@@ -170,18 +120,17 @@ export const ContinuePage = () => {
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
-        <CardTitle className="text-3xl">
+        <CardTitle className="text-3xl">{t("continueTitle")}</CardTitle>
-          {t("continueRedirectingTitle")}
+        <CardDescription>{t("continueSubtitle")}</CardDescription>
        </CardTitle>
        <CardDescription>{t("continueRedirectingSubtitle")}</CardDescription>
      </CardHeader>
-      {showRedirectButton && (
+      <CardFooter className="flex flex-col items-stretch">
-        <CardFooter className="flex flex-col items-stretch">
+        <Button
-          <Button onClick={handleRedirect}>
+          onClick={handleRedirect}
-            {t("continueRedirectManually")}
+          loading={loading}
-          </Button>
+        >
-        </CardFooter>
+          {t("continueTitle")}
-      )}
+        </Button>
      </CardFooter>
    </Card>
  );
 };
--- a/frontend/src/pages/error-page.tsx
+++ b/frontend/src/pages/error-page.tsx
@@ -5,30 +5,15 @@ import {
  CardTitle,
 } from "@/components/ui/card";
 import { useTranslation } from "react-i18next";
 import { useLocation } from "react-router";
 export const ErrorPage = () => {
  const { t } = useTranslation();
  const { search } = useLocation();
  const searchParams = new URLSearchParams(search);
  const error = searchParams.get("error") ?? "";
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-3xl">{t("errorTitle")}</CardTitle>
-        <CardDescription className="flex flex-col gap-1.5">
+        <CardDescription>{t("errorSubtitle")}</CardDescription>
          {error ? (
            <>
              <p>{t("errorSubtitleInfo")}</p>
              <pre>{error}</pre>
            </>
          ) : (
            <>
              <p>{t("errorSubtitle")}</p>
            </>
          )}
        </CardDescription>
      </CardHeader>
    </Card>
  );
--- a/frontend/src/pages/login-page.tsx
+++ b/frontend/src/pages/login-page.tsx
@@ -1,82 +1,51 @@
 import { LoginForm } from "@/components/auth/login-form";
 import { GenericIcon } from "@/components/icons/generic";
 import { GithubIcon } from "@/components/icons/github";
 import { GoogleIcon } from "@/components/icons/google";
 import { MicrosoftIcon } from "@/components/icons/microsoft";
 import { OAuthIcon } from "@/components/icons/oauth";
 import { PocketIDIcon } from "@/components/icons/pocket-id";
 import { TailscaleIcon } from "@/components/icons/tailscale";
 import { Button } from "@/components/ui/button";
 import {
  Card,
  CardHeader,
  CardTitle,
  CardDescription,
  CardContent,
  CardFooter,
 } from "@/components/ui/card";
 import { OAuthButton } from "@/components/ui/oauth-button";
 import { SeperatorWithChildren } from "@/components/ui/separator";
 import { useAppContext } from "@/context/app-context";
 import { useUserContext } from "@/context/user-context";
-import { useOIDCParams } from "@/lib/hooks/oidc";
+import { useIsMounted } from "@/lib/hooks/use-is-mounted";
 import { LoginSchema } from "@/schemas/login-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios, { AxiosError } from "axios";
-import { useEffect, useRef, useState } from "react";
+import { useEffect } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 const iconMap: Record<string, React.ReactNode> = {
  google: <GoogleIcon />,
  github: <GithubIcon />,
  tailscale: <TailscaleIcon />,
  microsoft: <MicrosoftIcon />,
  pocketid: <PocketIDIcon />,
 };
 export const LoginPage = () => {
  const { isLoggedIn } = useUserContext();
-  const { providers, title, oauthAutoRedirect } = useAppContext();
+
  if (isLoggedIn) {
    return <Navigate to="/logout" />;
  }
  const { configuredProviders, title, oauthAutoRedirect, genericName } = useAppContext();
  const { search } = useLocation();
  const { t } = useTranslation();
-
+  const isMounted = useIsMounted();
  const [showRedirectButton, setShowRedirectButton] = useState(false);
  const hasAutoRedirectedRef = useRef(false);
  const redirectTimer = useRef<number | null>(null);
  const redirectButtonTimer = useRef<number | null>(null);
  const searchParams = new URLSearchParams(search);
-  const {
+  const redirectUri = searchParams.get("redirect_uri");
    values: props,
    isOidc,
    compiled: compiledOIDCParams,
  } = useOIDCParams(searchParams);
-  const [isOauthAutoRedirect, setIsOauthAutoRedirect] = useState(
+  const oauthConfigured =
-    providers.find((provider) => provider.id === oauthAutoRedirect) !==
+    configuredProviders.filter((provider) => provider !== "username").length >
-      undefined && props.redirect_uri,
+    0;
-  );
+  const userAuthConfigured = configuredProviders.includes("username");
-  const oauthProviders = providers.filter(
+  const oauthMutation = useMutation({
    (provider) => provider.id !== "local" && provider.id !== "ldap",
  );
  const userAuthConfigured =
    providers.find(
      (provider) => provider.id === "local" || provider.id === "ldap",
    ) !== undefined;
  const {
    mutate: oauthMutate,
    data: oauthData,
    isPending: oauthIsPending,
    variables: oauthVariables,
  } = useMutation({
    mutationFn: (provider: string) =>
      axios.get(
-        `/api/oauth/url/${provider}${props.redirect_uri ? `?redirect_uri=${encodeURIComponent(props.redirect_uri)}` : ""}`,
+        `/api/oauth/url/${provider}?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
      ),
    mutationKey: ["oauth"],
    onSuccess: (data) => {
@@ -84,31 +53,24 @@ export const LoginPage = () => {
        description: t("loginOauthSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(() => {
-        window.location.replace(data.data.url);
+        window.location.href = data.data.url;
      }, 500);
      if (isOauthAutoRedirect) {
        redirectButtonTimer.current = window.setTimeout(() => {
          setShowRedirectButton(true);
        }, 5000);
      }
    },
    onError: () => {
      setIsOauthAutoRedirect(false);
      toast.error(t("loginOauthFailTitle"), {
        description: t("loginOauthFailSubtitle"),
      });
    },
  });
-  const { mutate: loginMutate, isPending: loginIsPending } = useMutation({
+  const loginMutation = useMutation({
    mutationFn: (values: LoginSchema) => axios.post("/api/user/login", values),
    mutationKey: ["login"],
    onSuccess: (data) => {
      if (data.data.totpPending) {
        window.location.replace(
-          `/totp${props.redirect_uri ? `?redirect_uri=${encodeURIComponent(props.redirect_uri)}` : ""}`,
+          `/totp?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
        );
        return;
      }
@@ -117,13 +79,9 @@ export const LoginPage = () => {
        description: t("loginSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(() => {
        if (isOidc) {
          window.location.replace(`/authorize?${compiledOIDCParams}`);
          return;
        }
        window.location.replace(
-          `/continue${props.redirect_uri ? `?redirect_uri=${encodeURIComponent(props.redirect_uri)}` : ""}`,
+          `/continue?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
        );
      }, 500);
    },
@@ -138,123 +96,72 @@ export const LoginPage = () => {
  });
  useEffect(() => {
-    if (
+    if (isMounted()) {
-      !isLoggedIn &&
+      if (
-      isOauthAutoRedirect &&
+        oauthConfigured &&
-      !hasAutoRedirectedRef.current &&
+        configuredProviders.includes(oauthAutoRedirect) &&
-      props.redirect_uri
+        redirectUri
-    ) {
+      ) {
-      hasAutoRedirectedRef.current = true;
+        oauthMutation.mutate(oauthAutoRedirect);
-      oauthMutate(oauthAutoRedirect);
+      }
    }
-  }, [
+  }, []);
    isLoggedIn,
    oauthMutate,
    hasAutoRedirectedRef,
    oauthAutoRedirect,
    isOauthAutoRedirect,
    props.redirect_uri,
  ]);
  useEffect(() => {
    return () => {
      if (redirectTimer.current) {
        clearTimeout(redirectTimer.current);
      }
      if (redirectButtonTimer.current) {
        clearTimeout(redirectButtonTimer.current);
      }
    };
  }, [redirectTimer, redirectButtonTimer]);
  if (isLoggedIn && isOidc) {
    return <Navigate to={`/authorize?${compiledOIDCParams}`} replace />;
  }
  if (isLoggedIn && props.redirect_uri !== "") {
    return (
      <Navigate
        to={`/continue${props.redirect_uri ? `?redirect_uri=${encodeURIComponent(props.redirect_uri)}` : ""}`}
        replace
      />
    );
  }
  if (isLoggedIn) {
    return <Navigate to="/logout" replace />;
  }
  if (isOauthAutoRedirect) {
    return (
      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
            {t("loginOauthAutoRedirectTitle")}
          </CardTitle>
          <CardDescription>
            {t("loginOauthAutoRedirectSubtitle")}
          </CardDescription>
        </CardHeader>
        {showRedirectButton && (
          <CardFooter className="flex flex-col items-stretch">
            <Button
              onClick={() => {
                if (oauthData?.data.url) {
                  window.location.replace(oauthData.data.url);
                } else {
                  setIsOauthAutoRedirect(false);
                  toast.error(t("loginOauthFailTitle"), {
                    description: t("loginOauthFailSubtitle"),
                  });
                }
              }}
            >
              {t("loginOauthAutoRedirectButton")}
            </Button>
          </CardFooter>
        )}
      </Card>
    );
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-center text-3xl">{title}</CardTitle>
-        {providers.length > 0 && (
+        {configuredProviders.length > 0 && (
          <CardDescription className="text-center">
-            {oauthProviders.length !== 0
+            {oauthConfigured ? t("loginTitle") : t("loginTitleSimple")}
              ? t("loginTitle")
              : t("loginTitleSimple")}
          </CardDescription>
        )}
      </CardHeader>
      <CardContent className="flex flex-col gap-4">
-        {oauthProviders.length !== 0 && (
+        {oauthConfigured && (
          <div className="flex flex-col gap-2 items-center justify-center">
-            {oauthProviders.map((provider) => (
+            {configuredProviders.includes("google") && (
              <OAuthButton
-                key={provider.id}
+                title="Google"
-                title={provider.name}
+                icon={<GoogleIcon />}
                icon={iconMap[provider.id] ?? <OAuthIcon />}
                className="w-full"
-                onClick={() => oauthMutate(provider.id)}
+                onClick={() => oauthMutation.mutate("google")}
-                loading={oauthIsPending && oauthVariables === provider.id}
+                loading={oauthMutation.isPending && oauthMutation.variables === "google"}
-                disabled={oauthIsPending || loginIsPending}
+                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
-            ))}
+            )}
            {configuredProviders.includes("github") && (
              <OAuthButton
                title="Github"
                icon={<GithubIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("github")}
                loading={oauthMutation.isPending && oauthMutation.variables === "github"}
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
            {configuredProviders.includes("generic") && (
              <OAuthButton
                title={genericName}
                icon={<GenericIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("generic")}
                loading={oauthMutation.isPending && oauthMutation.variables === "generic"}
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
          </div>
        )}
-        {userAuthConfigured && oauthProviders.length !== 0 && (
+        {userAuthConfigured && oauthConfigured && (
          <SeperatorWithChildren>{t("loginDivider")}</SeperatorWithChildren>
        )}
        {userAuthConfigured && (
          <LoginForm
-            onSubmit={(values) => loginMutate(values)}
+            onSubmit={(values) => loginMutation.mutate(values)}
-            loading={loginIsPending || oauthIsPending}
+            loading={loginMutation.isPending || oauthMutation.isPending}
          />
        )}
-        {providers.length == 0 && (
+        {configuredProviders.length == 0 && (
          <p className="text-center text-red-600 max-w-sm">
            {t("failedToFetchProvidersTitle")}
          </p>
--- a/frontend/src/pages/logout-page.tsx
+++ b/frontend/src/pages/logout-page.tsx
@@ -6,19 +6,24 @@ import {
  CardHeader,
  CardTitle,
 } from "@/components/ui/card";
 import { useAppContext } from "@/context/app-context";
 import { useUserContext } from "@/context/user-context";
 import { capitalize } from "@/lib/utils";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
 import { useEffect, useRef } from "react";
 import { Trans, useTranslation } from "react-i18next";
 import { Navigate } from "react-router";
 import { toast } from "sonner";
 export const LogoutPage = () => {
-  const { provider, username, isLoggedIn, email, oauthName } = useUserContext();
+  const { provider, username, isLoggedIn, email } = useUserContext();
  const { t } = useTranslation();
-  const redirectTimer = useRef<number | null>(null);
+  if (!isLoggedIn) {
    return <Navigate to="/login" />;
  }
  const { genericName } = useAppContext();
  const { t } = useTranslation();
  const logoutMutation = useMutation({
    mutationFn: () => axios.post("/api/user/logout"),
@@ -28,7 +33,7 @@ export const LogoutPage = () => {
        description: t("logoutSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(async () => {
        window.location.replace("/login");
      }, 500);
    },
@@ -39,24 +44,12 @@ export const LogoutPage = () => {
    },
  });
  useEffect(() => {
    return () => {
      if (redirectTimer.current) {
        clearTimeout(redirectTimer.current);
      }
    };
  }, [redirectTimer]);
  if (!isLoggedIn) {
    return <Navigate to="/login" replace />;
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-3xl">{t("logoutTitle")}</CardTitle>
        <CardDescription>
-          {provider !== "local" && provider !== "ldap" ? (
+          {provider !== "username" ? (
            <Trans
              i18nKey="logoutOauthSubtitle"
              t={t}
@@ -65,9 +58,9 @@ export const LogoutPage = () => {
              }}
              values={{
                username: email,
-                provider: oauthName,
+                provider:
                  provider === "generic" ? genericName : capitalize(provider),
              }}
              shouldUnescape={true}
            />
          ) : (
            <Trans
@@ -79,7 +72,6 @@ export const LogoutPage = () => {
              values={{
                username,
              }}
              shouldUnescape={true}
            />
          )}
        </CardDescription>
--- a/frontend/src/pages/totp-page.tsx
+++ b/frontend/src/pages/totp-page.tsx
@@ -12,26 +12,24 @@ import { useUserContext } from "@/context/user-context";
 import { TotpSchema } from "@/schemas/totp-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
-import { useEffect, useId, useRef } from "react";
+import { useId } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 import { useOIDCParams } from "@/lib/hooks/oidc";
 export const TotpPage = () => {
  const { totpPending } = useUserContext();
  if (!totpPending) {
    return <Navigate to="/" />;
  }
  const { t } = useTranslation();
  const { search } = useLocation();
  const formId = useId();
  const redirectTimer = useRef<number | null>(null);
  const searchParams = new URLSearchParams(search);
-  const {
+  const redirectUri = searchParams.get("redirect_uri");
    values: props,
    isOidc,
    compiled: compiledOIDCParams,
  } = useOIDCParams(searchParams);
  const totpMutation = useMutation({
    mutationFn: (values: TotpSchema) => axios.post("/api/user/totp", values),
@@ -41,14 +39,9 @@ export const TotpPage = () => {
        description: t("totpSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(() => {
        if (isOidc) {
          window.location.replace(`/authorize?${compiledOIDCParams}`);
          return;
        }
        window.location.replace(
-          `/continue${props.redirect_uri ? `?redirect_uri=${encodeURIComponent(props.redirect_uri)}` : ""}`,
+          `/continue?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
        );
      }, 500);
    },
@@ -59,18 +52,6 @@ export const TotpPage = () => {
    },
  });
  useEffect(() => {
    return () => {
      if (redirectTimer.current) {
        clearTimeout(redirectTimer.current);
      }
    };
  }, [redirectTimer]);
  if (!totpPending) {
    return <Navigate to="/" replace />;
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
@@ -81,6 +62,7 @@ export const TotpPage = () => {
        <TotpForm
          formId={formId}
          onSubmit={(values) => totpMutation.mutate(values)}
          loading={totpMutation.isPending}
        />
      </CardContent>
      <CardFooter className="flex flex-col items-stretch">
--- a/frontend/src/pages/unauthorized-page.tsx
+++ b/frontend/src/pages/unauthorized-page.tsx
@@ -12,10 +12,6 @@ import { Navigate, useLocation, useNavigate } from "react-router";
 export const UnauthorizedPage = () => {
  const { search } = useLocation();
  const { t } = useTranslation();
  const navigate = useNavigate();
  const [loading, setLoading] = useState(false);
  const searchParams = new URLSearchParams(search);
  const username = searchParams.get("username");
@@ -23,15 +19,19 @@ export const UnauthorizedPage = () => {
  const groupErr = searchParams.get("groupErr");
  const ip = searchParams.get("ip");
  if (!username && !ip) {
    return <Navigate to="/" />;
  }
  const { t } = useTranslation();
  const navigate = useNavigate();
  const [loading, setLoading] = useState(false);
  const handleRedirect = () => {
    setLoading(true);
    navigate("/login");
  };
  if (!username && !ip) {
    return <Navigate to="/" />;
  }
  let i18nKey = "unauthorizedLoginSubtitle";
  if (resource) {
--- a/frontend/src/schemas/app-context-schema.ts
+++ b/frontend/src/schemas/app-context-schema.ts
@@ -1,20 +1,14 @@
 import { z } from "zod";
 export const providerSchema = z.object({
  id: z.string(),
  name: z.string(),
  oauth: z.boolean(),
 });
 export const appContextSchema = z.object({
-  providers: z.array(providerSchema),
+  configuredProviders: z.array(z.string()),
  disableContinue: z.boolean(),
  title: z.string(),
-  appUrl: z.string(),
+  genericName: z.string(),
-  cookieDomain: z.string(),
+  domain: z.string(),
  forgotPasswordMessage: z.string(),
  oauthAutoRedirect: z.enum(["none", "github", "google", "generic"]),
  backgroundImage: z.string(),
  oauthAutoRedirect: z.string(),
  disableUiWarnings: z.boolean(),
 });
 export type AppContextSchema = z.infer<typeof appContextSchema>;
--- a/frontend/src/schemas/oidc-schemas.ts
+++ b/frontend/src/schemas/oidc-schemas.ts
@@ -1,5 +0,0 @@
 import { z } from "zod";
 export const getOidcClientInfoSchema = z.object({
  name: z.string(),
 });
--- a/frontend/src/schemas/user-context-schema.ts
+++ b/frontend/src/schemas/user-context-schema.ts
@@ -8,7 +8,6 @@ export const userContextSchema = z.object({
  provider: z.string(),
  oauth: z.boolean(),
  totpPending: z.boolean(),
  oauthName: z.string(),
 });
 export type UserContextSchema = z.infer<typeof userContextSchema>;
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -2,43 +2,15 @@ import { defineConfig } from "vite";
 import react from "@vitejs/plugin-react";
 import path from "path";
 import tailwindcss from "@tailwindcss/vite";
 import { visualizer } from "rollup-plugin-visualizer";
 // https://vite.dev/config/
 export default defineConfig({
-  plugins: [react(), tailwindcss(), visualizer()],
+  plugins: [react(), tailwindcss()],
  resolve: {
    alias: {
      "@": path.resolve(__dirname, "./src"),
    },
  },
  build: {
    rollupOptions: {
      output: {
        manualChunks(id) {
          if (id.includes("node_modules")) {
            if (id.includes("/react")) {
              return "vendor-react";
            }
            if (id.includes("/@radix-ui")) {
              return "vendor-radix";
            }
            if (id.includes("/i18next")) {
              return "vendor-i18next";
            }
            if (id.includes("/zod")) {
              return "vendor-zod";
            }
            return "vendor";
          }
        },
      },
    },
  },
  server: {
    host: "0.0.0.0",
    proxy: {
@@ -52,11 +24,6 @@ export default defineConfig({
        changeOrigin: true,
        rewrite: (path) => path.replace(/^\/resources/, ""),
      },
      "/.well-known": {
        target: "http://tinyauth-backend:3000/.well-known",
        changeOrigin: true,
        rewrite: (path) => path.replace(/^\/\.well-known/, ""),
      },
    },
    allowedHosts: true,
  },
--- a/gen/gen.go
+++ b/gen/gen.go
@@ -1,38 +0,0 @@
 package main
 import (
 	"log/slog"
 	"reflect"
 )
 func main() {
 	slog.Info("generating example env file")
 	generateExampleEnv()
 	slog.Info("generating config reference markdown file")
 	generateMarkdown()
 }
 func walkAndBuild[T any](parent reflect.Type, parentValue reflect.Value,
 	parentPath string, entries *[]T,
 	buildEntry func(child reflect.StructField, childValue reflect.Value, parentPath string, entries *[]T),
 	buildMap func(child reflect.StructField, parentPath string, entries *[]T),
 	buildChildPath func(parentPath string, childName string) string,
 ) {
 	for i := 0; i < parent.NumField(); i++ {
 		field := parent.Field(i)
 		fieldType := field.Type
 		fieldValue := parentValue.Field(i)
 		switch fieldType.Kind() {
 		case reflect.Struct:
 			childPath := buildChildPath(parentPath, field.Name)
 			walkAndBuild[T](fieldType, fieldValue, childPath, entries, buildEntry, buildMap, buildChildPath)
 		case reflect.Map:
 			buildMap(field, parentPath, entries)
 		case reflect.Bool, reflect.String, reflect.Slice, reflect.Int:
 			buildEntry(field, fieldValue, parentPath, entries)
 		default:
 			slog.Info("unknown type", "type", fieldType.Kind())
 		}
 	}
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Stavros	32c7e8e045	fix: coderabbit suggestions	2025-08-27 14:04:33 +03:00
Stavros	dc733a71c1	Merge branch 'main' into feat/sqlite	2025-08-27 11:52:51 +03:00
Stavros	3bc3cb9641	refactor: use db instance instead of service in auth service	2025-08-27 11:51:25 +03:00
Stavros	7050e68c7c	feat: add sqlite database for storing sessions	2025-08-26 18:00:43 +03:00