Bump version

Merge branch 'release_mob_jun_25' of https://github.com/ente-io/auth into release_mob_jun_25
Merge branch 'main' of https://github.com/ente-io/auth into release_mob_jun_25
2025-07-02 14:14:58 +05:30 · 2025-07-02 14:14:00 +05:30 · 2025-07-02 14:13:50 +05:30 · 2025-07-02 14:13:00 +05:30 · 2025-07-02 13:56:41 +05:30 · 2025-07-02 13:41:09 +05:30
872 changed files with 49985 additions and 30321 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -1,24 +1,21 @@
 name: Report a bug
-description: Let us know if something's not working the way you expected.
+description: For regressions only (things that were working earlier)
 labels: []
 body:
    - type: markdown
      attributes:
          value: |
-              Before opening a new bug report, please ensure
-              1. you are on the latest version (it might've already been fixed),
-              2. you've searched for existing issues (please add your observations as a comment there instead of creating a duplicate).
-
-              If you are self hosting, please create a community [Q&A](https://github.com/ente-io/ente/discussions/categories/q-a) instead.
+              Before opening a new issue, **please** ensure
+              1. You are on the latest version,
+              2. You've searched for existing issues,
+              3. It was working earlier (otherwise use [this](https://github.com/ente-io/ente/discussions/categories/enhancements))
+              4. It is not about self hosting (otherwise use [this](https://github.com/ente-io/ente/discussions/categories/q-a))
    - type: textarea
      attributes:
          label: Description
          description: >
-              Please describe the bug. If possible, also include the steps to
-              reproduce the behaviour, and the expected behaviour (sometimes
-              bugs are just expectation mismatches, in which case this would be
-              a good fit for [feature
-              requests](https://github.com/ente-io/ente/discussions/categories/feature-requests)).
+              Describe the bug and steps to reproduce the behaviour, and how it
+              differs from the previously working behaviour.
      validations:
          required: true
    - type: input
@@ -30,15 +27,12 @@ body:
      attributes:
          label: Last working version
          description: >
-              The version where the feature was last known to be working. It is
-              fine if you don't remember the exact version (mention roughly
-              then), but if there just isn't a last known working version, then
-              it is likely that what is being reported is not an issue but a
-              feature request. The difference between the two categories is not
-              just semantic - feature requests use GitHub discussions and so can
-              be [upvoted by the
-              community](https://github.com/ente-io/ente/discussions/categories/feature-requests)
-              (issues can't be).
+              The version where things were last known to be working. It is fine
+              if you don't remember the exact version (mention roughly then),
+              but **if there just isn't a last working version, then please file
+              it as an
+              [enhancement](https://github.com/ente-io/ente/discussions/categories/enhancements))**
+              (where the community upvotes can be used to help prioritize).
          placeholder: e.g. v1.2.3
    - type: dropdown
      attributes:
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
-    - name: Feature requests and questions
+    - name: Enhacements, feature requests, feedback and questions
      url: https://github.com/ente-io/ente/discussions
      about: Please use Discussions for everything apart from the above.
--- a/.github/workflows/auth-release.yml
+++ b/.github/workflows/auth-release.yml
@@ -141,6 +141,7 @@ jobs:

    build-windows:
        runs-on: windows-latest
+        environment: "auth-win-build"

        defaults:
            run:
@@ -174,14 +175,22 @@ jobs:
            - name: Retain Windows EXE and DLLs
              run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows

-            - name: Code sign Windows installer and EXE
-              uses: dlemstra/code-sign-action@v1
+            - name: Sign files with Trusted Signing
+              uses: azure/trusted-signing-action@v0
              with:
-                  certificate: "${{ secrets.WINDOWS_CERTIFICATE }}"
-                  password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}"
-                  files: |
-                      auth/artifacts/ente-${{ github.ref_name }}-installer.exe
-                      auth/ente-${{ github.ref_name }}-windows/auth.exe
+                azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+                azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+                endpoint: ${{ secrets.AZURE_ENDPOINT }}
+                trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+                certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+                files: |
+                      ${{ github.workspace }}/auth/artifacts/ente-${{ github.ref_name }}-installer.exe
+                      ${{ github.workspace }}/auth/ente-${{ github.ref_name }}-windows/auth.exe
+                file-digest: SHA256
+                timestamp-rfc3161: http://timestamp.acs.microsoft.com
+                timestamp-digest: SHA256  
+

            - name: Zip Windows EXE and DLLs
              run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows
--- a/.github/workflows/auth-win-sign.yml
+++ b/.github/workflows/auth-win-sign.yml
@@ -0,0 +1,70 @@
+name: "Windows build & Sign (auth)"
+
+
+on:
+    workflow_dispatch: # Allow manually running the action
+
+env:
+    FLUTTER_VERSION: "3.24.3"
+
+permissions:
+    contents: write
+
+jobs:
+    build-windows:
+        runs-on: windows-latest
+        environment: "auth-win-build"
+
+        defaults:
+            run:
+                working-directory: auth
+
+        steps:
+            - name: Checkout code and submodules
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
+              uses: subosito/flutter-action@v2
+              with:
+                  channel: "stable"
+                  flutter-version: ${{ env.FLUTTER_VERSION  }}
+                  cache: true
+
+            - name: Create artifacts directory
+              run: mkdir artifacts
+
+            - name: Build Windows installer
+              run: |
+                  flutter config --enable-windows-desktop
+                  # dart pub global activate flutter_distributor
+                  dart pub global activate --source git https://github.com/ente-io/flutter_distributor_fork --git-ref develop --git-path packages/flutter_distributor
+                  make innoinstall
+                  flutter_distributor package --platform=windows --targets=exe --skip-clean
+                  mv dist/**/*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
+
+            - name: Retain Windows EXE and DLLs
+              run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows
+
+            - name: Sign files with Trusted Signing
+              uses: azure/trusted-signing-action@v0
+              with:
+                azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+                azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+                endpoint: ${{ secrets.AZURE_ENDPOINT }}
+                trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+                certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+                files: |
+                      ${{ github.workspace }}/auth/artifacts/ente-${{ github.ref_name }}-installer.exe
+                      ${{ github.workspace }}/auth/ente-${{ github.ref_name }}-windows/auth.exe
+                file-digest: SHA256
+                timestamp-rfc3161: http://timestamp.acs.microsoft.com
+                timestamp-digest: SHA256  
+
+            - name: Zip Windows EXE and DLLs
+              run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows
+
+            - name: Generate checksums
+              run: sha256sum artifacts/ente-* > artifacts/sha256sum-windows
--- a/.github/workflows/docs-lint.yml
+++ b/.github/workflows/docs-lint.yml
@@ -0,0 +1,32 @@
+name: "Lint (docs)"
+
+on:
+    # Run on every pull request (open or push to it) that changes docs/
+    pull_request:
+        paths:
+            - "docs/**"
+            - ".github/workflows/docs-lint.yml"
+
+permissions:
+    contents: read
+
+jobs:
+    lint:
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: docs
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 22
+                  cache: "yarn"
+                  cache-dependency-path: "web/yarn.lock"
+
+            - run: yarn install
+
+            - run: yarn pretty:check
--- a/.github/workflows/mobile-internal-release.yml
+++ b/.github/workflows/mobile-internal-release.yml
@@ -63,6 +63,6 @@ jobs:
              with:
                  webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }}
                  nodetail: true
-                  title: "🏆 Internal release available for Photos"
+                  title: "🏆 Internal release Photos (Branch: ${{ github.ref_name }})"
                  description: "[Download](https://play.google.com/store/apps/details?id=io.ente.photos)"
                  color: 0x00ff00
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -23,7 +23,7 @@ Just hang around, enjoy the vibe. Answer someone's query on our
 [Discord](https://discord.gg/z2YVKkycX3), or pile on in the sporadic #off-topic
 rants there. Chuckle (or wince!) at our [Twitter](https://twitter.com/enteio)
 memes. Suggest a new feature in our [Github
-Discussions](https://github.com/ente-io/ente/discussions/new?category=feature-requests),
+Discussions](https://github.com/ente-io/ente/discussions/new?category=enhancements),
 or upvote the existing ones that you feel we should focus on first. Provide your
 opinion on existing threads.

@@ -68,8 +68,8 @@ best to start small. Consider some well-scoped changes, say like adding more
 Each of the individual product/platform specific directories in this repository
 have instructions on setting up a dev environment.

-For anything beyond trivial bug fixes, please use [features requests and
-discussions](https://github.com/ente-io/ente/discussions) instead of performing
+For anything beyond trivial bug fixes, please use
+[discussions](https://github.com/ente-io/ente/discussions) instead of performing
 code changes directly.

 > [!TIP]
--- a/auth/assets/custom-icons/_data/custom-icons.json
+++ b/auth/assets/custom-icons/_data/custom-icons.json
@@ -39,10 +39,23 @@
      "title": "Ankama",
      "slug": "ankama"
    },
+    {
+      "title": "Ankara University",
+      "slug": "ankara_university",
+      "altNames": [
+        "Ankara Üniversitesi"
+      ]
+    },
    {
      "title": "Anycoin Direct",
      "slug": "anycoindirect"
    },
+    {
+      "title": "AR24",
+      "altNames": [
+        "Docaposte AR24"
+      ]
+    },
    {
      "title": "Aruba",
      "slug": "aruba",
@@ -194,7 +207,9 @@
    {
      "title": "bonify",
      "slug": "bonify",
-      "altNames": ["bonify.de"]
+      "altNames": [
+        "bonify.de"
+      ]
    },
    {
      "title": "Booking",
@@ -298,6 +313,15 @@
    {
      "title": "CSAM"
    },
+    {
+      "title": "CSSBuy",
+      "slug": "cssbuy",
+      "altNames": [
+        "CSS Buy",
+        "CSS-Buy",
+        "cssbuy.com"
+      ]
+    },
    {
      "title": "CSFloat"
    },
@@ -441,6 +465,9 @@
      "title": "Finanzfluss",
      "slug": "finanzfluss"
    },
+    {
+      "title": "Finary"
+    },
    {
      "title": "Firefox",
      "slug": "mozilla"
@@ -455,6 +482,16 @@
      "title": "FreeTaxUSA",
      "slug": "freetaxusa"
    },
+    {
+      "title": "FZJ",
+      "slug": "fzj",
+      "hex": "023d6b",
+      "altNames": [
+        "Forschungszentrum Jülich",
+        "FZJ IdP",
+        "iffLogin"
+      ]
+    },
    {
      "title": "G2A"
    },
@@ -462,6 +499,9 @@
      "title": "Gate.io",
      "slug": "gateio.svg"
    },
+    {
+      "title": "GERID"
+    },
    {
      "title": "GitHub"
    },
@@ -530,6 +570,14 @@
        "Hugging Face"
      ]
    },
+    {
+      "title": "IBKR",
+      "slug": "ibkr",
+      "altNames": [
+        "Interactive Brokers",
+        "IB"
+      ]
+    },
    {
      "title": "IceDrive",
      "slug": "ice_drive"
@@ -651,6 +699,10 @@
        "飞书"
      ]
    },
+    {
+      "title": "LaunchDarkly",
+      "hex": "858585"
+    },
    {
      "title": "Letterboxd"
    },
@@ -716,8 +768,11 @@
      ]
    },
    {
-      "title": "Mercado Livre",
-      "slug": "mercado_livre",
+      "title": "Memed"
+    },
+    {
+      "title": "Mercado Libre",
+      "slug": "mercado_libre",
      "altNames": [
        "Mercado Libre",
        "MercadoLibre",
@@ -743,6 +798,7 @@
    {
      "title": "Mistral",
      "altNames": [
+        "Le Chat",
        "Mistral AI",
        "MistralAI"
      ]
@@ -892,6 +948,10 @@
      "slug": "onshape",
      "hex": "7abb5e"
    },
+    {
+      "title": "Oracle Cloud",
+      "slug": "oracle_cloud"
+    },
    {
      "title": "Parqet",
      "slug": "parqet"
@@ -992,6 +1052,14 @@
        "qiniu"
      ]
    },
+    {
+      "title": "R10.net",
+      "slug": "r10",
+      "altNames": [
+        "R10",
+        "r10.net"
+      ]
+    },
    {
      "title": "Raindrop.io",
      "slug": "raindrop_io",
@@ -1076,6 +1144,16 @@
      "title": "Seafile",
      "slug": "seafile"
    },
+    {
+      "title": "SEI",
+      "altNames": [
+        "sei",
+        "sei!",
+        "SEI!",
+        "Sistema Eletrônico de Informações",
+        "SEI/SEDE"
+      ]
+    },
    {
      "title": "Sendgrid"
    },
@@ -1278,6 +1356,14 @@
      "title": "US Mobile",
      "slug": "us_mobile"
    },
+    {
+      "title": "uollet",
+      "slug": "uollet",
+      "altNames": [
+        "UOLLET",
+        "uollet.com.br"
+      ]
+    },
    {
      "title": "Vikunja"
    },
@@ -1363,6 +1449,37 @@
    },
    {
      "title": "CoinSpot"
+    },
+    {
+      "title": "Aternos",
+      "slug": "aternos"
+    },
+    {
+      "title": "Toshl Finance",
+      "slug": "toshl_finance",
+      "altNames": [
+        "Toshl"
+      ]
+    },
+    {
+      "title": "Tebex",
+      "slug": "tebex",
+      "altNames": [
+        "tebex",
+        "tebex.io",
+        "buycraft"
+      ]
+    },
+    {
+      "title": "xAI",
+      "slug": "xai"
+    },
+    {
+      "title": "Cronometer",
+      "slug": "cronometer"
+    },
+    {
+      "title": "Zitadel"
    }
  ]
-}
+}
--- a/auth/assets/custom-icons/icons/ankara_university.svg
+++ b/auth/assets/custom-icons/icons/ankara_university.svg
--- a/auth/assets/custom-icons/icons/ar24.svg
+++ b/auth/assets/custom-icons/icons/ar24.svg
@@ -0,0 +1,6 @@
+<svg width="500" height="500" viewBox="0 0 500 500" fill="#0000FF" xmlns="http://www.w3.org/2000/svg">
+<path d="M139.63 306.55H125.64C123.41 306.55 121.53 306.5 119.99 306.39C118.45 306.28 117.13 305.99 116.01 305.51C114.9 305.04 113.92 304.32 113.08 303.36C112.22 302.41 111.38 301.09 110.53 299.39L103.85 286.35H35.47L25.29 306.55H0L58.37 194.11H81.26L139.63 306.55ZM93.2 265.36L69.66 218.6L46.12 265.36H93.2Z"/>
+<path d="M265.23 306.55H245.67C241.96 306.55 238.93 306.07 236.6 305.12C234.27 304.16 232.31 302.68 230.72 300.67L206.17 270.76H177.48V306.55H153.95V195.23C156.92 195.12 160.16 195.04 163.66 194.99C167.17 194.93 170.77 194.86 174.5 194.75C178.21 194.64 181.92 194.57 185.64 194.51C189.36 194.46 192.86 194.43 196.15 194.43C209.74 194.43 220.97 195.41 229.84 197.37C238.71 199.34 246 202.91 251.74 208.1C258.11 214.04 261.3 222.1 261.3 232.28C261.3 237.37 260.61 241.85 259.23 245.72C257.84 249.59 255.88 252.96 253.33 255.81C250.78 258.68 247.7 261.09 244.09 263.05C240.49 265.02 236.45 266.63 231.99 267.9L265.23 306.55ZM196.25 250.25C199.75 250.25 203.27 250.22 206.82 250.17C210.38 250.12 213.74 249.88 216.93 249.45C220.1 249.03 223.02 248.36 225.67 247.46C228.32 246.55 230.5 245.24 232.19 243.54C233.67 241.94 234.82 240.29 235.61 238.59C236.4 236.89 236.81 234.7 236.81 232.03C236.81 230.23 236.45 228.47 235.77 226.77C235.08 225.06 234.15 223.62 232.99 222.45C231.4 220.85 229.44 219.6 227.11 218.7C224.77 217.79 222.1 217.12 219.07 216.7C216.05 216.27 212.63 216.03 208.81 215.98C205 215.93 200.81 215.9 196.25 215.9H187.18C183.58 215.9 180.34 215.95 177.48 216.06V250.1C180.34 250.2 183.58 250.25 187.18 250.25H196.25Z"/>
+<path d="M324.59 213.35C318.34 213.35 312.61 215.03 307.41 218.37C302.22 221.7 297.93 225.65 294.54 230.22L276.09 217.97C282.13 210.65 289.36 204.66 297.79 200C306.22 195.33 315.47 193 325.55 193C332.33 193 338.53 193.87 344.15 195.62C349.77 197.37 354.59 199.84 358.63 203.02C362.65 206.2 365.78 210.07 368.01 214.63C370.23 219.19 371.35 224.27 371.35 229.89C371.35 235.2 370.36 239.86 368.4 243.89C366.44 247.92 363.85 251.6 360.61 254.94C357.38 258.28 353.69 261.38 349.56 264.25C345.42 267.11 341.18 269.97 336.84 272.84L317.27 285.72H370.87V306.55H279.42V286.04L318.39 260.27C322.2 257.73 325.86 255.32 329.36 253.03C332.86 250.76 335.93 248.42 338.58 246.04C341.24 243.65 343.35 241.13 344.95 238.48C346.54 235.83 347.33 232.91 347.33 229.74C347.33 227.41 346.72 225.23 345.5 223.22C344.28 221.2 342.64 219.45 340.57 217.97C338.51 216.49 336.09 215.35 333.34 214.55C330.58 213.75 327.66 213.35 324.59 213.35Z"/>
+<path d="M457.22 306.55V283.49H388.84V259.95L455.47 195.23H480.12V263.77H500V283.49H480.12V306.55L457.22 306.55ZM413.17 263.77H457.22V220.35L413.17 263.77Z"/>
+</svg>
--- a/auth/assets/custom-icons/icons/aternos.svg
+++ b/auth/assets/custom-icons/icons/aternos.svg
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" image-rendering="optimizeQuality" fill-rule="evenodd" xml:space="preserve"
+ xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300mm" height="300mm" viewBox="0 0 16000 16000" preserveAspectRatio="xMidYMid meet">
+<g>
+ <path fill="#2b87d3" d="M0 8000 l0 -8000 8000 0 8000 0 0 8000 0 8000 -8000 0 -8000 0 0 -8000z m13990 0 l0 -5990 -5990 0 -5990 0 0 5990 0 5990 5990 0 5990 0 0 -5990z"/>
+ <path fill="#2b87d3" d="M2995 12998 c-3 -7 -4 -911 -3 -2008 l3 -1995 1005 0 1005 0 3 997 2 998 998 2 997 3 0 1005 0 1005 -2003 3 c-1597 2 -2004 0 -2007 -10z"/>
+ <path fill="#2b87d3" d="M8995 12998 c-3 -7 -4 -461 -3 -1008 l3 -995 997 -3 998 -2 2 -998 3 -997 1005 0 1005 0 0 2005 0 2005 -2003 3 c-1597 2 -2004 0 -2007 -10z"/>
+ <path fill="#2b87d3" d="M5995 9998 c-3 -7 -4 -911 -3 -2008 l3 -1995 2005 0 2005 0 0 2005 0 2005 -2003 3 c-1597 2 -2004 0 -2007 -10z"/>
+ <path fill="#2b87d3" d="M2995 6998 c-3 -7 -4 -911 -3 -2008 l3 -1995 2005 0 2005 0 0 1005 0 1005 -997 3 -998 2 -2 998 -3 997 -1003 3 c-797 2 -1004 0 -1007 -10z"/>
+ <path fill="#2b87d3" d="M10997 7003 c-4 -3 -7 -453 -7 -1000 l0 -993 -997 -2 -998 -3 0 -1005 0 -1005 2005 0 2005 0 0 2005 0 2005 -1001 3 c-550 1 -1004 -1 -1007 -5z"/>
+ </g>
+</svg>
--- a/auth/assets/custom-icons/icons/cronometer.svg
+++ b/auth/assets/custom-icons/icons/cronometer.svg
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   width="107.51429"
+   height="102.75398"
+   viewBox="0 0 107.51429 102.75398"
+   fill="none"
+   version="1.1"
+   id="svg12"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs12" />
+  <g
+     id="g12"
+     transform="translate(34.950067,-215.99315)">
+    <path
+       d="m 57.85843,271.77769 c -0.774,-0.1257 -1.5665,0.0595 -2.2048,0.5152 -0.6382,0.4557 -1.0704,1.145 -1.2028,1.9179 -0.1447,0.8786 -0.3109,1.7775 -0.496,2.6697 -1.7799,8.5172 -5.1174,16.6325 -9.8446,23.9376 -5.0162,7.5169 -10.8489,12.0047 -15.6015,12.0047 -2.2725,0.0492 -4.5367,-0.2938 -6.6926,-1.0138 -5.6912,-1.775 -11.7884,-1.7717 -17.4777,0.009 -2.1479,0.7139 -4.4023,1.0536 -6.6652,1.0044 -4.7486,0 -10.58,-4.4851 -15.5963,-11.9979 -4.727,-7.3046 -8.0652,-15.4188 -9.84715,-23.935 -1.97756,-9.485 -1.60717,-17.8346 1.06924,-24.1485 1.09829,-2.7795 2.74951,-5.307 4.85381,-7.4292 2.1042,-2.1223 4.6176,-3.7952 7.3876,-4.9171 2.77,-1.122 5.7387,-1.6698 8.7268,-1.6101 2.988,0.0597 5.9328,0.7255 8.6558,1.9572 l 0.1663,0.0635 c 3.1372,1.3741 6.5201,2.0997 9.9449,2.1331 h 0.127 c 3.4272,-0.0346 6.8117,-0.763 9.9498,-2.1412 l 0.1502,-0.0581 c 2.981,-1.3116 6.2053,-1.979 9.462,-1.9586 1.8593,0.0219 3.7051,0.317 5.4785,0.8759 1.02,0.3144 2.0172,0.6982 2.9846,1.1489 0.7121,0.333 1.5269,0.3705 2.2665,0.1042 0.7397,-0.2662 1.3439,-0.8144 1.6805,-1.5248 0.1645,-0.3511 0.2583,-0.7312 0.2755,-1.1185 0.0172,-0.3873 -0.0421,-0.7742 -0.1749,-1.1385 -0.1328,-0.3643 -0.3362,-0.6987 -0.5986,-0.9841 -0.2625,-0.2854 -0.5788,-0.5161 -0.9307,-0.6789 -1.2159,-0.5667 -2.4693,-1.0495 -3.7512,-1.445 -2.3402,-0.7366 -4.7769,-1.1202 -7.2302,-1.1381 -3.9898,-0.0245 -7.9413,0.7777 -11.6058,2.356 l -0.1514,0.0581 c -1.5551,0.6563 -3.1723,1.1544 -4.8271,1.4869 -0.2018,-1.6639 -0.5606,-3.305 -1.0719,-4.9013 11.4383,-2.0749 11.0342,-15.88816 11.0342,-15.88816 -9.3133,1.40309 -13.3294,4.93919 -14.9623,8.33877 -1.5519,-2.01717 -3.4478,-3.74459 -5.6002,-5.10275 -0.3906,-0.24958 -0.8265,-0.41979 -1.2828,-0.50093 -0.4563,-0.0811 -0.9238,-0.0716 -1.3765,0.0281 -0.4526,0.0997 -0.8812,0.28749 -1.2613,0.55278 -0.38,0.26529 -0.7041,0.60283 -0.9537,0.99335 -0.2496,0.39052 -0.4198,0.82638 -0.5009,1.28269 -0.0812,0.45631 -0.0717,0.92412 0.028,1.37675 0.0997,0.45262 0.2875,0.88118 0.5528,1.2612 0.2653,0.38003 0.6028,0.70409 0.9933,0.95367 1.9269,1.29176 3.5632,2.97116 4.8046,4.93076 1.2415,1.9597 2.0607,4.1567 2.4055,6.4507 -1.2634,-0.3369 -2.5038,-0.7536 -3.7143,-1.2476 l -0.1759,-0.0676 c -3.6617,-1.5742 -7.6092,-2.3745 -11.5949,-2.3506 -9.0309,0 -20.73562,6.0327 -25.63155,17.5723 -3.97541,9.3756 -2.962867,20.2042 -1.41244,27.6387 1.94038,9.2532 5.57254,18.0686 10.71379,26.003 6.3017,9.4378 13.5982,14.6369 20.5461,14.6369 2.8438,0.049 5.6759,-0.375 8.3806,-1.255 4.5889,-1.454 9.515,-1.454 14.1039,0 2.6964,0.878 5.5198,1.3 8.3549,1.251 6.8478,0 14.3376,-5.3384 20.5461,-14.645 5.1404,-7.9344 8.7713,-16.75 10.7098,-26.0031 0.2041,-0.9746 0.3851,-1.9559 0.5406,-2.917 0.062,-0.3835 0.0481,-0.7755 -0.0416,-1.1535 -0.0897,-0.3779 -0.2534,-0.7345 -0.4812,-1.0492 -0.2278,-0.3147 -0.5154,-0.5813 -0.8464,-0.7846 -0.3311,-0.2033 -0.6991,-0.3393 -1.0828,-0.4001"
+       fill="#ff6733"
+       id="path11" />
+    <path
+       d="m 71.33493,256.39499 v 0.0121 l -8.2649,-5.8475 -0.4271,-0.2298 0.0512,-0.5177 0.2393,-10.0798 h 0.0095 c 0.0046,-0.5208 -0.1263,-1.0339 -0.3802,-1.4887 -0.2538,-0.4548 -0.6219,-0.8357 -1.0675,-1.1053 -0.4471,-0.2723 -0.9569,-0.4242 -1.4801,-0.441 -0.5233,-0.0169 -1.0422,0.102 -1.5059,0.3451 l -8.7538,4.3593 c -1.2619,0.6789 -2.3372,1.6578 -3.1318,2.8502 -0.7946,1.1925 -1.2839,2.5621 -1.4247,3.9881 l -0.7408,7.7913 -6.3059,3.3658 c -2.4638,-3.7027 -5.7171,-6.8136 -9.5264,-9.1092 -3.8093,-2.2956 -8.0799,-3.7189 -12.5047,-4.1675 -4.4249,-0.4486 -8.894,0.0886 -13.0866,1.573 -4.1925,1.4843 -8.0041,3.879 -11.1609,7.0119 -2.7859,2.7623 -4.9974,6.0489 -6.5065,9.6702 -1.509,3.6213 -2.286,7.5057 -2.286,11.4288 0,3.9232 0.777,7.8075 2.286,11.4288 1.5091,3.6214 3.7206,6.908 6.5065,9.6702 4.197,4.1711 9.5317,7.0104 15.3356,8.1623 5.8039,1.1518 11.8188,0.5648 17.2905,-1.6873 5.4718,-2.2522 10.157,-6.0694 13.4684,-10.9731 3.3114,-4.9037 5.1017,-10.6758 5.1465,-16.5928 0.0013,-3.8327 -0.7435,-7.6291 -2.1926,-11.1774 l 6.2181,-3.3117 -0.0109,0.0311 6.7206,4.0741 c 1.2315,0.7427 2.6257,1.1736 4.0615,1.2554 1.4357,0.0817 2.8695,-0.1882 4.1772,-0.7863 l 8.7534,-4.3593 c 0.472,-0.2216 0.877,-0.5622 1.177,-0.9882 0.3,-0.426 0.483,-0.9228 0.532,-1.4413 0.049,-0.5185 -0.038,-1.0409 -0.252,-1.5156 -0.214,-0.4747 -0.548,-0.8853 -0.97,-1.1915 m -34.1485,19.4107 c -0.0347,4.7475 -1.47,9.3791 -4.1262,13.3141 -2.6561,3.9351 -6.4148,6.9984 -10.8048,8.806 -4.39,1.8076 -9.2158,2.2789 -13.8727,1.355 -4.6568,-0.924 -8.9373,-3.2021 -12.3047,-6.5488 -2.2347,-2.2161 -4.0086,-4.8527 -5.2191,-7.7579 -1.2105,-2.9051 -1.8335,-6.0211 -1.8335,-9.1684 0,-3.1472 0.623,-6.2632 1.8335,-9.1684 1.2105,-2.9051 2.9844,-5.5417 5.2191,-7.7578 2.5007,-2.4815 5.514,-4.3861 8.8284,-5.5801 3.3145,-1.194 6.85,-1.6486 10.3587,-1.3319 3.5087,0.3167 6.9057,1.397 9.9528,3.1652 3.0471,1.7682 5.6703,4.1815 7.6862,7.0707 l -8.1614,4.3552 c -1.3138,-1.6306 -2.9557,-2.9671 -4.8188,-3.9229 -1.8632,-0.9559 -3.9062,-1.5098 -5.997,-1.6259 -2.0908,-0.1161 -4.1826,0.2082 -6.1401,0.952 -1.9576,0.7437 -3.7372,1.8903 -5.2234,3.3654 -1.3826,1.3719 -2.4797,3.0038 -3.2285,4.8018 -0.7489,1.798 -1.1343,3.7264 -1.1343,5.674 0,1.9477 0.3854,3.8761 1.1343,5.6741 0.7488,1.7979 1.8459,3.4299 3.2285,4.8018 2.317,2.3457 5.3482,3.8548 8.6165,4.2898 3.2684,0.4351 6.5886,-0.2286 9.4386,-1.8865 2.85,-1.6579 5.0682,-4.2161 6.3055,-7.2723 1.2374,-3.0562 1.4238,-6.437 0.53,-9.6107 l 8.2064,-4.3687 c 1.0104,2.6766 1.5273,5.5142 1.526,8.3752 z m -26.0801,1.2734 c 0.3553,0.6991 0.9725,1.2295 1.7171,1.4759 0.7445,0.2463 1.5564,0.1885 2.2586,-0.1607 l 6.9193,-3.6848 c 0.2696,2.1001 -0.213,4.2278 -1.3623,6.006 -1.1493,1.7782 -2.891,3.0921 -4.9165,3.7087 -2.0255,0.6167 -4.2042,0.4963 -6.1494,-0.3399 -1.9452,-0.8361 -3.5316,-2.334 -4.4779,-4.228 -0.9463,-1.8941 -1.1912,-4.0621 -0.6917,-6.1196 0.4995,-2.0576 1.7111,-3.8718 3.4205,-5.1212 1.7094,-1.2494 3.806,-1.8532 5.9181,-1.7044 2.1121,0.1487 4.1034,1.0405 5.6207,2.5172 l -6.9345,3.6997 c -0.3472,0.1714 -0.6571,0.4099 -0.9118,0.7018 -0.2546,0.2918 -0.449,0.6311 -0.5719,0.9984 -0.1229,0.3673 -0.172,0.7553 -0.1442,1.1416 0.0278,0.3863 0.1317,0.7633 0.3059,1.1093 z m 39.7718,-27.0764 c 0.219,-1.157 0.3879,-2.1708 1.4557,-2.7467 l 4.5109,-2.2438 -0.6085,5.5191 -5.7029,2.8386 z m 8.0467,10.3339 c -0.5151,0.173 -1.0642,0.2192 -1.6009,0.1347 -0.5367,-0.0845 -1.0453,-0.2971 -1.4824,-0.6199 l -2.9222,-1.7424 5.7042,-2.8386 4.8109,2.8224 z"
+       fill="#ff6733"
+       id="path12" />
+  </g>
+</svg>
--- a/auth/assets/custom-icons/icons/cssbuy.svg
+++ b/auth/assets/custom-icons/icons/cssbuy.svg
@@ -0,0 +1,9 @@
+<svg width="145" height="39" viewBox="0 0 145 39" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<rect width="145" height="39" fill="url(#pattern0_2030_2)"/>
+<defs>
+<pattern id="pattern0_2030_2" patternContentUnits="objectBoundingBox" width="1" height="1">
+<use xlink:href="#image0_2030_2" transform="scale(0.00689655 0.025641)"/>
+</pattern>
+<image id="image0_2030_2" width="145" height="39" preserveAspectRatio="none" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJEAAAAnCAMAAAA4lVp5AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAERUExURQAAAGy8Kmy8Kmy9Kmy8Km28KWy9Km2/Lmy8Kmu8Kmu8Kmy8KWy7KGy9Kmu9KWu8Km27K3C/KGy8Kmy8KW29K2y8Kmy8K3C/MGy9Kmy7LGy8KWu8LGy7Kmy9KnDCKWy8KWy7Km28Kmy7Kmy8Kmu5Km29Km26KGq6Kmu8Kmy9Kmu7Kmy8Kmy8Kmy8Kmy8Kmy8Km69KWy9K2u8KoC/IG28Km27Kmy7Kmy5K2y8Km2+LGi3KGq6Kmu8KWy9Kmq8K2y6Kmy7Kmy8Kn7ERazZh9ruyv///+Py177ioYjJUpHNX+335LXdlHXAN9HqvKPVecjmr5rRbfb78qPVerbeldvuyuTz2O335cjmsK3ZiNHqvb/iok0+o7UAAABBdFJOUwD359fHm1UcxmbMv0B/cN+PIKOgj9CQEMBA8EyA1BlQkrDb4DdgPzCkyE/v7c+2r12QnwjDMeJC9VIgYFiXSGh4PBaO/QAAAAFiS0dERY6zqFcAAAAHdElNRQfpBR8TLQ+T8HIEAAAAAW9yTlQBz6J3mgAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyNS0wNS0zMVQxOTo0NToxNSswMDowMFaVqvwAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjUtMDUtMzFUMTk6NDU6MTUrMDA6MDAnyBJAAAAAKHRFWHRkYXRlOnRpbWVzdGFtcAAyMDI1LTA1LTMxVDE5OjQ1OjE1KzAwOjAwcN0znwAAAFplWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAAITAAMAAAABAAEAAAAAAAAAAABIAAAAAQAAAEgAAAABH1L3NAAABF9JREFUWMPNV3lf2kAQpbWXUlFKOUJpFSnQ1tqD3tYeGxIgEJRww/f/IN3ZczYE/QlqnT8kzmY3L++9md3EyEpx5+7GvfsPHsauI1ZDJOLR5m1DRMjW1WNaExEh8ce3DREh2xHLJuTgTnw3eeOIyJPFZVMXQb5eROTpwrJpYzyzFiK77jhuw2m2UM5rOm3H6dgq4de7NNM9XcZCluZyFo1EJg/jlxEujOfMleFIAL4jU02R6QUi0Za4n5mrWjSVEOCArsLKiPouioA/zm/o1Fn4LnEPef7CWLVAU5a43gO+VkU0cI0IfEgyhoLhkKX6oCG7Gg3HjCUxdd9YtUgzhoIrIuLvPun5xO4zXSY02YKLKQg6ohdDejEDPMDNFIZ6fO6BsWqJkDRGdBlrYw8BisAT5oHnuzbnbcjHIUN/4YffNaFXAzH7JVo0iUGU6T9l7q5KRVq8WqlUeKaip0EyixHB+q4qsZYQaaafOpsNemJAOHw4mUr/43LbUyAoRTuE5Dkgmt0T2RxXsojrEMZLGJHvojeG54/mAG8OZYe19TVHOF6FjF0VgOIKRwI9XtRfWdckkxrKwXQR97IRzCxdG2WYuKfh+14jRJQBUoF4s3uo6SpKsqg+AibIW0SvkTF8NBNWDoXPe8+ZZoVXZLtuon+7rIBLluZAPr0s6UqrokxyzfDkoSjucMjuo3jipl/gCTkUp4+kUFmiO2VK0pUhsnHl5JUphkeiIAVmNyT+zGiYC4jK5vyytrukKy3pqgqp2BxengdqorsMEfEHHFOg3OTxfunOIxHBi2f5Awt5haOgssrYNOj4ERBI/Zbno+8MRD0SHf507Jo281ivcO0oRJSBEi7puJQljZKW0g8cBT+iM+wbPkLv3AG+Wp1uY6DNQ7eMetMJkL+mUYiItjD3h2QjJXIJTRdvXRaa8kCtODeqvwfVxMpqrhLQGOGvuGlk9q8YpkVv9tK74BjZeoqaxCzDUlKa8YzQAXu1FbDNo6f3UoFoqIlpLEGUQBbWNVRG2ZKmC8YPC1ozGu/VkiNd452A7yi+RglHgJlg0lNv0ItAlML/gGVJyNiYLnki1zLHPqglW+IU5ogDEVDB/Ntudjptsc3ZvDd16uxoN46qNbzxM3hFiaiqRNMkJtlkpRnER7WmcV7j/vHHKMNKbYrvaUUgAh9ITbI1Ip9eIOoIYNYBbGdIMxqfPqtF1WmVKiP0kA0aAPkh3IHRLLCxa2xT266BZAIepA+rUiZNIrN+MWbEl6+67ww4gNFAb1p9npqp7mlPGHHjgbmxyeUKxIwU5mLniCf1oZL1xvCXwbfvaAHf87zwCaDlhZo5vckO3aMQ5YxsSelRzUuIOYyoiG2u4scOWT/kYnmVSedS2B9J9lmZ3othRMu+C45rV4fovLCskD6RmvH4uXUTiBYiWjMRm2tiWgXQRd9yJ782bhbROZqpOP598ufv9kqxAqLMeZr9j7DI5b52rz3gS05udbc5/gHZ/BLSJh/eDgAAAABJRU5ErkJggg=="/>
+</defs>
+</svg>
--- a/auth/assets/custom-icons/icons/finary.svg
+++ b/auth/assets/custom-icons/icons/finary.svg
@@ -0,0 +1,3 @@
+<svg width="500" height="500" viewBox="0 0 500 500" fill="#F1C086" xmlns="http://www.w3.org/2000/svg">
+<path d="M166.67 62C74.62 62 0 136.62 0 228.67H333.33C425.38 228.67 500 154.05 500 62H166.67ZM166.67 270.33C74.62 270.33 0 344.95 0 437H154.76C246.81 437 321.43 362.38 321.43 270.33H166.67Z"/>
+</svg>
--- a/auth/assets/custom-icons/icons/fzj.svg
+++ b/auth/assets/custom-icons/icons/fzj.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg width="21.087mm" height="21.735mm" version="1.1" viewBox="0 0 21.087 21.735" xmlns="http://www.w3.org/2000/svg">
+ <g transform="translate(34.396 -25.136)">
+  <path d="m-26.575 34.404 3.5438-9.2136c-0.38165-0.0363-0.76329-0.0545-1.1631-0.0545-1.9082 0-3.7983 0.49067-5.452 1.4538-1.6538 0.96316-3.035 2.3261-3.9982 3.998-0.09087 0.14538-0.16356 0.30893-0.25443 0.47249v0.0545l-0.14538 0.39981c-1.0904 2.7804 0.56337 4.834 2.1626 5.4337 0.45433 0.16355 0.92685 0.25441 1.3994 0.25441 0.72694 0 1.4175-0.18172 2.0536-0.54517 0.6179-0.36347 1.1449-0.8723 1.5084-1.4902 0.14539-0.23624 0.25443-0.49067 0.34529-0.76326m6.4334 2.3625c-2.1081 5.5246-7.2149 7.5962-11.885 6.7966 0.70877 0.72692 1.5084 1.3448 2.3807 1.8536 1.6538 0.96316 3.5257 1.4538 5.452 1.4538 1.9082 0 3.7619-0.49067 5.4339-1.4538 1.6538-0.96316 3.035-2.3261 3.9982-3.9798 0.94502-1.6537 1.4539-3.5437 1.4539-5.4337 0-1.9082-0.50886-3.8163-1.4539-5.4518-0.5452-0.94499-1.1994-1.7628-1.9809-2.4897l-3.3984 8.7048" fill="#023d6b" fill-rule="evenodd" stroke-width=".26458"/>
+ </g>
+</svg>
--- a/auth/assets/custom-icons/icons/gerid.svg
+++ b/auth/assets/custom-icons/icons/gerid.svg
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generator: https://ezgif.com/png-to-svg -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="195" height="195">
+<path d="M0,0 L44,0 L70,2 L94,6 L98,8 L98,39 L95,75 L91,98 L85,114 L76,131 L65,145 L58,153 L55,154 L55,144 L51,131 L42,121 L38,118 L38,98 L34,98 L33,29 L28,27 L26,26 L26,89 L22,89 L22,25 L20,25 L20,89 L13,89 L12,29 L11,30 L11,98 L6,98 L6,118 L-3,125 L-9,135 L-11,143 L-11,154 L-15,152 L-25,141 L-35,126 L-43,110 L-48,95 L-52,69 L-54,44 L-55,8 L-50,6 L-26,2 Z " fill="#046097" transform="translate(75,8)"/>
+<path d="M0,0 L44,0 L70,2 L94,6 L98,8 L98,39 L95,75 L91,98 L85,114 L76,131 L65,145 L58,153 L55,154 L55,144 L51,131 L42,121 L38,118 L38,98 L34,98 L33,29 L28,27 L26,26 L26,89 L22,89 L22,25 L20,24 L22,24 L22,1 L0,1 Z " fill="#0495C0" transform="translate(75,8)"/>
+<path d="M0,0 L8,0 L13,3 L15,7 L15,15 L6,21 L0,20 L-7,16 L-8,10 L-5,3 Z " fill="#0A669B" transform="translate(93,165)"/>
+<path d="M0,0 L6,1 L10,5 L11,7 L11,15 L2,21 L-2,20 L0,20 Z " fill="#0D99C1" transform="translate(97,165)"/>
+</svg>
--- a/auth/assets/custom-icons/icons/ibkr.svg
+++ b/auth/assets/custom-icons/icons/ibkr.svg
@@ -0,0 +1,12 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="775" height="1511" version="1.2">
+    <defs>
+        <linearGradient id="a" x1="667.4" x2="-.7" y1="1142.8" y2="1142.8"
+            gradientUnits="userSpaceOnUse">
+            <stop offset="0" stop-color="#d81222" />
+            <stop offset="1" stop-color="#960b1a" />
+        </linearGradient>
+    </defs>
+    <path d="M.3 1510.2V775.3l668 734.9z" style="fill:url(#a)" />
+    <path fill="#d81222"
+        d="M574.2 1154.6c-110.5 0-199.9-89.5-199.9-200.2 0-110.8 89.4-200.3 199.9-200.3 110.6 0 200 89.5 200 200.3 0 110.7-89.4 200.2-200 200.2M668.3.4.3 1510.2V775.3z" />
+</svg>
--- a/auth/assets/custom-icons/icons/launchdarkly.svg
+++ b/auth/assets/custom-icons/icons/launchdarkly.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 216 214.94"><path d="M109.8,214.94a4.87,4.87,0,0,1-4.26-2.66,4.5,4.5,0,0,1,.44-4.82l50.49-69.53L68,174.11a4.61,4.61,0,0,1-1.9.41,4.77,4.77,0,0,1-4.52-3.4,4.57,4.57,0,0,1,2-5.21L141.33,120,4.41,112.13a4.69,4.69,0,0,1,0-9.36l137-7.87L63.61,49a4.56,4.56,0,0,1-1.94-5.2,4.74,4.74,0,0,1,4.51-3.4,4.6,4.6,0,0,1,1.9.4L156.5,77,106,7.48a4.56,4.56,0,0,1-.44-4.83A4.84,4.84,0,0,1,109.84,0a4.59,4.59,0,0,1,3.28,1.41L213.77,102.05a7.65,7.65,0,0,1,0,10.8L113.08,213.53A4.59,4.59,0,0,1,109.8,214.94Z"/></svg>
--- a/auth/assets/custom-icons/icons/memed.svg
+++ b/auth/assets/custom-icons/icons/memed.svg
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="129.55565mm"
+   height="129.41467mm"
+   viewBox="0 0 129.55565 129.41467"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:export-filename="memed2.svg"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#ec9000"
+     inkscape:document-units="mm"><inkscape:page
+       x="0"
+       y="0"
+       width="129.55565"
+       height="129.41467"
+       id="page2"
+       margin="0"
+       bleed="0" /></sodipodi:namedview><defs
+     id="defs1" /><g
+     inkscape:label="Camada 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="matrix(1.6834732,0,0,1.6834732,47.649925,-205.86142)"><path
+       style="fill:#f5f2f5;fill-opacity:1;stroke:none;stroke-width:1.64472;stroke-opacity:0.216306"
+       d="m -229.63928,666.3282 c -1.80919,-0.13135 -3.05972,0.10695 -3.33899,-0.0739 -0.8201,-0.53107 -3.56255,-6.29326 -5.5356,-10.78298 -5.66304,-12.88636 -9.6848,-29.27567 -10.13326,-42.53094 -0.19655,-5.80951 0.10184,-7.61979 0.87562,-12.19698 1.5552,-9.19979 3.41577,-14.15687 8.37613,-20.05013 4.44031,-5.2754 13.12164,-10.82873 19.15739,-12.38511 4.40045,-1.1347 11.49057,-1.83141 19.07025,-1.58315 10.46549,0.34277 15.53289,2.0447 23.98486,6.0306 8.4934,4.00545 8.5476,4.69447 17.19355,12.68346 l 9.17947,8.48198 1.73483,-3.36021 c 5.30229,-10.27007 13.54153,-11.35636 20.42059,-15.3818 9.98116,-5.84072 20.33566,-8.65915 31.655487,-8.65915 20.40721,0 35.175223,9.03215 40.949411,24.9899 2.680505,7.40793 3.691311,17.03863 2.871769,25.62379 -1.523031,15.95462 -6.502251,33.73112 -13.14355,45.38711 l -2.092079,3.67176 -9.091661,0.0949 c -10.759893,0.11232 -14.787739,0.55882 -14.782316,-0.39427 0.0037,-0.6492 2.126398,-5.62719 6.614865,-15.48568 6.460624,-14.19017 9.107566,-24.18606 9.458064,-38.19534 0.310181,-12.39792 -0.54619,-15.46077 -5.720525,-20.65311 -4.842652,-4.8595 -9.652569,-6.74545 -17.203292,-6.31247 -6.931853,0.39749 -14.431373,3.39042 -20.210693,8.03964 -8.08359,6.50292 -18.16141,19.27599 -24.59806,30.53119 -6.58062,11.50695 -5.26814,12.2378 -6.49554,11.46026 -0.4565,-0.28918 -3.06129,-4.8228 -4.93182,-8.21504 -8.50061,-15.416 -17.38274,-26.70868 -26.57306,-33.49026 -3.97121,-2.93037 -10.51147,-6.3019 -14.41859,-7.35191 -3.7439,-1.00615 -11.45838,-0.93722 -14.80652,0.0702 -6.9037,2.07788 -11.28665,6.76825 -13.35945,14.26878 -0.92563,3.34947 -1.3257,12.28307 -0.72975,18.04782 1.25223,12.1133 4.66457,22.59592 12.97979,39.84761 2.77157,5.7502 4.31011,7.49886 3.74297,7.73574 -0.79147,0.33057 -9.85373,0.57929 -14.57149,0.23675 z"
+       id="path8"
+       sodipodi:nodetypes="cssssssssscsssssscsssssssssssscsssscc"
+       transform="matrix(0.26458333,0,0,0.26458333,50.096465,-2.4191315)" /><path
+       style="display:inline;fill:#6262f5"
+       d="m 4.4956948,198.76332 c -3.30706,-0.44247 -8.3326,-1.84639 -9.73079,-2.71836 -0.32338,-0.20168 -0.90706,-0.44056 -1.29707,-0.53085 -0.39,-0.0903 -0.87471,-0.32978 -1.07713,-0.5322 -0.20241,-0.20241 -0.9589,-0.66744 -1.68108,-1.0334 -4.5630398,-2.31227 -11.4938598,-9.24939 -13.7898298,-13.80238 -0.3694,-0.73252 -0.7455,-1.39139 -0.83579,-1.46415 -0.0903,-0.0728 -0.29661,-0.42994 -0.4585,-0.79375 -0.16189,-0.3638 -0.55469,-1.22236 -0.87289,-1.90791 -1.88451,-4.06016 -3.16441,-10.69837 -3.05006,-15.81917 0.11739,-5.25717 1.3037,-10.99832 3.05006,-14.76084 0.3182,-0.68555 0.711,-1.54411 0.87289,-1.90791 0.16189,-0.3638 0.36821,-0.72099 0.4585,-0.79375 0.0903,-0.0728 0.46639,-0.73162 0.83579,-1.46414 2.26147,-4.48457 8.57756,-10.84773 13.5529798,-13.65397 1.01864,-0.57454 2.03068,-1.15388 2.24896,-1.28742 2.24204,-1.37166 8.36495,-3.26099 12.03854,-3.71469 2.47599,-0.3058 8.3413402,-0.40086 9.5250002,-0.15438 0.29104,0.0606 1.3626,0.20579 2.38125,0.32263 2.01526,0.23115 1.93948,0.21791 2.51354,0.43921 1.02205,0.39401 3.03969,0.99193 3.34719,0.99193 0.18838,0 0.97085,0.2881 1.73881,0.64022 0.76796,0.35212 1.93207,0.88513 2.58692,1.18446 0.65484,0.29934 1.54791,0.75538 1.98458,1.01343 0.43668,0.25805 1.38918,0.81695 2.11667,1.242 1.79243,1.04728 3.18453,2.21035 6.20039,5.1803 2.79182,2.74933 4.23282,4.45383 5.48018,6.48229 3.17204,5.1584 5.07219,10.30587 5.66481,15.34584 0.55918,4.7556 0.47529,7.60255 -0.40153,13.62604 -0.18126,1.24527 -1.56492,5.54247 -2.28224,7.08792 -0.3182,0.68555 -0.71099,1.54411 -0.87288,1.90791 -0.16189,0.36381 -0.36822,0.72099 -0.45851,0.79375 -0.0903,0.0728 -0.46639,0.73163 -0.83578,1.46415 -2.30965,4.5801 -9.11275,11.36702 -13.94307,13.9099 -0.8041,0.42331 -1.64059,0.88054 -1.85887,1.01607 -1.11841,0.6944 -4.14314,1.88062 -6.61459,2.59408 -5.20986,1.50399 -10.74885,1.87148 -16.5364502,1.09714 z m -9.6573,-24.95559 c 0,-0.0615 -0.57847,-1.28185 -1.28549,-2.71198 -2.18367,-4.41702 -3.20781,-8.24456 -3.20895,-11.99293 -0.001,-4.42964 2.01227,-6.72114 5.88783,-6.70038 4.47803005,0.024 9.21844,4.21886 13.02766,11.52839 0.43587,0.8364 0.8697302,1.52101 0.9641202,1.52136 0.0944,3.4e-4 0.55697,-0.74351 1.02794,-1.65302 2.22999,-4.30635 6.18881,-8.96011 8.72108,-10.25198 3.33434,-1.70105 6.32476,-1.57437 8.3288,0.35282 1.52052,1.46222 1.82726,2.64731 1.65484,6.39343 -0.15794,3.4314 -1.07983,6.63419 -3.10868,10.8001 -0.86224,1.77047 -1.16282,2.63732 -0.94364,2.72142 0.1769,0.0679 1.62162,0.0894 3.21049,0.0478 l 2.88886,-0.0756 0.64276,-1.1663 c 2.06367,-3.7446 3.65793,-10.57405 3.37181,-14.44411 -0.4585,-6.20174 -3.63562,-9.71814 -9.48799,-10.50118 -5.6749,-0.75929 -11.4014,1.60585 -15.29697,6.31791 -0.50399,0.60962 -0.97587,1.1084 -1.04863,1.1084 -0.0728,0 -0.5490102,-0.5047 -1.0583402,-1.12155 -2.23259,-2.70394 -5.45587,-4.88484 -8.73124995,-5.90763 -1.99626005,-0.62336 -6.74195005,-0.63537 -8.73812005,-0.0221 -1.9981998,0.61389 -4.1480898,2.17983 -5.3452198,3.89337 -1.1067,1.58409 -1.39833,2.42025 -1.82847,5.24242 -0.55493,3.64096 0.82065,10.37308 3.01361,14.7487 0.43759,0.87312 0.92909,1.67497 1.09223,1.78189 0.30781,0.20173 6.2497198,0.288 6.2497198,0.0907 z"
+       id="path1"
+       sodipodi:nodetypes="ssssssssssssscssssssssssssssssssssssscscssscsssssccsssssssssssscc" /></g></svg>
--- a/auth/assets/custom-icons/icons/mercado_libre.svg
+++ b/auth/assets/custom-icons/icons/mercado_libre.svg
--- a/auth/assets/custom-icons/icons/mistral.svg
+++ b/auth/assets/custom-icons/icons/mistral.svg
@@ -1,15 +1,7 @@
-<svg width="500" height="500" viewBox="0 0 500 500" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g style="mix-blend-mode:difference">
-<path fill-rule="evenodd" clip-rule="evenodd" d="M363.636 23H409.091V477.545H363.636V23ZM0 23H45.4545V477.545H0V23ZM227.273 295.727H181.818V386.636H227.273V295.727ZM272.727 113.909H318.182V204.818H272.727V113.909Z" fill="white"/>
-</g>
-<path d="M136.364 386.636H45.4545V477.545H136.364V386.636Z" fill="#EA3326"/>
-<path d="M500 386.636H409.091V477.545H500V386.636Z" fill="#EA3326"/>
-<path d="M136.364 295.727H45.4545V386.636H136.364V295.727Z" fill="#EB5829"/>
-<path d="M318.182 295.727H227.273V386.636H318.182V295.727Z" fill="#EB5829"/>
-<path d="M500 295.727H409.091V386.636H500V295.727Z" fill="#EB5829"/>
-<path d="M136.364 23H45.4545V113.909H136.364V23Z" fill="#F7D046"/>
-<path d="M500 23H409.091V113.909H500V23Z" fill="#F7D046"/>
-<path d="M227.273 113.909H45.4545V204.818H227.273V113.909Z" fill="#F2A73B"/>
-<path d="M500 113.909H318.182V204.818H500V113.909Z" fill="#F2A73B"/>
-<path d="M500 204.818H45.4545V295.727H500V204.818Z" fill="#EE792F"/>
-</svg>
+<svg width="500" height="500" viewBox="0 0 500 500" xmlns="http://www.w3.org/2000/svg">
+  <path d="M71.41 73H142.83V143.75H71.41V73ZM357.12 73H428.54V143.75H357.12V73Z" fill="#FFD800"/>
+  <path d="M71.41 143.75H214.25V214.5H71.41V143.75ZM285.7 143.75H428.54V214.5H285.7V143.75Z" fill="#FFAF00"/>
+  <path d="M71.41 214.5H428.54V285.25H71.41V214.5Z" fill="#FF8205"/>
+  <path d="M71.41 285.27H142.83V356.02H71.41V285.27ZM214.27 285.27H285.69V356.02H214.27V285.27ZM357.12 285.27H428.54V356.02H357.12V285.27Z" fill="#FA500F"/>
+  <path d="M0 356.06H214.3V426.82H0V356.06ZM285.7 356.06H500V426.82H285.7V356.06Z" fill="#E10500"/>
+</svg>
--- a/auth/assets/custom-icons/icons/oracle_cloud.svg
+++ b/auth/assets/custom-icons/icons/oracle_cloud.svg
@@ -0,0 +1 @@
+<svg height="2100" viewBox="0 0 32 21" width="3200" xmlns="http://www.w3.org/2000/svg"><path d="m9.9 20.1c-5.5 0-9.9-4.4-9.9-9.9s4.4-9.9 9.9-9.9h11.6c5.5 0 9.9 4.4 9.9 9.9s-4.4 9.9-9.9 9.9zm11.3-3.5c3.6 0 6.4-2.9 6.4-6.4 0-3.6-2.9-6.4-6.4-6.4h-11c-3.6 0-6.4 2.9-6.4 6.4s2.9 6.4 6.4 6.4z" fill="#c74634"/></svg>
--- a/auth/assets/custom-icons/icons/r10.svg
+++ b/auth/assets/custom-icons/icons/r10.svg
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 25.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 280.6 100" style="enable-background:new 0 0 280.6 100;" xml:space="preserve">
+<style type="text/css">
+	.st0{enable-background:new    ;}
+	.st1{fill:#FFFFFF;}
+	.st2{fill:#3F4257;}
+	.st3{fill-rule:evenodd;clip-rule:evenodd;fill:#3F4257;}
+	.st4{fill-rule:evenodd;clip-rule:evenodd;fill:#EA4335;}
+	.st5{fill:#EA4335;}
+	.st6{fill:#FBBC05;}
+	.st7{fill:#4285F4;}
+	.st8{fill:#34A853;}
+</style>
+<g>
+	<g class="st0">
+		<path class="st1" d="M114.5,57.9h-6.3L97.9,46.2h-7.2v11.7h-5.4V24.1c5.3,0,10.5,0,15.8,0c7.8,0,12,5.4,12,11
+			c0,4.8-2.5,9.5-9.2,10.5L114,57L114.5,57.9z M90.7,29.1v12.2H101c4.5,0,6.5-2.8,6.5-6c0-3-2-6.2-6.4-6.2H90.7z"/>
+		<polygon class="st1" points="124.5,57.9 129.9,57.9 129.9,24.2 118.7,27.7 118.7,32.4 124.5,30.8 		"/>
+		<path class="st1" d="M139.7,38.1c0-19.6,28.4-19.5,28.4,0V44c0,19.5-28.4,19.6-28.4,0V38.1z M145.2,44c0,12.8,17.5,12.8,17.5,0
+			v-5.9c0-12.6-17.5-12.8-17.5,0V44z"/>
+	</g>
+	<g class="st0">
+		<path class="st1" d="M188.8,24.2l22.8,27.9V24.2h2.6v33.8h-1L190.3,30v27.9h-2.6V24.2H188.8z"/>
+		<path class="st1" d="M226.3,39.7h19.8v2.4h-19.8v13.3h21.4v2.5h-24V24.2h23.4v2.5h-20.8V39.7z"/>
+		<path class="st1" d="M263.3,26.5h-12.2v-2.3h27.1v2.3h-12.2v31.4h-2.6V26.5z"/>
+	</g>
+	<g id="Group_174_3_" transform="translate(-5071.999 -1624)">
+		<path class="st1" d="M5106.8,1722c-5.8,0-11.4-1.2-16.4-3.6c-4.9-2.3-9.1-5.7-12-9.8c-5-7.1-6.1-16-3-25l0-0.1
+			c7.8-22.5,13-25.7,18.7-27.4l0.5-0.1l0,0.2l0.8-0.1c0.5,0,0.9-0.1,1.4-0.1c0.6,0,1.2,0,1.8,0.1l0.8,0.1l0.4,0.1
+			c1.9,0.3,3.8,0.8,5.7,1.5l0,0l0,0c0.4,0.1,0.9,0.2,1.3,0.2c0,0,0,0,0,0c5.2,0,12.8-10.1,18.8-28.9c-0.3,1.7-1.1,6.5-1.4,8.1
+			c-1.2,6.5-2.3,12.7-3.2,17.7l-0.1,0.5l0.5,0.2c2.8,1.2,5,3.8,6.5,7.6l0.1,0.3l0.3,0.1c5.2,1.9,9.3,4.6,12.1,8
+			c2.5,3,4.2,6.5,4.8,10.5c0.9,5.3,0,11.6-2.5,17.6c-2.2,5.2-5.3,9.8-8.5,12.3C5126,1718.6,5116.6,1722,5106.8,1722L5106.8,1722z
+			 M5094.2,1635.7l0.5,2.5l-0.2,16.8L5094.2,1635.7z M5099.2,1654.4c-0.2-8.7,5.1-17.6,12.8-21.7c-0.7,0.9-1.4,1.8-2,2.7
+			C5103.8,1639,5100.3,1645.3,5099.2,1654.4z"/>
+		<g>
+			<path class="st1" d="M5128.3,1663.1c-1.7-4.1-4-6.7-6.9-8c1.5-8.3,3.6-20,5.7-31.1c-0.4,1.7-1.1,3.4-1.7,5
+				c-1.7,9.3-4.2,20.4-5.5,27.4c3.2,1.5,5.6,4.2,6.9,7.6c27.3,9.9,16.5,38.3,6.9,46.1c-28,22.7-67.7,4-57.3-26.9
+				c6.8-20.3,12.9-24.2,18.7-26v0c2.6-0.5,6.9,0.4,9.2,0.9c1.4,0.4,2.2,0.5,2.5,0.5c8,0.5,15.6-18.5,18.5-29.8
+				c-2.1,5.3-11.8,30.7-19.9,28.3c-1.9-0.7-3.8-1.2-5.8-1.6c0.8-8.8,4-15.8,10.7-19.6c1.2-1.8,2.7-3.6,4.2-5.1
+				c-9.9,3.5-16.8,14.4-16.1,24.6c-1.1-0.1-2.2-0.1-3.3,0l0.2-17.2l-2.1-9.6l0.5,26.8c-6.3,1.9-11.6,5.9-19.1,27.8l0,0
+				c-7.8,22.6,10.4,39.4,32.1,39.4c9.2,0,19-3.1,27.7-10C5144.6,1704.6,5157.1,1673.7,5128.3,1663.1z"/>
+			<polygon class="st2" points="5114.7,1630.8 5114.7,1630.8 5114.7,1630.8 			"/>
+		</g>
+		<g id="Group_1_3_" transform="translate(5072 1624)">
+			<path id="Path_839_2_" class="st3" d="M33.1,41.9c1.8-4.6,5.7-7.7,10.2-7.7c6.2,0,11.3,6.1,11.3,13.6s-5.1,13.6-11.3,13.6
+				c-4.5,0-8.4-3.2-10.2-7.8c0.1-0.2,0.2-0.3,0.3-0.5c1.7,4.2,5.2,7.2,9.4,7.2c5.7,0,10.4-5.6,10.4-12.4s-4.6-12.4-10.4-12.4
+				c-4.1,0-7.7,2.9-9.4,7.1C33.3,42.2,33.2,42.1,33.1,41.9z M25.1,36.4c2.9,0,5.5,1.9,7.1,4.8c-1.2-2.3-3.6-3.7-6.2-3.8
+				c-4.4,0-7.9,4.6-7.9,10.3S22.5,58,26,58s4.7-1.9,6.1-4.2c-1.6,2.8-3.2,5.1-7,5.1c-3.8,0-8.7-5-8.7-11.2
+				C16.4,41.5,20.3,36.4,25.1,36.4L25.1,36.4z"/>
+			<path id="Path_840_2_" class="st3" d="M27.8,45.5c0.9,0,1.6-0.7,1.6-1.5c0-0.9-0.7-1.6-1.5-1.6c-0.9,0-1.6,0.7-1.6,1.5
+				c0,0,0,0,0,0C26.3,44.8,27,45.4,27.8,45.5z"/>
+			<path id="Path_842_2_" class="st3" d="M46.9,46.4c0.9,0,1.6-0.6,1.6-1.5c0-0.9-0.6-1.6-1.5-1.6s-1.6,0.6-1.6,1.5c0,0,0,0,0,0.1
+				C45.4,45.7,46.1,46.4,46.9,46.4z"/>
+			<path id="Path_843_2_" class="st3" d="M26.1,62.8l0.6,0.1l-2.3,23.4l-0.6-0.1L26.1,62.8z"/>
+			<path id="Path_844_2_" class="st3" d="M38.6,65.3l0.6,0l1.5,23.5l-0.6,0L38.6,65.3z"/>
+			<path id="Path_845_2_" class="st3" d="M51.6,64.2l0.5-0.1l3.1,19.7L54.6,84L51.6,64.2z"/>
+			<g>
+				<polygon class="st2" points="8.1,57.5 8.1,57.5 8.1,57.5 8.1,57.5 				"/>
+				<path class="st2" d="M8.1,57.5c-4.3,39.6,64.1,47.3,56.7-0.1c0,0,0,0,0,0c0,0,0,0,0,0s0,0,0,0c-0.3,0.2-0.6,0.4-0.9,0.6
+					c-0.3,0.2-0.6,0.5-1,0.7c-0.9,0.6-2.2,1.2-3.8,1.9C41.4,66.9,17.2,62.2,8.1,57.5 M9.3,58.9c7.6,7,37.3,10.1,53,2.1
+					c0,0,0.3-0.1,0.5-0.3C67.3,101.9,5.8,94.4,9.3,58.9z"/>
+			</g>
+		</g>
+	</g>
+	<circle class="st1" cx="177.1" cy="53.6" r="4"/>
+	<path id="Forma_1_3_" class="st4" d="M153,74.7c-1,0-2.1,0.3-2.9,1c-0.7,0.6-1.3,1.3-1.7,2c-0.4-0.8-1-1.5-1.7-2
+		c-0.8-0.7-1.8-1-2.9-1c-2.9,0-5.2,2.4-5.2,5.6c0,3.5,2.8,5.8,7,9.4c0.7,0.6,1.5,1.3,2.4,2c0.2,0.2,0.6,0.2,0.8,0
+		c0.8-0.7,1.6-1.4,2.4-2c4.2-3.6,7-6,7-9.4C158.1,77.1,155.9,74.7,153,74.7z"/>
+	<g>
+		<path class="st1" d="M86.6,71.9l5.2,15.7l5.3-15.7h1.5l5.3,15.7l5.2-15.7h2.7l-6.6,19h-2.4l-4.9-14.2L93,90.9h-2.4l-6.6-19H86.6z"
+			/>
+		<path class="st1" d="M125.1,88.7c-1.4,1.6-3.7,2.4-5.8,2.4c-4.1,0-7-2.7-7-7c0-4,2.9-6.9,6.9-6.9c4.1,0,7.2,2.5,6.7,7.9h-11.4
+			c0.2,2.5,2.3,4,4.9,4c1.5,0,3.4-0.6,4.3-1.7L125.1,88.7L125.1,88.7z M123.8,83.2c-0.1-2.6-1.9-4-4.5-4c-2.3,0-4.4,1.4-4.7,4
+			L123.8,83.2L123.8,83.2z"/>
+	</g>
+	<g>
+		<path class="st5" d="M214.6,84.2c0,4.8-3.7,8.3-8.3,8.3s-8.3-3.5-8.3-8.3c0-4.8,3.7-8.3,8.3-8.3S214.6,79.4,214.6,84.2z M211,84.2
+			c0-3-2.2-5-4.7-5s-4.7,2-4.7,5c0,3,2.2,5,4.7,5S211,87.2,211,84.2z"/>
+		<path class="st6" d="M232.6,84.2c0,4.8-3.7,8.3-8.3,8.3s-8.3-3.5-8.3-8.3c0-4.8,3.7-8.3,8.3-8.3S232.6,79.4,232.6,84.2z M229,84.2
+			c0-3-2.2-5-4.7-5s-4.7,2-4.7,5c0,3,2.2,5,4.7,5S229,87.2,229,84.2z"/>
+		<path class="st7" d="M249.9,76.4v14.9c0,6.1-3.6,8.7-7.9,8.7c-4,0-6.5-2.7-7.4-4.9l3.2-1.3c0.6,1.4,2,3,4.2,3
+			c2.7,0,4.4-1.7,4.4-4.9v-1.2h-0.1c-0.8,1-2.4,1.9-4.4,1.9c-4.2,0-8-3.6-8-8.3c0-4.7,3.8-8.3,8-8.3c2,0,3.6,0.9,4.4,1.9h0.1v-1.4
+			L249.9,76.4L249.9,76.4z M246.7,84.3c0-2.9-2-5.1-4.4-5.1c-2.5,0-4.6,2.1-4.6,5.1c0,2.9,2.1,5,4.6,5
+			C244.7,89.3,246.7,87.2,246.7,84.3z"/>
+		<path class="st8" d="M255.6,67.7V92H252V67.7H255.6z"/>
+		<path class="st5" d="M269.5,87l2.8,1.9c-0.9,1.4-3.1,3.7-6.9,3.7c-4.7,0-8.3-3.7-8.3-8.3c0-4.9,3.6-8.3,7.8-8.3
+			c4.3,0,6.4,3.4,7.1,5.3l0.4,0.9l-11.1,4.6c0.9,1.7,2.2,2.5,4,2.5C267.3,89.3,268.6,88.4,269.5,87L269.5,87z M260.8,84l7.4-3.1
+			c-0.4-1-1.6-1.8-3.1-1.8C263.3,79.1,260.7,80.8,260.8,84z"/>
+		<path class="st7" d="M184.5,82.1v-3.5h11.9c0.1,0.6,0.2,1.3,0.2,2.1c0,2.6-0.7,5.9-3.1,8.3c-2.3,2.4-5.2,3.6-9,3.6
+			c-7.1,0-13.1-5.8-13.1-12.9c0-7.1,6-12.9,13.1-12.9c3.9,0,6.7,1.5,8.9,3.6l-2.5,2.5c-1.5-1.4-3.6-2.5-6.4-2.5
+			c-5.2,0-9.3,4.2-9.3,9.4c0,5.2,4.1,9.4,9.3,9.4c3.4,0,5.3-1.4,6.5-2.6c1-1,1.7-2.4,1.9-4.4L184.5,82.1z"/>
+	</g>
+</g>
+</svg>
--- a/auth/assets/custom-icons/icons/sei.svg
+++ b/auth/assets/custom-icons/icons/sei.svg
--- a/auth/assets/custom-icons/icons/tebex.svg
+++ b/auth/assets/custom-icons/icons/tebex.svg
@@ -0,0 +1,19 @@
+<svg version="1.2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 256 256" width="256" height="256">
+	<title>vikunja</title>
+	<defs>
+		<clipPath clipPathUnits="userSpaceOnUse" id="cp1">
+			<path d="m211.62 166.19v47.1h-167.62v-47.1z"/>
+		</clipPath>
+	</defs>
+	<style>
+		.s0 { fill: #101010 } 
+		.s1 { fill: #ffffff } 
+	</style>
+	<path class="s0" d="m226.9 46.8q-0.8-0.9-1.6-1.9-0.8-1-1.6-1.9-0.9-1-1.7-1.9-0.9-0.9-1.7-1.9c-24.1-25.2-56.9-39.2-92.3-39.2-8.3 0-16.7 0.8-24.9 2.4-8.3 1.7-16.3 4.1-24.1 7.3-7.7 3.2-15.1 7.2-22.1 11.9-7 4.6-13.4 10-19.4 15.9-5.9 6-11.3 12.4-15.9 19.4-4.7 7-8.7 14.4-11.9 22.1-3.2 7.8-5.6 15.8-7.3 24.1-1.6 8.2-2.4 16.6-2.4 24.9 0 8.4 0.8 16.8 2.5 25 1.6 8.3 4 16.3 7.2 24.1 3.2 7.7 7.2 15.1 11.9 22.1 4.6 7 10 13.4 15.9 19.4 6 5.9 12.4 11.3 19.4 15.9 7 4.7 14.4 8.7 22.1 11.9 7.8 3.2 15.8 5.6 24.1 7.2 8.2 1.7 16.6 2.5 24.9 2.4 8.4 0.1 16.8-0.7 25-2.4 8.3-1.6 16.3-4 24-7.2 7.8-3.2 15.2-7.2 22.2-11.9 6.9-4.6 13.4-10 19.3-15.9 6-6 11.3-12.4 16-19.4 4.7-7 8.7-14.4 11.9-22.1 3.2-7.8 5.6-15.8 7.2-24.1 1.7-8.2 2.5-16.6 2.4-25 0-29.2-10.5-58.2-29.1-81.2"/>
+	<g id="Clip-Path" clip-path="url(#cp1)">
+		<g>
+			<path fill-rule="evenodd" class="s1" d="m117.5 183.8c2.5-3.5 6.5-5.5 11.3-5.5 9.1 0 15.6 7 15.6 16.7 0 9.8-6.6 16.8-15.8 16.8-4.8 0-8.7-1.8-11.2-5.3l-0.2 4.5h-6.9v-44.8h7.2zm20.2 11.4c0-5.7-4.1-10.4-9.3-10.4-5.2 0-9.4 4.7-9.4 10.4 0 5.8 4.2 10.5 9.4 10.5 5.2 0 9.3-4.7 9.3-10.5zm-70.4 9.4l0.3-0.2 2.8 5.7-0.1 0.1c-2.7 2.1-5.6 3.1-8.8 3.1-7 0-10.9-4-10.9-11.4v-16.7h-6.6l1.6-6.5h5v-8.3h7.3v8.3h11.6v6.5h-11.6v16.7c0 2.9 1.5 4.6 4.3 4.6 1.9 0 3.3-0.5 5.1-1.9zm36.1-9.8q0 0.5-0.1 0.9 0 0.4 0 0.8v0.3h-23.7c0.7 5.6 4.1 8.6 9.5 8.6 3.5 0 6.3-1.2 8.9-3.8l0.2-0.2 3.8 4.7-0.1 0.1c-3.4 3.8-7.6 5.5-13.2 5.5-9.9 0-16.3-6.6-16.3-16.8 0-9.7 6.7-16.8 16-16.8 9.1 0 15 6.6 15 16.7zm-7.3-2.7c-0.6-4.8-3.5-7.6-7.8-7.6-4.3 0-7.6 3-8.5 7.6zm82.8 2.7q0 0.5 0 0.9-0.1 0.4-0.1 0.8v0.3h-23.7c0.7 5.6 4.1 8.6 9.5 8.6 3.5 0 6.3-1.2 8.9-3.8l0.2-0.2 3.9 4.7-0.2 0.1c-3.4 3.8-7.6 5.5-13.2 5.5-9.9 0-16.2-6.6-16.2-16.8 0-9.7 6.6-16.8 15.9-16.8 9.1 0 15 6.6 15 16.7zm-23.6-2.7h16.3c-0.6-4.9-3.4-7.6-7.8-7.6-4.3 0-7.6 3-8.5 7.6zm55-13.4l-11.2 15.4 12.5 16.9h-8.6l-8.1-11.5-7.8 11.5h-8.2l12.1-16.5-11.5-15.8h8.5l7.1 10.5 7-10.5z"/>
+		</g>
+	</g>
+	<path class="s1" d="m130.9 71.8c4.5-7.3 12.5-9.5 12.5-9.5 0 0-15.3-4-15.3-20.3 0 16.3-15.3 20.3-15.3 20.3 0 0 8 2.2 12.4 9.5h-20.9v28.2l4.8-8.7h9.5v48.6l19 19.4v-59.5c-4.9-2.3-11.8-8.1-14.3-12.5 4.2 1.3 10 3 14.4 4h14.2v-19.5z"/>
+</svg>
--- a/auth/assets/custom-icons/icons/toshl_finance.svg
+++ b/auth/assets/custom-icons/icons/toshl_finance.svg
--- a/auth/assets/custom-icons/icons/uollet.svg
+++ b/auth/assets/custom-icons/icons/uollet.svg
@@ -0,0 +1,15 @@
+<svg width="500" height="404" viewBox="0 0 500 404" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M232.61 401.571C220.894 398.642 214.011 395.42 204.052 388.39C199.219 384.876 154.991 341.672 105.783 292.172C37.244 223.34 15.1299 200.347 11.1757 193.61C-3.03008 169.006 -3.61588 146.16 8.97892 121.263C14.6905 109.987 26.6995 96.806 75.0284 48.4771C115.303 8.20299 118.378 6.00622 139.321 1.46623C151.33 -1.02344 160.41 -0.437633 174.176 3.9559C188.235 8.20299 197.901 15.5256 224.262 41.7403C237.443 54.7745 249.013 65.4654 250.038 65.4654C250.916 65.4654 251.649 66.7835 251.649 68.3945C251.649 70.0054 251.063 71.3235 250.331 71.3235C249.745 71.3235 243.887 76.5957 237.443 83.0396C224.409 95.9273 216.647 109.108 215.329 120.385C214.596 127.561 217.525 144.549 219.576 144.549C220.308 144.549 220.894 145.867 220.894 147.478C220.894 151.725 240.811 171.203 248.72 174.865C252.381 176.475 258.532 178.672 262.34 179.697C268.93 181.455 269.955 181.308 279.914 177.501C285.772 175.157 291.044 172.521 291.63 171.35C292.216 170.325 293.241 169.446 293.973 169.446C294.559 169.446 304.664 159.926 316.527 148.21C336.59 128.586 338.494 126.975 343.62 126.975C348.746 126.975 350.943 128.879 386.091 164.027C406.301 184.237 422.997 201.812 422.997 202.837C422.997 203.715 423.582 204.594 424.315 204.594C424.9 204.594 427.39 208.695 429.733 213.821C433.102 221.29 433.98 225.39 434.42 237.253C435.006 249.555 434.713 251.459 432.662 251.459C431.344 251.459 430.319 252.337 430.319 253.362C430.319 254.388 400.15 285.289 363.391 321.902C303.492 381.507 295.145 389.123 286.065 393.809C267.465 403.328 250.184 405.818 232.61 401.571ZM2.24217 152.311C1.94926 149.968 1.65636 151.579 1.65636 155.533C1.65636 159.634 1.94926 161.391 2.24217 159.634C2.53507 157.73 2.53507 154.508 2.24217 152.311Z" fill="#461EC5"/>
+<path d="M430.319 233.152C430.319 231.981 429.733 230.955 429.001 230.955C428.269 230.955 427.976 229.637 428.415 228.026C429.733 222.901 433.248 224.512 433.248 230.223C433.248 233.006 432.662 235.349 431.784 235.349C431.052 235.349 430.319 234.324 430.319 233.152Z" fill="#36198A"/>
+<path d="M421.386 210.745C417.138 205.766 416.846 203.13 420.8 203.13C424.022 203.13 424.461 203.715 424.461 208.255C424.461 214.113 424.315 214.26 421.386 210.745Z" fill="#36198A"/>
+<path d="M252.527 182.48C247.695 180.869 241.104 177.647 237.736 175.304C228.949 169.299 212.4 150.407 215.768 150.407C216.354 150.407 215.622 149.382 214.45 148.064C213.132 146.892 212.4 145.135 212.839 144.403C213.425 143.671 212.986 143.085 212.107 143.085C211.082 143.085 210.789 141.913 211.375 140.156C211.814 138.545 211.814 137.227 211.082 137.227C210.496 137.227 209.91 131.662 209.91 124.778C209.91 117.895 210.496 112.33 211.228 112.33C211.814 112.33 212.107 111.305 211.521 110.133C211.082 108.962 211.375 107.936 212.253 107.936C213.132 107.936 213.571 106.911 212.986 105.74C212.546 104.568 212.839 103.543 213.718 103.543C214.597 103.543 214.889 102.957 214.45 102.225C214.011 101.493 214.597 100.467 215.915 100.028C217.233 99.5887 217.965 98.1242 217.526 97.099C217.086 95.9274 217.672 94.6094 218.844 94.17C220.015 93.7306 220.748 92.8519 220.601 92.2661C220.162 90.8016 244.18 66.9301 246.084 66.9301C246.816 66.9301 246.962 66.1978 246.377 65.3191C245.791 64.2939 246.377 64.001 248.134 64.5868C250.331 65.3191 256.921 59.4611 278.01 38.665C307.007 9.96053 311.694 6.7386 330.732 1.75926C347.721 -2.78073 370.714 1.90571 385.505 12.7431C392.242 17.7224 440.571 65.3191 440.571 67.0765C440.571 67.6623 441.45 68.541 442.475 68.8339C443.353 69.2733 438.374 69.5662 431.052 69.5662C420.946 69.4197 416.406 70.0055 411.72 72.2023C404.69 75.4242 348.16 129.904 351.821 129.904C353.432 129.904 354.165 131.222 354.165 134.298C354.165 138.252 354.604 138.691 358.558 138.691C362.659 138.691 362.952 139.131 362.952 144.11V149.529L353.579 140.302C344.938 131.808 343.767 131.076 341.423 132.98C339.959 134.151 330 143.817 319.163 154.508C308.325 165.052 298.953 173.839 298.367 173.839C297.781 173.839 296.609 174.718 296.023 175.743C295.438 176.915 290.458 179.551 284.893 181.601C273.177 186.288 264.683 186.581 252.527 182.48ZM288.847 141.913C297.342 134.737 299.538 127.414 295.731 119.067C292.069 110.865 287.529 107.204 278.596 105.007C271.859 103.543 270.395 103.689 265.562 106.033C261.315 108.229 259.557 110.573 256.775 117.309C253.406 125.511 253.406 125.95 255.749 132.394C258.386 139.423 263.951 144.549 271.42 147.039C276.253 148.65 283.429 146.6 288.847 141.913Z" fill="#36198A"/>
+<path d="M383.455 170.178L378.476 165.052H383.894C389.167 165.052 389.313 165.199 389.313 170.178C389.313 172.961 389.167 175.304 388.874 175.304C388.581 175.304 386.238 172.961 383.455 170.178Z" fill="#36198A"/>
+<path d="M430.026 239.157C429.44 228.612 428.561 225.097 424.021 216.017C419.335 206.498 414.649 201.372 382.136 168.714C361.926 148.65 345.084 130.929 344.498 129.465C343.327 125.95 398.392 71.9093 407.326 67.6622C412.012 65.6119 416.552 64.8796 426.218 64.8796H438.959L459.023 84.5041C480.698 105.886 488.899 116.87 492.854 129.758C494.318 134.298 495.929 138.398 496.661 138.838C497.394 139.423 497.54 141.181 497.101 142.792C496.515 144.403 496.808 146.16 497.686 146.746C499.59 147.918 499.59 161.684 497.54 163.002C496.661 163.441 496.222 165.199 496.661 166.663C497.101 168.128 496.075 171.789 494.611 174.865C493.146 177.794 491.828 181.601 491.828 183.066C491.828 186.434 485.97 197.272 484.213 197.272C483.627 197.272 483.041 198.15 483.041 199.175C483.041 201.372 434.419 251.459 432.223 251.459C431.344 251.459 430.465 246.333 430.026 239.157Z" fill="#2B146D"/>
+<path d="M266.586 151.432C260.435 149.089 251.355 141.913 252.38 140.009C252.966 139.277 252.527 138.691 251.648 138.691C250.77 138.691 250.477 138.105 250.916 137.227C251.355 136.494 251.209 135.762 250.33 135.762C249.451 135.762 249.159 134.737 249.598 133.565C250.184 132.394 249.891 131.368 249.159 131.368C248.426 131.368 247.84 128.732 247.987 125.51C247.987 122.289 248.426 119.652 248.866 119.652C250.33 119.652 253.259 112.183 252.38 110.719C251.795 109.987 252.234 109.401 252.966 109.401C253.845 109.401 254.431 108.669 254.138 107.643C253.991 106.765 256.481 104.421 259.703 102.664C267.026 98.417 275.959 96.806 278.742 99.1492C279.913 100.028 281.524 100.467 282.257 100.028C282.989 99.4421 284.014 99.735 284.6 100.614C285.186 101.492 286.064 101.785 286.797 101.346C288.847 100.028 297.341 108.229 300.124 114.527C303.638 122.289 303.638 124.046 299.684 124.046C297.195 124.046 295.73 122.581 293.973 118.334C291.044 111.451 282.257 104.568 276.691 104.714C271.566 104.861 260.582 110.133 259.41 113.062C258.971 114.234 257.36 115.259 255.895 115.259C253.552 115.259 253.113 116.43 253.113 121.849C253.113 125.657 254.138 130.49 255.31 132.687C257.946 137.812 265.415 144.256 270.101 145.428C272.591 146.014 273.616 147.332 273.616 149.821C273.616 153.776 273.323 153.776 266.586 151.432Z" fill="#2B146D"/>
+<path d="M275.081 149.821C275.081 147.039 276.106 146.014 279.621 145.281C285.186 144.11 293.973 135.03 295.145 129.611C295.731 126.536 296.756 125.51 299.392 125.51C303.346 125.51 303.493 126.682 301.442 134.444C299.538 141.034 293.827 147.039 286.065 150.554C277.864 154.361 275.081 154.068 275.081 149.821Z" fill="#2B146D"/>
+<path d="M265.561 150.114C257.507 146.014 254.578 143.231 251.502 136.494C247.841 128.44 247.987 122.289 252.381 113.794C260.143 98.2705 281.818 94.9022 293.241 107.204C299.978 114.38 301.003 115.845 300.27 117.895C299.978 118.774 300.417 119.652 301.296 119.652C302.174 119.652 302.907 121.996 302.907 124.778C302.907 127.561 302.174 129.904 301.296 129.904C300.417 129.904 299.978 131.222 300.417 132.833C300.856 134.444 300.563 135.762 299.685 135.762C298.952 135.762 298.659 136.348 299.099 137.08C299.538 137.812 298.952 138.838 297.634 139.277C296.316 139.863 295.584 140.595 296.17 141.181C296.609 141.62 295.584 142.792 293.68 143.817C291.923 144.696 290.605 146.16 290.751 147.039C290.898 147.918 288.408 148.943 285.332 149.528C282.11 149.968 279.474 151.139 279.474 151.872C279.474 154.215 271.859 153.19 265.561 150.114Z" fill="#1F0E4E"/>
+<rect x="1.21729" y="150.407" width="4.39354" height="10.2516" fill="#461EC5"/>
+<path d="M462.539 88.1654C506.161 130.726 511.237 166.488 480.113 203.13L462.539 88.1654Z" fill="#2B146D"/>
+<circle cx="275.081" cy="125.51" r="27.8257" fill="#1F0E4E"/>
+<path d="M222.359 89.6299C196.86 117.609 199.757 132.937 221.627 159.926L222.359 89.6299Z" fill="#36198A"/>
+</svg>
--- a/auth/assets/custom-icons/icons/xai.svg
+++ b/auth/assets/custom-icons/icons/xai.svg
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 27.5.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   version="1.1"
+   id="katman_1"
+   x="0px"
+   y="0px"
+   viewBox="0 0 841.89 595.28"
+   style="enable-background:new 0 0 841.89 595.28;"
+   xml:space="preserve"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs id="defs4" />
+  <g
+     id="g4"
+     style="fill:currentColor">
+    <polygon
+       points="557.09,211.99 565.4,538.36 631.96,538.36 640.28,93.18"
+       id="polygon1"
+       style="fill:currentColor" />
+    <polygon
+       points="640.28,56.91 538.72,56.91 379.35,284.53 430.13,357.05"
+       id="polygon2"
+       style="fill:currentColor" />
+    <polygon
+       points="201.61,538.36 303.17,538.36 353.96,465.84 303.17,393.31"
+       id="polygon3"
+       style="fill:currentColor" />
+    <polygon
+       points="201.61,211.99 430.13,538.36 531.69,538.36 303.17,211.99"
+       id="polygon4"
+       style="fill:currentColor" />
+  </g>
+</svg>
--- a/auth/assets/custom-icons/icons/zitadel.svg
+++ b/auth/assets/custom-icons/icons/zitadel.svg
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 467 467" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g id="zitadel-logo-solo-darkdesign" transform="matrix(0.564847,0,0,0.659318,-1282.85,0)">
+        <rect x="2271.15" y="0" width="826.773" height="708.241" style="fill:none;"/>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5923.46,-2258.26)">
+            <path d="M1493.5,1056.38L1493.5,1037L1496.5,1037L1496.5,1061.62L1426.02,1020.38L1496.5,979.392L1496.5,1004L1493.5,1004L1493.5,984.608L1431.98,1020.39L1493.5,1056.38Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(31.0036,0,0,15.0393,-397275,-666.457)">
+            <g transform="matrix(-0.0429306,-0.282967,0.160219,-0.0758207,12884.5,137.392)">
+                <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear1);"/>
+            </g>
+            <g transform="matrix(0.160219,0.0758207,-0.0429306,0.282967,12878.9,10.8747)">
+                <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear2);"/>
+            </g>
+            <g transform="matrix(-0.117289,0.207146,-0.117289,-0.207146,12943.8,65.7)">
+                <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear3);"/>
+            </g>
+            <g transform="matrix(-0.160219,-0.0758207,0.0429306,-0.282967,12917.4,132.195)">
+                <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear4);"/>
+            </g>
+            <g transform="matrix(-0.117289,0.207146,0.117289,0.207146,12897.8,5.87512)">
+                <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear5);"/>
+            </g>
+            <g transform="matrix(-0.0429306,-0.282967,-0.160219,0.0758207,12936.8,97.6441)">
+                <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear6);"/>
+            </g>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5928.43,-2257.12)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5884.5,-2116.69)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5855.22,-2023.06)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-6234.47,-2112.14)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5957.71,-2350.75)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5477.99,-831.33)">
+            <path d="M1499.26,757.787C1499.26,757.787 1497.37,756.489 1497,755.2C1496.71,754.182 1496.57,750.662 1496.54,750C1496.41,747.303 1499.21,745.644 1499.21,745.644L1490.01,745.835C1490.01,745.835 1493.15,745.713 1493.46,750C1493.51,750.661 1493.23,753.476 1493,755.2C1492.91,756.447 1491.2,757.668 1491.2,757.668L1499.26,757.787Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5404.79,-597.271)">
+            <path d="M1495,760L1495,744" style="fill:none;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5404.79,-597.271)">
+            <path d="M1498.27,757.077C1498.27,757.077 1496.71,756.46 1496.65,754.8C1496.65,753.658 1496.64,753.281 1496.65,752.016C1496.62,751.334 1496.59,750.608 1496.65,749.949C1496.78,746.836 1498.5,746.156 1498.5,746.156L1491.46,745.931C1491.46,745.931 1493.37,746.719 1493.65,749.83C1493.71,750.489 1493.69,751.528 1493.65,752.209C1493.64,753.331 1493.64,753.413 1493.65,754.518C1493.68,756.334 1492.58,756.827 1492.58,756.827L1498.27,757.077Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5770.62,-677.495)">
+            <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5770.62,-677.495)">
+            <path d="M1500.86,762.056C1500.86,762.056 1499.86,760.4 1503.09,757.456C1504.91,755.797 1507.33,754.151 1509.98,752.255C1514.82,748.79 1520.68,744.94 1526.52,741.049C1531.45,737.766 1536.38,734.479 1540.82,731.68C1544.52,729.349 1547.85,727.296 1550.54,725.8C1551.07,725.506 1551.6,725.329 1552.05,725.029C1554.73,723.257 1556.85,724.968 1556.85,724.968L1552.23,716.282C1552.23,716.282 1551.99,719.454 1550,720.997C1549.57,721.333 1549.15,721.741 1548.67,722.12C1546.2,724.053 1542.99,726.344 1539.39,728.867C1535.06,731.898 1530.13,735.166 1525.19,738.438C1519.35,742.314 1513.52,746.234 1508.49,749.329C1505.74,751.023 1503.28,752.577 1501.13,753.598C1497.99,755.086 1495.28,753.617 1495.28,753.617L1500.86,762.056Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,-1.16463,-3.72366,-3997,4993.28)">
+            <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,-1.16463,-3.72366,-3997,4993.28)">
+            <path d="M1496.1,754.362C1496.1,754.362 1497.2,755.607 1501.13,753.598C1503.25,752.509 1505.74,751.023 1508.49,749.329C1513.52,746.234 1519.35,742.314 1525.19,738.438C1530.13,735.166 1534.94,731.832 1539.27,728.802C1542.87,726.279 1549.36,722.059 1549.81,721.75C1552.75,719.73 1552.18,718.196 1552.18,718.196L1555.28,724.152C1555.28,724.152 1553.77,722.905 1551.37,724.681C1550.93,725.006 1544.52,729.349 1540.82,731.68C1536.38,734.479 1531.45,737.766 1526.52,741.049C1520.68,744.94 1514.82,748.79 1509.98,752.255C1507.33,754.151 1504.89,755.771 1503.09,757.456C1499.47,760.841 1501.26,763.283 1501.26,763.283L1496.1,754.362Z" style="fill:white;"/>
+        </g>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,155.247,-155.247,-41.5984,201.516,76.8392)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(155.247,-41.5984,41.5984,155.247,110.08,195.509)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear3" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,-113.649,113.649,-113.649,258.31,215.618)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear4" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-155.247,41.5984,-41.5984,-155.247,220.914,144.546)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear5" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,113.649,113.649,113.649,206.837,124.661)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear6" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,-155.247,-155.247,41.5984,152.054,262.8)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+    </defs>
+</svg>
--- a/auth/lib/core/configuration.dart
+++ b/auth/lib/core/configuration.dart
@@ -14,7 +14,6 @@ import 'package:ente_auth/models/key_gen_result.dart';
 import 'package:ente_auth/models/private_key_attributes.dart';
 import 'package:ente_auth/store/authenticator_db.dart';
 import 'package:ente_auth/utils/directory_utils.dart';
-import 'package:ente_auth/utils/lock_screen_settings.dart';
 import 'package:ente_crypto_dart/ente_crypto_dart.dart';
 import 'package:flutter_secure_storage/flutter_secure_storage.dart';
 import 'package:logging/logging.dart';
@@ -33,7 +32,6 @@ class Configuration {
  static const emailKey = "email";
  static const keyAttributesKey = "key_attributes";

-  static const keyShouldShowLockScreen = "should_show_lock_screen";
  static const lastTempFolderClearTimeKey = "last_temp_folder_clear_time";
  static const keyKey = "key";
  static const secretKeyKey = "secret_key";
@@ -133,7 +131,6 @@ class Configuration {
        key: key,
      );
    }
-    await LockScreenSettings.instance.removePinAndPassword();
    await AuthenticatorDB.instance.clearTable();
    _key = null;
    _cachedToken = null;
@@ -468,24 +465,6 @@ class Configuration {
    await _preferences.setBool(hasOptedForOfflineModeKey, true);
  }

-  Future<bool> shouldShowLockScreen() async {
-    final bool isPin = await LockScreenSettings.instance.isPinSet();
-    final bool isPass = await LockScreenSettings.instance.isPasswordSet();
-    return isPin || isPass || shouldShowSystemLockScreen();
-  }
-
-  bool shouldShowSystemLockScreen() {
-    if (_preferences.containsKey(keyShouldShowLockScreen)) {
-      return _preferences.getBool(keyShouldShowLockScreen)!;
-    } else {
-      return false;
-    }
-  }
-
-  Future<void> setSystemLockScreen(bool value) {
-    return _preferences.setBool(keyShouldShowLockScreen, value);
-  }
-
  void setVolatilePassword(String volatilePassword) {
    _volatilePassword = volatilePassword;
  }
--- a/auth/lib/core/constants.dart
+++ b/auth/lib/core/constants.dart
@@ -11,7 +11,7 @@ const String roadmapURL = "https://roadmap.ente.io";
 const String kAccountsUrl = "https://accounts.ente.io";

 const String githubFeatureRequestUrl =
-    "https://github.com/ente-io/ente/discussions/categories/feature-requests?discussions_q=is%3Aopen+category%3A%22Feature+requests%22+label%3A%22-+auth%22+sort%3Atop";
+    "https://github.com/ente-io/ente/discussions/categories/enhancements?discussions_q=is%3Aopen%+label%3A%22-+auth%22+sort%3Atop";
 const int microSecondsInDay = 86400000000;
 const int android11SDKINT = 30;
 const int galleryLoadStartTime = -8000000000000000; // Wednesday, March 6, 1748
--- a/auth/lib/gateway/authenticator.dart
+++ b/auth/lib/gateway/authenticator.dart
@@ -73,7 +73,10 @@ class AuthenticatorGateway {
    );
  }

-  Future<List<AuthEntity>> getDiff(int sinceTime, {int limit = 500}) async {
+  Future<(List<AuthEntity>, int?)> getDiff(
+    int sinceTime, {
+    int limit = 500,
+  }) async {
    try {
      final response = await _enteDio.get(
        "/authenticator/entity/diff",
@@ -84,11 +87,12 @@ class AuthenticatorGateway {
      );
      final List<AuthEntity> authEntities = <AuthEntity>[];
      final diff = response.data["diff"] as List;
+      final int? unixTimeInMicroSeconds = response.data["timestamp"] as int?;
      for (var entry in diff) {
        final AuthEntity entity = AuthEntity.fromMap(entry);
        authEntities.add(entity);
      }
-      return authEntities;
+      return (authEntities, unixTimeInMicroSeconds);
    } catch (e) {
      if (e is DioException && e.response?.statusCode == 401) {
        throw UnauthorizedError();
--- a/auth/lib/l10n/arb/app_ar.arb
+++ b/auth/lib/l10n/arb/app_ar.arb
@@ -47,7 +47,7 @@
  "saveAction": "حفظ",
  "nextTotpTitle": "التالي",
  "deleteCodeTitle": "حذف الرمز؟",
-  "deleteCodeMessage": "هل أنت متأكد من أنك تريد حذف هذه الشيفرة؟ هذا الإجراء لا رجعة فيه.",
+  "deleteCodeMessage": "هل أنت متيقِّن من أنك تريد حذف هذه الشيفرة؟ هذا الإجراء لا رجعة فيه.",
  "trashCode": "حذف الكود؟",
  "trashCodeMessage": "هل أنت متيقِّن أنك تريد حذف الكود الخاص بـ {account}؟",
  "trash": "سلة المهملات",
@@ -173,6 +173,7 @@
  "invalidQRCode": "شيفرة استجابة سريعة غير صالحة",
  "noRecoveryKeyTitle": "لا يوجد مفتاح استرجاع؟",
  "enterEmailHint": "أدخل عنوان البريد الإلكتروني الخاص بك",
+  "enterNewEmailHint": "أدخل عنوان بريدك الإلكتروني الجديد",
  "invalidEmailTitle": "عنوان البريد الإلكتروني غير صالح",
  "invalidEmailMessage": "الرجاء إدخال بريد إلكتروني صالح.",
  "deleteAccount": "إزالة الحساب",
@@ -513,5 +514,10 @@
  "free5GB": "5GB  مجانًا على <bold-green>ente</bold-green> صور",
  "loginWithAuthAccount": "سجّل الدخول باستخدام حساب المُصادقة",
  "freeStorageOffer": "خَصْم 10٪ على صور <bold-green>ente</bold-green>",
-  "freeStorageOfferDescription": "استخدم الكود \"AUTH\" وأحصل على 10٪ خَصْم في السنة الأولى"
+  "freeStorageOfferDescription": "استخدم الكود \"AUTH\" وأحصل على 10٪ خَصْم في السنة الأولى",
+  "advanced": "متقدم",
+  "algorithm": "الخوارزمية",
+  "type": "النوع",
+  "period": "المدّة",
+  "digits": "الأرقام"
 }
--- a/auth/lib/l10n/arb/app_be.arb
+++ b/auth/lib/l10n/arb/app_be.arb
@@ -8,7 +8,7 @@
  },
  "onBoardingBody": "Бяспечна зрабіць рэзервовую копію кодаў 2ФА",
  "onBoardingGetStarted": "Пачаць",
-  "setupFirstAccount": "Наладзіць ваш першы ўліковы запіс",
+  "setupFirstAccount": "Наладзіць свой першы ўліковы запіс",
  "importScanQrCode": "Сканіраваць код QR-код",
  "qrCode": "QR-код",
  "importEnterSetupKey": "Увесці ключ наладжвання",
@@ -45,19 +45,38 @@
  "timeBasedKeyType": "Заснаваныя на часе (TOTP)",
  "counterBasedKeyType": "Заснаваныя на лічыльніку (HOTP)",
  "saveAction": "Захаваць",
-  "nextTotpTitle": "наступны",
+  "nextTotpTitle": "далей",
  "deleteCodeTitle": "Выдаліць код?",
  "deleteCodeMessage": "Вы сапраўды хочаце выдаліць гэты код? Гэта дзеянне з'яўляецца незваротным.",
  "trashCode": "Выдаліць код?",
  "trashCodeMessage": "Вы сапраўды хочаце выдаліць код для {account}?",
  "trash": "Сметніца",
-  "viewLogsAction": "Паглядзець журнал",
-  "preparingLogsTitle": "Падрыхтоўка журнала...",
+  "viewLogsAction": "Паглядзець журналы",
+  "preparingLogsTitle": "Падрыхтоўка журналаў...",
  "emailLogsTitle": "Адправіць журнал па электроннай пошце",
-  "exportLogsAction": "Экспартаваць журнал",
-  "reportABug": "Паведаміць пра памылку",
-  "reportBug": "Паведаміць пра памылку",
+  "emailLogsMessage": "Адпраўце журналы на {email}",
+  "@emailLogsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "copyEmailAction": "Скапіяваць электронную пошту",
+  "exportLogsAction": "Экспартаваць журналы",
+  "reportABug": "Паведаміць аб памылцы",
+  "crashAndErrorReporting": "Справаздачы аб збоях і памылках",
+  "reportBug": "Паведаміць аб памылцы",
+  "emailUsMessage": "Адпраўце нам ліст на {email}",
+  "@emailUsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
  "contactSupport": "Звярнуцца ў службу падтрымкі",
+  "rateUsOnStore": "Ацаніць нас у {storeName}",
  "blog": "Блог",
  "verifyPassword": "Праверыць пароль",
  "pleaseWait": "Пачакайце...",
@@ -66,32 +85,184 @@
  "useRecoveryKey": "Выкарыстоўваць ключ аднаўлення",
  "incorrectPasswordTitle": "Няправільны пароль",
  "welcomeBack": "З вяртаннем!",
+  "changeEmail": "Змяніць адрас электроннай пошты",
  "changePassword": "Змяніць пароль",
  "data": "Даныя",
  "importCodes": "Імпартаваць коды",
+  "importTypePlainText": "Звычайны тэкст",
+  "importTypeEnteEncrypted": "Шыфраванне экспартавання з Ente",
+  "passwordForDecryptingExport": "Пароль для дэшыфроўкі экспартавання",
  "passwordEmptyError": "Пароль не можа быць пустым",
  "importFromApp": "Імпартаваць коды з {appName}",
  "exportCodes": "Экспартаваць коды",
  "importLabel": "Імпарт",
  "selectFile": "Выбраць файл",
+  "ok": "OK",
+  "cancel": "Скасаваць",
  "yes": "Так",
  "no": "Не",
  "email": "Электронная пошта",
  "support": "Падтрымка",
+  "general": "Агульныя",
  "settings": "Налады",
+  "copied": "Скапіявана",
  "pleaseTryAgain": "Калі ласка, паспрабуйце яшчэ раз",
+  "existingUser": "Існуючы карыстальнік",
+  "newUser": "Навічок у Ente",
  "delete": "Выдаліць",
  "enterYourPasswordHint": "Увядзіце ваш пароль",
+  "forgotPassword": "Забылі пароль",
+  "oops": "Вой",
  "faq": "Частыя пытанні",
+  "leaveFamily": "Пакінуць сямейны план",
+  "scan": "Сканіраваць",
+  "scanACode": "Сканіраваць код",
+  "verify": "Праверыць",
+  "verifyEmail": "Праверыць электронную пошту",
+  "lostDeviceTitle": "Згубілі прыладу?",
+  "verifyPasskey": "Праверыць ключ доступу",
+  "loginWithTOTP": "Увайсці з TOTP",
+  "recoverAccount": "Аднавіць уліковы запіс",
+  "recover": "Аднавіць",
+  "invalidQRCode": "Памылковы QR-код",
  "deleteAccount": "Выдаліць уліковы запіс",
  "noDeleteAccountAction": "Не, выдаліць уліковы запіс",
  "sendEmail": "Адправіць ліст",
  "createNewAccount": "Стварыць новы ўліковы запіс",
+  "weakStrength": "Ненадзейны",
+  "strongStrength": "Надзейны",
+  "moderateStrength": "Умераная",
  "confirmPassword": "Пацвердзіць пароль",
  "close": "Закрыць",
  "oopsSomethingWentWrong": "Штосьці пайшло не так.",
+  "selectLanguage": "Выберыце мову",
  "language": "Мова",
+  "social": "Сацыяльныя сеткі",
  "security": "Бяспека",
+  "lockscreen": "Экран блакіроўкі",
  "searchHint": "Пошук...",
-  "search": "Пошук"
+  "search": "Пошук",
+  "noResult": "Няма вынікаў",
+  "addCode": "Дадаць код",
+  "scanAQrCode": "Сканіраваць QR-код",
+  "edit": "Рэдагаваць",
+  "share": "Абагуліць",
+  "shareCodes": "Абагуліць коды",
+  "restore": "Аднавіць",
+  "error": "Памылка",
+  "doThisLater": "Зрабіць гэта пазней",
+  "saveKey": "Захаваць ключ",
+  "save": "Захаваць",
+  "send": "Адправіць",
+  "back": "Назад",
+  "createAccount": "Стварыць уліковы запіс",
+  "password": "Пароль",
+  "privacyPolicyTitle": "Палітыка прыватнасці",
+  "termsOfServicesTitle": "Умовы",
+  "encryption": "Шыфраванне",
+  "setPasswordTitle": "Задаць пароль",
+  "changePasswordTitle": "Змяніць пароль",
+  "resetPasswordTitle": "Скінуць пароль",
+  "encryptionKeys": "Ключы шыфравання",
+  "continueLabel": "Працягнуць",
+  "insecureDevice": "Небяспечная прылада",
+  "howItWorks": "Як гэта працуе",
+  "logInLabel": "Увайсці",
+  "logout": "Выйсці",
+  "yesLogout": "Так, выйсці",
+  "exit": "Выхад",
+  "theme": "Тема",
+  "lightTheme": "Светлая",
+  "darkTheme": "Цёмная",
+  "systemTheme": "Сістэманая",
+  "invalidKey": "Памылковы ключ",
+  "tryAgain": "Паспрабуйце яшчэ раз",
+  "confirm": "Пацвердзіць",
+  "emailYourLogs": "Адправіць журналы",
+  "exportLogs": "Экспартаваць журналы",
+  "about": "Аб праграме",
+  "privacy": "Прыватнасць",
+  "terms": "Умовы",
+  "checkStatus": "Праверыць статус",
+  "downloadUpdate": "Спампаваць",
+  "update": "Абнавіць",
+  "checking": "Праверка...",
+  "warning": "Папярэджанне",
+  "iUnderStand": "Ясна",
+  "@iUnderStand": {
+    "description": "Text for the button to confirm the user understands the warning"
+  },
+  "importSuccessTitle": "Ура!",
+  "sorry": "Прабачце",
+  "pendingSyncs": "Папярэджанне",
+  "resendEmail": "Адправіць ліст яшчэ раз",
+  "manualSort": "Карыстальніцкая",
+  "editOrder": "Рэдагаваць заказ",
+  "mostFrequentlyUsed": "Часта выкарыстоўваюцца",
+  "mostRecentlyUsed": "Нядаўна выкарыстаныя",
+  "activeSessions": "Актыўныя сеансы",
+  "terminate": "Перарваць",
+  "thisDevice": "Гэта прылада",
+  "incorrectCode": "Няправільны код",
+  "enterPassword": "Увядзіце пароль",
+  "encrypted": "Зашыфравана",
+  "plainText": "Звычайны тэкст",
+  "export": "Экспартаваць",
+  "singIn": "Увайсці",
+  "compactMode": "Кампактны рэжым",
+  "shouldHideCode": "Схаваць коды",
+  "androidBiometricHint": "Праверыць ідэнтыфікацыю",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Паспяхова",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "Скасаваць",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "goToSettings": "Перайсці ў налады",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "iOSOkButton": "OK",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "doNotSignOut": "Не выходзіць",
+  "passkey": "Ключ доступу",
+  "loginSessionExpired": "Сеанс завяршыўся",
+  "pinText": "Замацаваць",
+  "unpinText": "Адмацаваць",
+  "pinned": "Замацавана",
+  "tags": "Тэгі",
+  "createNewTag": "Стварыць новы тэг",
+  "tag": "Тэг",
+  "create": "Стварыць",
+  "editTag": "Рэдагаванне тэг",
+  "deleteTagTitle": "Выдаліць тэг?",
+  "viewRawCodes": "Паглядзець неапрацаваныя коды",
+  "rawCodes": "Неапрацаваныя коды",
+  "rawCodeData": "Неапрацаваныя даныя кода",
+  "appLock": "Блакіроўка праграмы",
+  "autoLock": "Аўтаблакіроўка",
+  "immediately": "Адразу",
+  "reEnterPin": "Увядзіце PIN-код яшчэ раз",
+  "next": "Далей",
+  "tapToUnlock": "Націсніце для разблакіроўкі",
+  "deviceLock": "Блакіроўка прылады",
+  "hideContent": "Схаваць змест",
+  "pinLock": "Блакіроўка PIN'ам",
+  "enterPin": "Увядзіце PIN-код",
+  "setNewPin": "Задаць новы PIN",
+  "deselectAll": "Зняць выбар з усіх",
+  "selectAll": "Выбраць усе",
+  "plainHTML": "Звычайны HTML",
+  "advanced": "Пашыраныя",
+  "algorithm": "Алгарытм",
+  "type": "Тып",
+  "period": "Перыяд",
+  "digits": "Лічбы"
 }
--- a/auth/lib/l10n/arb/app_de.arb
+++ b/auth/lib/l10n/arb/app_de.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Ungültiger QR-Code",
  "noRecoveryKeyTitle": "Kein Wiederherstellungsschlüssel?",
  "enterEmailHint": "Geben Sie Ihre E-Mail-Adresse ein",
+  "enterNewEmailHint": "Gib deine neue E-Mail-Adresse ein",
  "invalidEmailTitle": "Ungültige E-Mail-Adresse",
  "invalidEmailMessage": "Bitte geben Sie eine gültige E-Mail-Adresse ein.",
  "deleteAccount": "Konto löschen",
@@ -517,5 +518,6 @@
  "advanced": "Erweitert",
  "algorithm": "Algorithmus",
  "type": "Typ",
+  "period": "Periode",
  "digits": "Ziffern"
 }
--- a/auth/lib/l10n/arb/app_en.arb
+++ b/auth/lib/l10n/arb/app_en.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Invalid QR code",
  "noRecoveryKeyTitle": "No recovery key?",
  "enterEmailHint": "Enter your email address",
+  "enterNewEmailHint": "Enter your new email address",
  "invalidEmailTitle": "Invalid email address",
  "invalidEmailMessage": "Please enter a valid email address.",
  "deleteAccount": "Delete account",
--- a/auth/lib/l10n/arb/app_fr.arb
+++ b/auth/lib/l10n/arb/app_fr.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "QR code non valide",
  "noRecoveryKeyTitle": "Pas de clé de récupération ?",
  "enterEmailHint": "Entrez votre adresse e-mail",
+  "enterNewEmailHint": "Saisissez votre nouvelle adresse email",
  "invalidEmailTitle": "Adresse e-mail invalide",
  "invalidEmailMessage": "Veuillez saisir une adresse e-mail valide.",
  "deleteAccount": "Supprimer le compte",
@@ -514,5 +515,9 @@
  "loginWithAuthAccount": "Connectez-vous avec votre compte Auth",
  "freeStorageOffer": "10% de réduction sur <bold-green>Ente</bold-green> Photos",
  "freeStorageOfferDescription": "Utilisez le code coupon \"AUTH\" pour obtenir 10% de réduction la première année",
-  "period": "Période"
+  "advanced": "Avancé",
+  "algorithm": "Algorithme",
+  "type": "Type",
+  "period": "Période",
+  "digits": "Chiffres"
 }
--- a/auth/lib/l10n/arb/app_hu.arb
+++ b/auth/lib/l10n/arb/app_hu.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Érvénytelen QR-kód",
  "noRecoveryKeyTitle": "Nincs helyreállítási kulcs?",
  "enterEmailHint": "Adja meg az e-mail címét",
+  "enterNewEmailHint": "Add meg az új e-mail címed",
  "invalidEmailTitle": "Érvénytelen e-mail cím",
  "invalidEmailMessage": "Kérjük, adjon meg egy érvényes e-mail címet.",
  "deleteAccount": "Fiók törlése",
@@ -513,5 +514,6 @@
  "free5GB": "5GB ingyen <bold-green>ente <bold-green> Photos",
  "loginWithAuthAccount": "Jelentkezzen be Auth fiókjával",
  "freeStorageOffer": "10% kedvezmény on <bold-green>ente<bold-green> photos",
-  "freeStorageOfferDescription": "Használja az \"AUTH\" kódot, hogy 10% kedvezményt kapjon az első évben"
+  "freeStorageOfferDescription": "Használja az \"AUTH\" kódot, hogy 10% kedvezményt kapjon az első évben",
+  "type": "Típus"
 }
--- a/auth/lib/l10n/arb/app_id.arb
+++ b/auth/lib/l10n/arb/app_id.arb
@@ -88,6 +88,8 @@
  "useRecoveryKey": "Gunakan kunci pemulihan",
  "incorrectPasswordTitle": "Kata sandi salah",
  "welcomeBack": "Selamat datang kembali!",
+  "emailAlreadyRegistered": "Email sudah terdaftar.",
+  "emailNotRegistered": "Email belum terdaftar.",
  "madeWithLoveAtPrefix": "dibuat dengan ❤️ di ",
  "supportDevs": "Berlangganan <bold-green>ente</bold-green> untuk mendukung kami",
  "supportDiscount": "Gunakan kode kupon \"AUTH\" untuk mendapatkan potongan 10% untuk tahun pertama",
@@ -171,6 +173,7 @@
  "invalidQRCode": "Kode QR tidak valid",
  "noRecoveryKeyTitle": "Tidak punya kunci pemulihan?",
  "enterEmailHint": "Masukkan alamat email Anda",
+  "enterNewEmailHint": "Masukkan alamat email baru anda",
  "invalidEmailTitle": "Alamat email tidak valid",
  "invalidEmailMessage": "Harap masukkan alamat email yang valid.",
  "deleteAccount": "Hapus akun",
@@ -501,5 +504,12 @@
  "deselectAll": "Batalkan semua pilihan",
  "selectAll": "Pilih semua",
  "deleteDuplicates": "Hapus duplikat",
-  "plainHTML": "HTML Sederhana"
+  "plainHTML": "HTML Sederhana",
+  "tellUsWhatYouThink": "Berikan pendapatmu",
+  "dropReviewAndroid": "Berikan ulasan di Play Store",
+  "advanced": "Lanjutan",
+  "algorithm": "Algoritma",
+  "type": "Tipe",
+  "period": "Periode",
+  "digits": "Digit"
 }
--- a/auth/lib/l10n/arb/app_it.arb
+++ b/auth/lib/l10n/arb/app_it.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Codice QR non valido",
  "noRecoveryKeyTitle": "Nessuna chiave di recupero?",
  "enterEmailHint": "Inserisci il tuo indirizzo email",
+  "enterNewEmailHint": "Inserisci il tuo nuovo indirizzo email",
  "invalidEmailTitle": "Indirizzo email non valido",
  "invalidEmailMessage": "Inserisci un indirizzo email valido.",
  "deleteAccount": "Elimina account",
--- a/auth/lib/l10n/arb/app_ku.arb
+++ b/auth/lib/l10n/arb/app_ku.arb
@@ -0,0 +1 @@
+{}
--- a/auth/lib/l10n/arb/app_nl.arb
+++ b/auth/lib/l10n/arb/app_nl.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Ongeldige QR-code",
  "noRecoveryKeyTitle": "Geen herstelsleutel?",
  "enterEmailHint": "Voer je e-mailadres in",
+  "enterNewEmailHint": "Voer uw nieuwe e-mailadres in",
  "invalidEmailTitle": "Ongeldig e-mailadres",
  "invalidEmailMessage": "Voer een geldig e-mailadres in.",
  "deleteAccount": "Account verwijderen",
@@ -513,5 +514,10 @@
  "free5GB": "5GB gratis op <bold-green>ente</bold-green> Photos",
  "loginWithAuthAccount": "Log in met je Auth account",
  "freeStorageOffer": "10% korting op <bold-green>ente</bold-green> photos",
-  "freeStorageOfferDescription": "Gebruik de code \"AUTH\" voor 10% korting op je eerste jaar"
+  "freeStorageOfferDescription": "Gebruik de code \"AUTH\" voor 10% korting op je eerste jaar",
+  "advanced": "Geavanceerd",
+  "algorithm": "Algoritme",
+  "type": "Type",
+  "period": "Periode",
+  "digits": "Cijfers"
 }
--- a/auth/lib/l10n/arb/app_pl.arb
+++ b/auth/lib/l10n/arb/app_pl.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Nieprawidłowy kod QR",
  "noRecoveryKeyTitle": "Brak klucza odzyskiwania?",
  "enterEmailHint": "Wprowadź adres e-mail",
+  "enterNewEmailHint": "Wprowadź nowy adres e-mail",
  "invalidEmailTitle": "Nieprawidłowy adres e-mail",
  "invalidEmailMessage": "Prosimy podać prawidłowy adres e-mail.",
  "deleteAccount": "Usuń konto",
--- a/auth/lib/l10n/arb/app_pt.arb
+++ b/auth/lib/l10n/arb/app_pt.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "QR Code inválido",
  "noRecoveryKeyTitle": "Sem chave de recuperação?",
  "enterEmailHint": "Insira o endereço de e-mail",
+  "enterNewEmailHint": "Insira seu novo e-mail",
  "invalidEmailTitle": "Endereço de e-mail inválido",
  "invalidEmailMessage": "Insira um endereço de e-mail válido.",
  "deleteAccount": "Excluir conta",
--- a/auth/lib/l10n/arb/app_sr.arb
+++ b/auth/lib/l10n/arb/app_sr.arb
@@ -0,0 +1,523 @@
+{
+  "account": "Налог",
+  "unlock": "Откључај",
+  "recoveryKey": "Резервни Кључ",
+  "counterAppBarTitle": "Бројач",
+  "@counterAppBarTitle": {
+    "description": "Text shown in the AppBar of the Counter Page"
+  },
+  "onBoardingBody": "Сигурносно правити копију 2ФА кôдова",
+  "onBoardingGetStarted": "Почети",
+  "setupFirstAccount": "Подесити свој први налог",
+  "importScanQrCode": "Скенирај QR кôд",
+  "qrCode": "QR кôд",
+  "importEnterSetupKey": "Унети кључ за подешавање",
+  "importAccountPageTitle": "Унети детаље налога",
+  "secretCanNotBeEmpty": "Тајна не може бити празна",
+  "bothIssuerAndAccountCanNotBeEmpty": "И издавалац и рачун не могу бити празни",
+  "incorrectDetails": "Погрешни детаљи",
+  "pleaseVerifyDetails": "Проверите детаље и покушајте поново",
+  "codeIssuerHint": "Издавач",
+  "codeSecretKeyHint": "Тајни кључ",
+  "secret": "Тајна",
+  "all": "Све",
+  "notes": "Белешке",
+  "notesLengthLimit": "Белешке могу имати највише {count} знакова",
+  "@notesLengthLimit": {
+    "description": "Text to indicate the maximum number of characters allowed for notes",
+    "placeholders": {
+      "count": {
+        "description": "The maximum number of characters allowed for notes",
+        "type": "int",
+        "example": "100"
+      }
+    }
+  },
+  "codeAccountHint": "Налог (you@domain.com)",
+  "codeTagHint": "Ознака",
+  "accountKeyType": "Тип кључа",
+  "sessionExpired": "Сесија је истекла",
+  "@sessionExpired": {
+    "description": "Title of the dialog when the users current session is invalid/expired"
+  },
+  "pleaseLoginAgain": "Молимо да се поново пријавите",
+  "loggingOut": "Одјављивање...",
+  "timeBasedKeyType": "Временски (TOTP)",
+  "counterBasedKeyType": "На основу бројања (HOTP)",
+  "saveAction": "Сачувај",
+  "nextTotpTitle": "следеће",
+  "deleteCodeTitle": "Обрисати кôд?",
+  "deleteCodeMessage": "Сигурно желите да избришете овај кôд? Ова акција је неповратна.",
+  "trashCode": "Кôд у смеће?",
+  "trashCodeMessage": "Сигурно желите да поставите кôд у смеће за {account}?",
+  "trash": "Смеће",
+  "viewLogsAction": "Прегледај извештаје",
+  "sendLogsDescription": "Ово ће делите ваше записе како би нам помогли да вам исправимо проблем. Док преузмемо мере предострожности да осигурамо да осетљиве информације нису пријављене, охрабрујемо вас да прегледате ове записе пре него што их делите.",
+  "preparingLogsTitle": "Спремање извештаја...",
+  "emailLogsTitle": "Имејловати извештаје",
+  "emailLogsMessage": "Пошаљите извештаје на {email}",
+  "@emailLogsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "copyEmailAction": "Копирати имејл",
+  "exportLogsAction": "Извези изештаје",
+  "reportABug": "Пријави грешку",
+  "crashAndErrorReporting": "Пријављивање дања и грешке",
+  "reportBug": "Пријaви грешку",
+  "emailUsMessage": "Пошаљите нам имејл на {email}",
+  "@emailUsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "contactSupport": "Контактирати подршку",
+  "rateUsOnStore": "Оцените нас на {storeName}",
+  "blog": "Блог",
+  "merchandise": "Роба",
+  "verifyPassword": "Верификујте лозинку",
+  "pleaseWait": "Молимо сачекајте...",
+  "generatingEncryptionKeysTitle": "Генерисање кључева за шифровање...",
+  "recreatePassword": "Поново креирати лозинку",
+  "recreatePasswordMessage": "Тренутни уређај није довољно моћан да потврди вашу лозинку, тако да је морамо да регенеришемо једном на начин који ради са свим уређајима. \n\nПријавите се помоћу кључа за опоравак и обновите своју лозинку (можете поново користити исту ако желите).",
+  "useRecoveryKey": "Користите кључ за опоравак",
+  "incorrectPasswordTitle": "Неисправна лозинка",
+  "welcomeBack": "Добродошли назад!",
+  "emailAlreadyRegistered": "Имејл је већ регистрован.",
+  "emailNotRegistered": "Имејл није регистрован.",
+  "madeWithLoveAtPrefix": "урађено са ❤️ на ",
+  "supportDevs": "Претплатити се на <bold-green>ente</bold-green> да би нас подржали",
+  "supportDiscount": "Употребите купон \"AUTH\" да би добили попуст од 10% прве године",
+  "changeEmail": "Промени имејл",
+  "changePassword": "Промени лозинку",
+  "data": "Подаци",
+  "importCodes": "Увоз кôдова",
+  "importTypePlainText": "Обичан текст",
+  "importTypeEnteEncrypted": "Ente шифрован извоз",
+  "passwordForDecryptingExport": "Лозинка за дешифровање извоза",
+  "passwordEmptyError": "Лозинка не може да буде празна",
+  "importFromApp": "Увоз кôдова од {appName}",
+  "importGoogleAuthGuide": "Извезите своје рачуне од Google Authenticator на QR кôд помоћу опције \"Трансфер налоге\". Затим помоћу другог уређаја скенирајте QR кôд.\n\nСавет: можете користити веб камеру вашег лаптопа да бисте снимили слику QR кôда.",
+  "importSelectJsonFile": "Одабрати JSON датотеку",
+  "importSelectAppExport": "Одабрати извозну датотеку {appName}-а",
+  "importEnteEncGuide": "Одабрати шифровану извозну JSON датотеку од Ente",
+  "importRaivoGuide": "Употребите \"Export OTPs to Zip archive\" опцију из подешавања Raivo-а.\n\nИздвојите zip датотеку и увезите JSON датотеку.",
+  "importBitwardenGuide": "Употребите \"Извоз Сефа\" из Bitwarden и увезите нешифровану JSON датотеку.",
+  "importAegisGuide": "Употребити \"Export the vault\" из Aegis-а.\n\nАко је сеф шифрован, мораћете унети лозинку сефа да би га дешифровали.",
+  "import2FasGuide": "Употребити \"Settings->Backup -Export\" из 2FAS-а.\n\nАко је ваша копија шифрирана, мораћете да унесете лозинку за дешифрирање копије",
+  "importLastpassGuide": "Употребити \"Transfer accounts\" из Lastpass Authenticator и стисните \"Export accounts to file\". Унесите преузет JSON.",
+  "exportCodes": "Извоз кôдова",
+  "importLabel": "Увоз",
+  "importInstruction": "Изаберите датотеку која садржи списак ваших кôдова у следећем формату",
+  "importCodeDelimiterInfo": "Кôдови се могу одвојити зарезом или новом линијом",
+  "selectFile": "Изаберите датотеку",
+  "emailVerificationToggle": "Имејл провера",
+  "emailVerificationEnableWarning": "Да бисте избегли да се закључате са свог рачуна, обавезно чувајте копију 2ФА имејла ван Ente Auth пре него што омогућите имејл верификацију.",
+  "authToChangeEmailVerificationSetting": "Потврдите аутентичност да промените верификацији имејл",
+  "authenticateGeneric": "Молимо потврдите аутентичност",
+  "authToViewYourRecoveryKey": "Аутентификујте се да бисте погледали кључ за опоравак",
+  "authToChangeYourEmail": "Аутентификујте се да бисте променили имејл",
+  "authToChangeYourPassword": "Аутентификујте се да бисте променили лозинку",
+  "authToViewSecrets": "Аутентификујте се да бисте прегледали Ваше тајне",
+  "authToInitiateSignIn": "Аутентификујте се да бисте почели пријављивање за копију.",
+  "ok": "У реду",
+  "cancel": "Откажи",
+  "yes": "Да",
+  "no": "Не",
+  "email": "Имејл",
+  "support": "Подршка",
+  "general": "Опште",
+  "settings": "Подешавања",
+  "copied": "Копирано",
+  "pleaseTryAgain": "Пробајте поново",
+  "existingUser": "Постојећи корисник",
+  "newUser": "Нов у Ente",
+  "delete": "Обриши",
+  "enterYourPasswordHint": "Унесите лозинку",
+  "forgotPassword": "Заборавио сам лозинку",
+  "oops": "Упс",
+  "suggestFeatures": "Предложи карактеристике",
+  "faq": "Питања",
+  "somethingWentWrongMessage": "Нешто је пошло наопако, покушајте поново",
+  "leaveFamily": "Напусти family претплату",
+  "leaveFamilyMessage": "Јесте ли сигурни да желите да напустите family чланство?",
+  "inFamilyPlanMessage": "Имате family чланство!",
+  "hintForMobile": "Дуго притисните кôд за уређивање или уклањање.",
+  "hintForDesktop": "Десни клик на кôд за уређивање или уклањање.",
+  "scan": "Скенирај",
+  "scanACode": "Скенирај кôд",
+  "verify": "Верификуј",
+  "verifyEmail": "Потврди имејл",
+  "enterCodeHint": "Унесите 6-цифрени кôд из\nапликације за аутентификацију",
+  "lostDeviceTitle": "Узгубили сте уређај?",
+  "twoFactorAuthTitle": "Дво-факторска аутентификација",
+  "passkeyAuthTitle": "Верификација сигурносном кључем",
+  "verifyPasskey": "Проверите сигурносни кључ",
+  "loginWithTOTP": "Пријава са TOTP",
+  "recoverAccount": "Опоравак налога",
+  "enterRecoveryKeyHint": "Унети кључ за опоравак",
+  "recover": "Опорави",
+  "contactSupportViaEmailMessage": "Послати имејл на {email} са регистрованог имејла",
+  "@contactSupportViaEmailMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "invalidQRCode": "Неважећи QR кôд",
+  "noRecoveryKeyTitle": "Немате кључ за опоравак?",
+  "enterEmailHint": "Унесите Ваш имејл",
+  "enterNewEmailHint": "Унесите Ваш нови имејл",
+  "invalidEmailTitle": "Погрешна имејл адреса",
+  "invalidEmailMessage": "Унесите важећи имејл.",
+  "deleteAccount": "Избриши налог",
+  "deleteAccountQuery": "Жао нам је што одлазите. Да ли се суочавате са неком грешком?",
+  "yesSendFeedbackAction": "Да, послати повратне информације",
+  "noDeleteAccountAction": "Не, избрисати налог",
+  "initiateAccountDeleteTitle": "Молимо вас да се аутентификујете за брисање рачуна",
+  "sendEmail": "Шаљи имејл",
+  "createNewAccount": "Креирај нови налог",
+  "weakStrength": "Слабо",
+  "strongStrength": "Јако",
+  "moderateStrength": "Умерено",
+  "confirmPassword": "Потврдите лозинку",
+  "close": "Затвори",
+  "oopsSomethingWentWrong": "Нешто није у реду.",
+  "selectLanguage": "Изабери језик",
+  "language": "Језик",
+  "social": "Друштвене мреже",
+  "security": "Безбедност",
+  "lockscreen": "Закључавање екрана",
+  "authToChangeLockscreenSetting": "Аутентификујте се да бисте променили закључавање екрана",
+  "deviceLockEnablePreSteps": "Да бисте омогућили закључавање уређаја, молимо вас да подесите шифру уређаја или закључавање екрана у системским подешавањима.",
+  "viewActiveSessions": "Видети активне сесије",
+  "authToViewYourActiveSessions": "Аутентификујте се да бисте преглеадали активне сесије",
+  "searchHint": "Претрага...",
+  "search": "Претрага",
+  "sorryUnableToGenCode": "Извините, не могу да генеришем кôд за {issuerName}",
+  "noResult": "Нема резултата",
+  "addCode": "Додај кôд",
+  "scanAQrCode": "Скенирај QR кôд",
+  "enterDetailsManually": "Ручно унети детеље",
+  "edit": "Уреди",
+  "share": "Подели",
+  "shareCodes": "Дели кôдове",
+  "shareCodesDuration": "Изаберите трајање за које желите да поделите кôдове.",
+  "restore": "Врати",
+  "copiedToClipboard": "Копирано у оставу",
+  "copiedNextToClipboard": "Копирали следећи кôд у остави",
+  "error": "Грешка",
+  "recoveryKeyCopiedToClipboard": "Кључ за опоравак копирано у остави",
+  "recoveryKeyOnForgotPassword": "Ако заборавите лозинку, једини начин на који можете повратити податке је са овим кључем.",
+  "recoveryKeySaveDescription": "Не чувамо овај кључ, молимо да сачувате кључ од 24 речи на сигурном месту.",
+  "doThisLater": "Уради то касније",
+  "saveKey": "Сачувај кључ",
+  "save": "Сачувај",
+  "send": "Пошаљи",
+  "saveOrSendDescription": "Да ли желите да ово сачувате у складиште (фасцикли за преузимање подразумевано) или да га пошаљете другим апликацијама?",
+  "saveOnlyDescription": "Да ли желите да ово сачувате у складиште (фасцикли за преузимање подразумевано)?",
+  "back": "Назад",
+  "createAccount": "Направи налог",
+  "passwordStrength": "Снага лозинке: {passwordStrengthValue}",
+  "@passwordStrength": {
+    "description": "Text to indicate the password strength",
+    "placeholders": {
+      "passwordStrengthValue": {
+        "description": "The strength of the password as a string",
+        "type": "String",
+        "example": "Weak or Moderate or Strong"
+      }
+    },
+    "message": "Password Strength: {passwordStrengthText}"
+  },
+  "password": "Лозинка",
+  "signUpTerms": "Прихватам <u-terms>услове сервиса</u-terms> и <u-policy>политику приватности</u-policy>",
+  "privacyPolicyTitle": "Политика приватности",
+  "termsOfServicesTitle": "Услови",
+  "encryption": "Шифровање",
+  "setPasswordTitle": "Постави лозинку",
+  "changePasswordTitle": "Промени лозинку",
+  "resetPasswordTitle": "Ресетуј лозинку",
+  "encryptionKeys": "Кључеве шифровања",
+  "passwordWarning": "Не чувамо ову лозинку, па ако је заборавите, <underline>не можемо дешифрирати ваше податке</underline>",
+  "enterPasswordToEncrypt": "Унесите лозинку за употребу за шифровање ваших података",
+  "enterNewPasswordToEncrypt": "Унесите нову лозинку за употребу за шифровање ваших података",
+  "passwordChangedSuccessfully": "Лозинка је успешно промењена",
+  "generatingEncryptionKeys": "Генерисање кључева за шифровање...",
+  "continueLabel": "Настави",
+  "insecureDevice": "Уређај није сигуран",
+  "sorryWeCouldNotGenerateSecureKeysOnThisDevicennplease": "Извините, не можемо да генеришемо сигурне кључеве на овом уређају.\n\nМолимо пријавите се са другог уређаја.",
+  "howItWorks": "Како то функционише",
+  "ackPasswordLostWarning": "Разумем да ако изгубим лозинку, могу изгубити своје податке пошто су <underline>шифрирани од краја до краја</underline>.",
+  "loginTerms": "Кликом на пријаву, прихватам <u-terms>услове сервиса</u-terms> и <u-policy>политику приватности</u-policy>",
+  "logInLabel": "Пријави се",
+  "logout": "Одјави ме",
+  "areYouSureYouWantToLogout": "Да ли сте сигурни да се одјавите?",
+  "yesLogout": "Да, одјави ме",
+  "exit": "Излаз",
+  "theme": "Тема",
+  "lightTheme": "Светла",
+  "darkTheme": "Tamna",
+  "systemTheme": "Систем",
+  "verifyingRecoveryKey": "Провера кључа за опоравак...",
+  "recoveryKeyVerified": "Кључ за опоравак је проверен",
+  "recoveryKeySuccessBody": "Сјајно! Ваш кључ за опоравак важи. Хвала за проверу.\n\nИмајте на уму да задржите кључ за опоравак на сигрном.",
+  "invalidRecoveryKey": "Кључ за опоравак који сте унели није валидан. Молимо вас да будете сигурни да садржи 24 речи и проверите правопис сваког.\n\nАко сте унели старији кôд за опоравак, проверите да ли је дугачак 64 знака и проверите сваки од њих.",
+  "recreatePasswordTitle": "Поново креирати лозинку",
+  "recreatePasswordBody": "Тренутни уређај није довољно моћан да потврди вашу лозинку, али можемо регенерирати на начин који ради са свим уређајима.\n\nПријавите се помоћу кључа за опоравак и обновите своју лозинку (можете поново користити исту ако желите).",
+  "invalidKey": "Неисправан кључ",
+  "tryAgain": "Покушај поново",
+  "viewRecoveryKey": "Видети кључ за опоравак",
+  "confirmRecoveryKey": "Потврдити кључ за опоравак",
+  "recoveryKeyVerifyReason": "Ваш кључ за опоравак је једини начин да се врате фотографије ако заборавите лозинку. Можете пронаћи свој кључ за опоравак у Подешавања> Рачун.\n\nОвдје унесите кључ за опоравак да бисте проверили да ли сте га исправно сачували.",
+  "confirmYourRecoveryKey": "Потврдити кључ за опоравак",
+  "confirm": "Потврди",
+  "emailYourLogs": "Имејлирајте извештаје",
+  "pleaseSendTheLogsTo": "Пошаљите извештаје на \n{toEmail}",
+  "copyEmailAddress": "Копирати имејл адресу",
+  "exportLogs": "Извези изештаје",
+  "enterYourRecoveryKey": "Унети кључ за опоравак",
+  "tempErrorContactSupportIfPersists": "Изгледа да је нешто погрешно. Покушајте поново након неког времена. Ако грешка настави, обратите се нашем тиму за подршку.",
+  "networkHostLookUpErr": "Није могуће повезивање са Ente-ом, молимо вас да проверите мрежне поставке и контактирајте подршку ако грешка и даље постоји.",
+  "networkConnectionRefusedErr": "Није могуће повезивање са Ente-ом, покушајте поново мало касније. Ако грешка настави, обратите се подршци.",
+  "itLooksLikeSomethingWentWrongPleaseRetryAfterSome": "Изгледа да је нешто погрешно. Покушајте поново након неког времена. Ако грешка настави, обратите се нашем тиму за подршку.",
+  "about": "О програму",
+  "weAreOpenSource": "Користимо отворени извор!",
+  "privacy": "Приватност",
+  "terms": "Услови",
+  "checkForUpdates": "Провери ажурирања",
+  "checkStatus": "Провери статус",
+  "downloadUpdate": "Преузми",
+  "criticalUpdateAvailable": "Критично ажурирање је доступно",
+  "updateAvailable": "Доступно ажурирање",
+  "update": "Ажурирај",
+  "checking": "Провера...",
+  "youAreOnTheLatestVersion": "Користите најновију верзију",
+  "warning": "Упозорење",
+  "exportWarningDesc": "Извозна датотека садржи осетљиве информације. Молимо вас да је чувате на сигурно.",
+  "iUnderStand": "Разумем",
+  "@iUnderStand": {
+    "description": "Text for the button to confirm the user understands the warning"
+  },
+  "authToExportCodes": "Аутентификујте се да бисте извезли кôдове",
+  "importSuccessTitle": "Jeeee!",
+  "importSuccessDesc": "Увели сте {count} кôдова!",
+  "@importSuccessDesc": {
+    "placeholders": {
+      "count": {
+        "description": "The number of codes imported",
+        "type": "int",
+        "example": "1"
+      }
+    }
+  },
+  "sorry": "Жао ми је",
+  "importFailureDesc": "Нисам могао да анализирам изабрану датотеку.\nПишите на support@ente.io ако вам је потребна помоћ!",
+  "pendingSyncs": "Упозорење",
+  "pendingSyncsWarningBody": "Неки од ваших кôдова нису сачувани.\n\nМолимо вас осигурајте да имате резервну копију за ове кôдове пре него што се одјавите.",
+  "checkInboxAndSpamFolder": "Молимо вас да проверите примљену пошту (и нежељену пошту) да бисте довршили верификацију",
+  "tapToEnterCode": "Пипните да бисте унели кôд",
+  "resendEmail": "Поново послати имејл",
+  "weHaveSendEmailTo": "Послали смо имејл на <green>{email}</green>",
+  "@weHaveSendEmailTo": {
+    "description": "Text to indicate that we have sent a mail to the user",
+    "placeholders": {
+      "email": {
+        "description": "The email address of the user",
+        "type": "String",
+        "example": "example@ente.io"
+      }
+    }
+  },
+  "manualSort": "Прилагођено",
+  "editOrder": "Уреди поредак",
+  "mostFrequentlyUsed": "Често коришћено",
+  "mostRecentlyUsed": "Недавно коришћено",
+  "activeSessions": "Активне сесије",
+  "somethingWentWrongPleaseTryAgain": "Нешто је пошло наопако. Покушајте поново",
+  "thisWillLogYouOutOfThisDevice": "Ово ће вас одјавити из овог уређаја!",
+  "thisWillLogYouOutOfTheFollowingDevice": "Ово ће вас одјавити из овог уређаја:",
+  "terminateSession": "Прекинути сесију?",
+  "terminate": "Прекини",
+  "thisDevice": "Овај уређај",
+  "toResetVerifyEmail": "Да бисте ресетовали лозинку, прво потврдите свој имејл.",
+  "thisEmailIsAlreadyInUse": "Овај имејл је већ у употреби",
+  "verificationFailedPleaseTryAgain": "Неуспешна верификација, покушајте поново",
+  "yourVerificationCodeHasExpired": "Ваш верификациони кôд је истекао",
+  "incorrectCode": "Погрешан кôд",
+  "sorryTheCodeYouveEnteredIsIncorrect": "Унет кôд није добар",
+  "emailChangedTo": "Имејл промењен на {newEmail}",
+  "authenticationFailedPleaseTryAgain": "Аутентификација није успела, покушајте поново",
+  "authenticationSuccessful": "Успешна аутентификација!",
+  "twofactorAuthenticationSuccessfullyReset": "Двофакторска аутентификација успешно рисетирана",
+  "incorrectRecoveryKey": "Нетачан кључ за опоравак",
+  "theRecoveryKeyYouEnteredIsIncorrect": "Унети кључ за опоравак је натачан",
+  "enterPassword": "Унеси лозинку",
+  "selectExportFormat": "Изабрати формат извоза",
+  "exportDialogDesc": "Шифровани извоз ће бити заштићен лозинком по вашем избору.",
+  "encrypted": "Шифровано",
+  "plainText": "Обичан текст",
+  "passwordToEncryptExport": "Лозинка за шифровање извоза",
+  "export": "Извези",
+  "useOffline": "Користите без резервних копија",
+  "signInToBackup": "Пријавите се да бисте сачували кôдове",
+  "singIn": "Пријавите се",
+  "sigInBackupReminder": "Извезите кôдове да бисте имали резервну копију од које можете да их вратите.",
+  "offlineModeWarning": "Одлучили сте да наставите без резервних копија. Молимо примите ручне резервне копије да бисте били сигурни да су ваше кодове на сигурном.",
+  "showLargeIcons": "Прикажи велике иконе",
+  "compactMode": "Компактни режим",
+  "shouldHideCode": "Сакриј кодове",
+  "doubleTapToViewHiddenCode": "Можете да двапут додирнете унос да бисте видели кôд",
+  "focusOnSearchBar": "Фокус на претрагу на покретање",
+  "confirmUpdatingkey": "Јесте ли сигурни да желите да ажурирате тајну кључ?",
+  "minimizeAppOnCopy": "Умањи апликацију после копије",
+  "editCodeAuthMessage": "Аутентификуј се за уред кôда",
+  "deleteCodeAuthMessage": "Аутентификуј се за брсање кôда",
+  "showQRAuthMessage": "Аутентификуј се за приказ QR кôда",
+  "confirmAccountDeleteTitle": "Потврда брисања рачуна",
+  "confirmAccountDeleteMessage": "Овај налог је повезан са другим Ente апликацијама, ако користите било коју.\n\nВаши преношени подаци, на свим Ente апликацијама биће заказани за брисање, и ваш рачун ће се трајно избрисати.",
+  "androidBiometricHint": "Потврдите идентитет",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "Нисмо препознали. Покушати поново.",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Успех",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "Откажи",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "Потребна аутентификација",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "Потребна је биометрија",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "Потребни су акредитиви уређаја",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsSetupDescription": "Потребни су акредитиви уређаја",
+  "@androidDeviceCredentialsSetupDescription": {
+    "description": "Message advising the user to go to the settings and configure device credentials on their device. It shows in a dialog on Android side."
+  },
+  "goToSettings": "Иди на поставке",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "Биометријска аутентификација није постављена на вашем уређају. Идите на \"Подешавања> Сигурност\" да бисте додали биометријску аутентификацију.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Биометријска аутентификација је онемогућена. Закључајте и откључите екран да бисте је омогућили.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Биометријска аутентификација није постављена на вашем уређају. Молимо или омогућите Touch ID или Face ID.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "У реду",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "noInternetConnection": "Нема интернет везе",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Провери своју везу са интернетом и покушај поново.",
+  "signOutFromOtherDevices": "Одјави се из других уређаја",
+  "signOutOtherBody": "Ако мислиш да неко може знати твоју лозинку, можеш приморати одјављивање све остале уређаје које користе твој налог.",
+  "signOutOtherDevices": "Одјави друге уређаје",
+  "doNotSignOut": "Не одјави",
+  "hearUsWhereTitle": "Како сте чули о Ente? (опционо)",
+  "hearUsExplanation": "Не пратимо инсталацију апликације. Помогло би да нам кажеш како си нас нашао!",
+  "recoveryKeySaved": "Кључ за опоравак сачуван у фасцикли за преузимање!",
+  "waitingForBrowserRequest": "Чека се захтев за претраживач...",
+  "waitingForVerification": "Чека се верификација...",
+  "passkey": "Кључ за приступ",
+  "passKeyPendingVerification": "Верификација је још у току",
+  "loginSessionExpired": "Сесија је истекла",
+  "loginSessionExpiredDetails": "Ваша сесија је истекла. Молимо пријавите се поново.",
+  "developerSettingsWarning": "Сигурно желиш да промениш подешавања за програмере?",
+  "developerSettings": "Подешавања за програмере",
+  "serverEndpoint": "Крајња тачка сервера",
+  "invalidEndpoint": "Погрешна крајња тачка",
+  "invalidEndpointMessage": "Извини, крајња тачка коју си унео је неважећа. Унеси важећу крајњу тачку и покушај поново.",
+  "endpointUpdatedMessage": "Крајна тачка успешно ажурирана",
+  "customEndpoint": "Везано за {endpoint}",
+  "pinText": "Закачи",
+  "unpinText": "Откачи",
+  "pinnedCodeMessage": "{code} је прикачен",
+  "unpinnedCodeMessage": "{code} је одкачен",
+  "pinned": "Прикачено",
+  "tags": "Ознаке",
+  "createNewTag": "Креирај нову ознаку",
+  "tag": "Ознака",
+  "create": "Направи",
+  "editTag": "Уреди ознаку",
+  "deleteTagTitle": "Обрисати ознаку?",
+  "deleteTagMessage": "Сигурно желите да избришете ову ознаку? Ова акција је неповратна.",
+  "somethingWentWrongParsingCode": "Нисмо били у стању да рашчланимо {x} кôдова.",
+  "updateNotAvailable": "Ажурирање није доступно",
+  "viewRawCodes": "Погледајте сирове кôдове",
+  "rawCodes": "Сирове кôдове",
+  "rawCodeData": "Податак сировог кôда",
+  "appLock": "Закључавање апликације",
+  "noSystemLockFound": "Није пронађено ниједно закључавање система",
+  "toEnableAppLockPleaseSetupDevicePasscodeOrScreen": "Да бисте омогућили закључавање апликације, молимо вас да подесите шифру уређаја или закључавање екрана у системским подешавањима.",
+  "autoLock": "Ауто-закључавање",
+  "immediately": "Одмах",
+  "reEnterPassword": "Поново унеси лозинку",
+  "reEnterPin": "Поново унеси ПИН",
+  "next": "Следеће",
+  "tooManyIncorrectAttempts": "Превише погрешних покушаја",
+  "tapToUnlock": "Додирните да бисте откључали",
+  "setNewPassword": "Постави нову лозинку",
+  "deviceLock": "Закључавање уређаја",
+  "hideContent": "Сакриј садржај",
+  "hideContentDescriptionAndroid": "Сакрива садржај апликације у пребацивање апликација и онемогућује снимке екрана",
+  "hideContentDescriptioniOS": "Сакрива садржај апликације у пребацивање апликација",
+  "autoLockFeatureDescription": "Време након којег се апликација блокира након што је постављенеа у позадину",
+  "appLockDescription": "Изаберите између заданог закључавање екрана вашег уређаја и прилагођени екран за закључавање са ПИН-ом или лозинком.",
+  "pinLock": "ПИН клокирање",
+  "enterPin": "Унеси ПИН",
+  "setNewPin": "Постави нови ПИН",
+  "importFailureDescNew": "Није могао да анализира изабрану датотеку.",
+  "appLockNotEnabled": "Блокирање апликације није упаљено",
+  "appLockNotEnabledDescription": "Молимо упалие блокирање апликације на Безбедност > Блокирај апликацију",
+  "authToViewPasskey": "Аутентификујте се да бисте прегледали кључ",
+  "appLockOfflineModeWarning": "Одлучили сте да наставите без резервних копија. Ако заборавите лозинку, нећете моћи да приступите својим подацима.",
+  "duplicateCodes": "Дупликатни кодови",
+  "noDuplicates": "✨ Нема дупликата",
+  "youveNoDuplicateCodesThatCanBeCleared": "Немате дупликатне кодове који се могу очистити",
+  "deduplicateCodes": "Дедуплицирај кодове",
+  "deselectAll": "Поништи избор свега",
+  "selectAll": "Изабери све",
+  "deleteDuplicates": "Обриши дупликате",
+  "plainHTML": "HTML",
+  "tellUsWhatYouThink": "Реци нам шта мислиш",
+  "dropReviewiOS": "Напиши мишљење на App Store",
+  "dropReviewAndroid": "Напиши мишљење на Play Store",
+  "supportEnte": "Подржи <bold-green>ente</bold-green>",
+  "giveUsAStarOnGithub": "Дај нам звездицу на Github",
+  "free5GB": "5GB бесплатно на <bold-green>ente</bold-green> Photos",
+  "loginWithAuthAccount": "Пријави се са твојим Auth налогом",
+  "freeStorageOffer": "Попуст од 10% на <bold-green>ente</bold-green> photos",
+  "freeStorageOfferDescription": "Употребите кôд \"AUTH\" да би добили попуст од 10% прве године",
+  "advanced": "Напредно",
+  "algorithm": "Алгоритам",
+  "type": "Тип",
+  "period": "Период",
+  "digits": "Цифре"
+}
--- a/auth/lib/l10n/arb/app_sv.arb
+++ b/auth/lib/l10n/arb/app_sv.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Ogiltig QR-kod",
  "noRecoveryKeyTitle": "Ingen återställningsnyckel?",
  "enterEmailHint": "Ange din e-postadress",
+  "enterNewEmailHint": "Ange din nya e-postadress",
  "invalidEmailTitle": "Ogiltig e-postadress",
  "invalidEmailMessage": "Ange en giltig e-postadress.",
  "deleteAccount": "Radera konto",
@@ -368,16 +369,19 @@
  "signInToBackup": "Logga in för att säkerhetskopiera dina koder",
  "singIn": "Logga in",
  "sigInBackupReminder": "Vänligen exportera dina koder för att säkerställa att du har en säkerhetskopia som du kan återställa från.",
+  "offlineModeWarning": "Du har valt att fortsätta utan säkerhetskopior. Vänligen ta manuella säkerhetskopior för att se till att dina koder är säkra.",
  "showLargeIcons": "Visa stora ikoner",
  "compactMode": "Kompakt läge",
  "shouldHideCode": "Dölj koder",
  "doubleTapToViewHiddenCode": "Du kan dubbeltrycka på en post för att visa koden",
  "focusOnSearchBar": "Fokusera på sök vid appstart",
+  "confirmUpdatingkey": "Är du säker på att du vill uppdatera den hemliga nyckeln?",
  "minimizeAppOnCopy": "Minimera appen vid kopiering",
  "editCodeAuthMessage": "Autentisera för att redigera kod",
  "deleteCodeAuthMessage": "Autentisera för att radera kod",
  "showQRAuthMessage": "Autentisera för att visa QR-kod",
  "confirmAccountDeleteTitle": "Bekräfta radering av kontot",
+  "confirmAccountDeleteMessage": "Detta konto är kopplat till andra Ente apps, om du använder någon.\n\nDina uppladdade data, över alla Ente appar, kommer att schemaläggas för radering och ditt konto kommer att raderas permanent.",
  "androidBiometricHint": "Verifiera identitet",
  "@androidBiometricHint": {
    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
@@ -414,6 +418,18 @@
  "@goToSettings": {
    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
  },
+  "androidGoToSettingsDescription": "Biometrisk autentisering är inte konfigurerad på din enhet. Gå till \"Inställningar > Säkerhet\" för att lägga till biometrisk autentisering.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Biometrisk autentisering är inaktiverat. Lås och lås upp din skärm för att aktivera den.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Biometrisk autentisering är inte konfigurerad på din enhet. Aktivera antingen Touch ID eller Face ID på din telefon.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
  "iOSOkButton": "OK",
  "@iOSOkButton": {
    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
@@ -421,6 +437,7 @@
  "noInternetConnection": "Ingen internetanslutning",
  "pleaseCheckYourInternetConnectionAndTryAgain": "Kontrollera din internetanslutning och försök igen.",
  "signOutFromOtherDevices": "Logga ut från andra enheter",
+  "signOutOtherBody": "Om du tror att någon kanske känner till ditt lösenord kan du tvinga alla andra enheter med ditt konto att logga ut.",
  "signOutOtherDevices": "Logga ut andra enheter",
  "doNotSignOut": "Logga inte ut",
  "hearUsWhereTitle": "Hur hörde du talas om Ente? (valfritt)",
@@ -450,6 +467,7 @@
  "create": "Skapa",
  "editTag": "Redigera tagg",
  "deleteTagTitle": "Radera tagg?",
+  "deleteTagMessage": "Vill du ta bort den här koden? Det går inte att ångra den här åtgärden.",
  "somethingWentWrongParsingCode": "Vi kunde inte tolka {x} koder.",
  "updateNotAvailable": "Uppdateringen är inte tillgänglig",
  "viewRawCodes": "Visa råa koder",
--- a/auth/lib/l10n/arb/app_tr.arb
+++ b/auth/lib/l10n/arb/app_tr.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "Geçersiz QR kodu",
  "noRecoveryKeyTitle": "Kurtarma anahtarınız yok mu?",
  "enterEmailHint": "E-posta adresinizi girin",
+  "enterNewEmailHint": "Yeni e-posta adresinizi girin",
  "invalidEmailTitle": "Geçersiz e-posta adresi",
  "invalidEmailMessage": "Lütfen geçerli bir e-posta adresi girin.",
  "deleteAccount": "Hesabı sil",
--- a/auth/lib/l10n/arb/app_zh_CN.arb
+++ b/auth/lib/l10n/arb/app_zh_CN.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "二维码无效",
  "noRecoveryKeyTitle": "没有恢复密钥吗？",
  "enterEmailHint": "请输入您的电子邮件地址",
+  "enterNewEmailHint": "请输入您的新电子邮件地址",
  "invalidEmailTitle": "无效的电子邮件地址",
  "invalidEmailMessage": "请输入一个有效的电子邮件地址。",
  "deleteAccount": "删除账户",
--- a/auth/lib/l10n/arb/app_zh_TW.arb
+++ b/auth/lib/l10n/arb/app_zh_TW.arb
@@ -173,6 +173,7 @@
  "invalidQRCode": "QR 碼無效",
  "noRecoveryKeyTitle": "沒有復原密鑰嗎？",
  "enterEmailHint": "請輸入您的電子郵件地址",
+  "enterNewEmailHint": "輸入你的新電子郵件地址",
  "invalidEmailTitle": "無效的電子郵件地址",
  "invalidEmailMessage": "請輸入一個有效的電子郵件地址。",
  "deleteAccount": "刪除帳戶",
--- a/auth/lib/main.dart
+++ b/auth/lib/main.dart
@@ -14,7 +14,6 @@ import 'package:ente_auth/services/billing_service.dart';
 import 'package:ente_auth/services/notification_service.dart';
 import 'package:ente_auth/services/preference_service.dart';
 import 'package:ente_auth/services/update_service.dart';
-import 'package:ente_auth/services/user_remote_flag_service.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/services/window_listener_service.dart';
 import 'package:ente_auth/store/code_display_store.dart';
@@ -87,19 +86,6 @@ void main() async {
  }
 }

-// Future<void> whiteListLetsEncryptRootCA() async {
-//   try {
-//     // https://stackoverflow.com/a/71090239
-//     // https://github.com/ente-io/ente/issues/2178
-//     ByteData data =
-//         await PlatformAssetBundle().load('assets/ca/lets-encrypt-r3.pem');
-//     SecurityContext.defaultContext
-//         .setTrustedCertificatesBytes(data.buffer.asUint8List());
-//   } catch (e) {
-//     _logger.severe("Failed to whitelist Let's Encrypt Root CA", e);
-//   }
-// }
-
 Future<void> _runInForeground() async {
  final savedThemeMode = _themeMode(await AdaptiveTheme.getThemeMode());
  return await _runWithLogs(() async {
@@ -116,7 +102,7 @@ Future<void> _runInForeground() async {
      AppLock(
        builder: (args) => App(locale: locale),
        lockScreen: const LockScreen(),
-        enabled: await Configuration.instance.shouldShowLockScreen(),
+        enabled: await LockScreenSettings.instance.shouldShowLockScreen(),
        locale: locale,
        lightTheme: lightThemeData,
        darkTheme: darkThemeData,
@@ -169,7 +155,6 @@ Future<void> _init(bool bool, {String? via}) async {
  await Configuration.instance.init();
  await Network.instance.init();
  await UserService.instance.init();
-  await UserRemoteFlagService.instance.init();
  await AuthenticatorService.instance.init();
  await BillingService.instance.init();
  await NotificationService.instance.init();
--- a/auth/lib/services/authenticator_service.dart
+++ b/auth/lib/services/authenticator_service.dart
@@ -13,6 +13,7 @@ import 'package:ente_auth/models/authenticator/auth_entity.dart';
 import 'package:ente_auth/models/authenticator/auth_key.dart';
 import 'package:ente_auth/models/authenticator/entity_result.dart';
 import 'package:ente_auth/models/authenticator/local_auth_entity.dart';
+import 'package:ente_auth/services/preference_service.dart';
 import 'package:ente_auth/store/authenticator_db.dart';
 import 'package:ente_auth/store/offline_authenticator_db.dart';
 import 'package:ente_crypto_dart/ente_crypto_dart.dart';
@@ -194,8 +195,13 @@ class AuthenticatorService {
    final int lastSyncTime = _prefs.getInt(_lastEntitySyncTime) ?? 0;
    _logger.info("Current sync is $lastSyncTime");
    const int fetchLimit = 500;
-    final List<AuthEntity> result =
+    late final List<AuthEntity> result;
+    late final int? epochTimeInMicroseconds;
+    (result, epochTimeInMicroseconds) =
        await _gateway.getDiff(lastSyncTime, limit: fetchLimit);
+    PreferenceService.instance
+        .computeAndStoreTimeOffset(epochTimeInMicroseconds);
+
    _logger.info("${result.length} entries fetched from remote");
    if (result.isEmpty) {
      return;
--- a/auth/lib/services/local_authentication_service.dart
+++ b/auth/lib/services/local_authentication_service.dart
@@ -1,6 +1,5 @@
 import 'dart:io';

-import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/ui/settings/lock_screen/lock_screen_password.dart';
 import 'package:ente_auth/ui/settings/lock_screen/lock_screen_pin.dart';
 import 'package:ente_auth/ui/tools/app_lock.dart';
@@ -42,7 +41,7 @@ class LocalAuthenticationService {
        isAuthenticatingForInAppChange: true,
      );
      AppLock.of(context)!.setEnabled(
-        await Configuration.instance.shouldShowLockScreen(),
+        await LockScreenSettings.instance.shouldShowLockScreen(),
      );
      if (!result) {
        showToast(context, infoMessage);
@@ -114,12 +113,13 @@ class LocalAuthenticationService {
      );
      if (result) {
        AppLock.of(context)!.setEnabled(shouldEnableLockScreen);
-        await Configuration.instance
+        await LockScreenSettings.instance
            .setSystemLockScreen(shouldEnableLockScreen);
        return true;
      } else {
-        AppLock.of(context)!
-            .setEnabled(await Configuration.instance.shouldShowLockScreen());
+        AppLock.of(context)!.setEnabled(
+          await LockScreenSettings.instance.shouldShowLockScreen(),
+        );
      }
    } else {
      // ignore: unawaited_futures
--- a/auth/lib/services/preference_service.dart
+++ b/auth/lib/services/preference_service.dart
@@ -18,6 +18,7 @@ class PreferenceService {
  late final SharedPreferences _prefs;

  static const kHasShownCoachMarkKey = "has_shown_coach_mark_v2";
+  static const kLocalTimeOffsetKey = "local_time_offset";
  static const kShouldShowLargeIconsKey = "should_show_large_icons";
  static const kShouldHideCodesKey = "should_hide_codes";
  static const kShouldAutoFocusOnSearchBar = "should_auto_focus_on_search_bar";
@@ -114,4 +115,24 @@ class PreferenceService {
      return installedTimeinMillis;
    }
  }
+
+  // localEpochOffsetInMilliSecond returns the local epoch offset in milliseconds.
+  // This is used to adjust the time for TOTP calculations when device local time is not in sync with actual time.
+  int timeOffsetInMilliSeconds() {
+    return _prefs.getInt(kLocalTimeOffsetKey) ?? 0;
+  }
+
+  void computeAndStoreTimeOffset(
+    int? epochTimeInMicroseconds,
+  ) {
+    if (epochTimeInMicroseconds == null) {
+      _prefs.remove(kLocalTimeOffsetKey);
+      return;
+    }
+    int serverEpochTimeInMilliSecond = epochTimeInMicroseconds ~/ 1000;
+    int localEpochTimeInMilliSecond = DateTime.now().millisecondsSinceEpoch;
+    int localEpochOffset =
+        serverEpochTimeInMilliSecond - localEpochTimeInMilliSecond;
+    _prefs.setInt(kLocalTimeOffsetKey, localEpochOffset);
+  }
 }
--- a/auth/lib/services/user_remote_flag_service.dart
+++ b/auth/lib/services/user_remote_flag_service.dart
@@ -1,141 +0,0 @@
-import 'dart:async';
-import 'dart:io';
-
-import 'package:collection/collection.dart';
-import 'package:dio/dio.dart';
-import 'package:ente_auth/core/configuration.dart';
-import 'package:ente_auth/core/event_bus.dart';
-import 'package:ente_auth/core/network.dart';
-import 'package:ente_auth/events/notification_event.dart';
-import 'package:ente_auth/services/user_service.dart';
-import 'package:logging/logging.dart';
-import 'package:shared_preferences/shared_preferences.dart';
-
-class UserRemoteFlagService {
-  final _dio = Network.instance.getDio();
-  final _logger = Logger((UserRemoteFlagService).toString());
-  final _config = Configuration.instance;
-  late SharedPreferences _prefs;
-
-  UserRemoteFlagService._privateConstructor();
-
-  static final UserRemoteFlagService instance =
-      UserRemoteFlagService._privateConstructor();
-
-  static const String recoveryVerificationFlag = "recoveryKeyVerified";
-  static const String needRecoveryKeyVerification =
-      "needRecoveryKeyVerification";
-
-  Future<void> init() async {
-    _prefs = await SharedPreferences.getInstance();
-  }
-
-  bool shouldShowRecoveryVerification() {
-    if (!_prefs.containsKey(needRecoveryKeyVerification)) {
-      // fetch the status from remote
-      unawaited(_refreshRecoveryVerificationFlag());
-      return false;
-    } else {
-      final bool shouldShow = _prefs.getBool(needRecoveryKeyVerification)!;
-      if (shouldShow) {
-        // refresh the status to check if user marked it as done on another device
-        unawaited(_refreshRecoveryVerificationFlag());
-      }
-      return shouldShow;
-    }
-  }
-
-  // markRecoveryVerificationAsDone is used to track if user has verified their
-  // recovery key in the past or not. This helps in avoid showing the same
-  // prompt to the user on re-install or signing into a different device
-  Future<void> markRecoveryVerificationAsDone() async {
-    await _updateKeyValue(recoveryVerificationFlag, true.toString());
-    await _prefs.setBool(needRecoveryKeyVerification, false);
-  }
-
-  Future<void> _refreshRecoveryVerificationFlag() async {
-    _logger.finest('refresh recovery key verification flag');
-    final remoteStatusValue =
-        await _getValue(recoveryVerificationFlag, "false");
-    final bool isNeedVerificationFlagSet =
-        _prefs.containsKey(needRecoveryKeyVerification);
-    if (remoteStatusValue.toLowerCase() == "true") {
-      await _prefs.setBool(needRecoveryKeyVerification, false);
-      // If the user verified on different device, then we should refresh
-      // the UI to dismiss the Notification.
-      if (isNeedVerificationFlagSet) {
-        Bus.instance.fire(NotificationEvent());
-      }
-    } else if (!isNeedVerificationFlagSet) {
-      // Verification is not done yet as remoteStatus is false and local flag to
-      // show notification isn't set. Set the flag to true if any active
-      // session is older than 1 day.
-      final activeSessions = await UserService.instance.getActiveSessions();
-      final int microSecondsInADay = const Duration(days: 1).inMicroseconds;
-      final bool anyActiveSessionOlderThanADay =
-          activeSessions.sessions.firstWhereOrNull(
-                (e) =>
-                    (e.creationTime + microSecondsInADay) <
-                    DateTime.now().microsecondsSinceEpoch,
-              ) !=
-              null;
-      if (anyActiveSessionOlderThanADay) {
-        await _prefs.setBool(needRecoveryKeyVerification, true);
-        Bus.instance.fire(NotificationEvent());
-      } else {
-        // continue defaulting to no verification prompt
-        _logger.finest('No active session older than 1 day');
-      }
-    }
-  }
-
-  Future<String> _getValue(String key, String? defaultValue) async {
-    try {
-      final Map<String, dynamic> queryParams = {"key": key};
-      if (defaultValue != null) {
-        queryParams["defaultValue"] = defaultValue;
-      }
-      final response = await _dio.get(
-        "${_config.getHttpEndpoint()}/remote-store",
-        queryParameters: queryParams,
-        options: Options(
-          headers: {
-            "X-Auth-Token": _config.getToken(),
-          },
-        ),
-      );
-      if (response.statusCode != HttpStatus.ok) {
-        throw Exception("Unexpected status code ${response.statusCode}");
-      }
-      return response.data["value"];
-    } catch (e) {
-      _logger.info("Error while fetching bool status for $key", e);
-      rethrow;
-    }
-  }
-
-  // _setBooleanFlag sets the corresponding flag on remote
-  // to mark recovery as completed
-  Future<void> _updateKeyValue(String key, String value) async {
-    try {
-      final response = await _dio.post(
-        "${_config.getHttpEndpoint()}/remote-store/update",
-        data: {
-          "key": key,
-          "value": value,
-        },
-        options: Options(
-          headers: {
-            "X-Auth-Token": _config.getToken(),
-          },
-        ),
-      );
-      if (response.statusCode != HttpStatus.ok) {
-        throw Exception("Unexpected state");
-      }
-    } catch (e) {
-      _logger.warning("Failed to set flag for $key", e);
-      rethrow;
-    }
-  }
-}
--- a/auth/lib/ui/account/change_email_dialog.dart
+++ b/auth/lib/ui/account/change_email_dialog.dart
@@ -18,7 +18,7 @@ class _ChangeEmailDialogState extends State<ChangeEmailDialog> {
  Widget build(BuildContext context) {
    final l10n = context.l10n;
    return AlertDialog(
-      title: Text(l10n.enterEmailHint),
+      title: Text(l10n.enterNewEmailHint),
      content: SingleChildScrollView(
        child: Column(
          mainAxisAlignment: MainAxisAlignment.start,
--- a/auth/lib/ui/account/verify_recovery_page.dart
+++ b/auth/lib/ui/account/verify_recovery_page.dart
@@ -1,219 +0,0 @@
-import 'package:bip39/bip39.dart' as bip39;
-import 'package:dio/dio.dart';
-import 'package:ente_auth/core/configuration.dart';
-import 'package:ente_auth/ente_theme_data.dart';
-import 'package:ente_auth/l10n/l10n.dart';
-import 'package:ente_auth/services/local_authentication_service.dart';
-import 'package:ente_auth/services/user_remote_flag_service.dart';
-import 'package:ente_auth/ui/account/recovery_key_page.dart';
-import 'package:ente_auth/ui/common/gradient_button.dart';
-import 'package:ente_auth/ui/components/buttons/button_widget.dart';
-import 'package:ente_auth/utils/dialog_util.dart';
-import 'package:ente_auth/utils/navigation_util.dart';
-import 'package:ente_auth/utils/platform_util.dart';
-import 'package:ente_crypto_dart/ente_crypto_dart.dart';
-import 'package:flutter/material.dart';
-import 'package:logging/logging.dart';
-
-class VerifyRecoveryPage extends StatefulWidget {
-  const VerifyRecoveryPage({super.key});
-
-  @override
-  State<VerifyRecoveryPage> createState() => _VerifyRecoveryPageState();
-}
-
-class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
-  final _recoveryKey = TextEditingController();
-  final Logger _logger = Logger((_VerifyRecoveryPageState).toString());
-
-  void _verifyRecoveryKey() async {
-    final dialog =
-        createProgressDialog(context, context.l10n.verifyingRecoveryKey);
-    await dialog.show();
-    try {
-      final String inputKey = _recoveryKey.text.trim();
-      final String recoveryKey =
-          CryptoUtil.bin2hex(Configuration.instance.getRecoveryKey());
-      final String recoveryKeyWords = bip39.entropyToMnemonic(recoveryKey);
-      if (inputKey == recoveryKey || inputKey == recoveryKeyWords) {
-        try {
-          await UserRemoteFlagService.instance.markRecoveryVerificationAsDone();
-        } catch (e) {
-          await dialog.hide();
-          if (e is DioException && e.type == DioExceptionType.unknown) {
-            await showErrorDialog(
-              context,
-              "No internet connection",
-              "Please check your internet connection and try again.",
-            );
-          } else {
-            await showGenericErrorDialog(
-              context: context,
-              error: e,
-            );
-          }
-          return;
-        }
-
-        await dialog.hide();
-        // todo: change this as per figma once the component is ready
-        await showErrorDialog(
-          context,
-          context.l10n.recoveryKeyVerified,
-          context.l10n.recoveryKeySuccessBody,
-        );
-        Navigator.of(context).pop();
-      } else {
-        throw Exception("recovery key didn't match");
-      }
-    } catch (e, s) {
-      _logger.severe("failed to verify recovery key", e, s);
-      await dialog.hide();
-      final String errMessage = context.l10n.invalidRecoveryKey;
-      final result = await showChoiceDialog(
-        context,
-        title: context.l10n.invalidKey,
-        body: errMessage,
-        firstButtonLabel: context.l10n.tryAgain,
-        secondButtonLabel: context.l10n.viewRecoveryKey,
-        secondButtonAction: ButtonAction.second,
-      );
-      if (result!.action == ButtonAction.second) {
-        await _onViewRecoveryKeyClick();
-      }
-    }
-  }
-
-  Future<void> _onViewRecoveryKeyClick() async {
-    final hasAuthenticated =
-        await LocalAuthenticationService.instance.requestLocalAuthentication(
-      context,
-      "Please authenticate to view your recovery key",
-    );
-    await PlatformUtil.refocusWindows();
-
-    if (hasAuthenticated) {
-      String recoveryKey;
-      try {
-        recoveryKey =
-            CryptoUtil.bin2hex(Configuration.instance.getRecoveryKey());
-        await routeToPage(
-          context,
-          RecoveryKeyPage(
-            recoveryKey,
-            context.l10n.ok,
-            showAppBar: true,
-            onDone: () {
-              Navigator.of(context).pop();
-            },
-          ),
-        );
-      } catch (e) {
-        // ignore: unawaited_futures
-        showGenericErrorDialog(
-          context: context,
-          error: e,
-        );
-        return;
-      }
-    }
-  }
-
-  @override
-  Widget build(BuildContext context) {
-    final enteTheme = Theme.of(context).colorScheme.enteTheme;
-    return Scaffold(
-      appBar: AppBar(
-        elevation: 0,
-        leading: IconButton(
-          icon: const Icon(Icons.arrow_back),
-          color: Theme.of(context).iconTheme.color,
-          onPressed: () {
-            Navigator.of(context).pop();
-          },
-        ),
-      ),
-      body: Padding(
-        padding: const EdgeInsets.symmetric(horizontal: 16.0),
-        child: LayoutBuilder(
-          builder: (context, constraints) {
-            return SingleChildScrollView(
-              child: ConstrainedBox(
-                constraints: BoxConstraints(
-                  minWidth: constraints.maxWidth,
-                  minHeight: constraints.maxHeight,
-                ),
-                child: IntrinsicHeight(
-                  child: Column(
-                    children: [
-                      const SizedBox(height: 12),
-                      SizedBox(
-                        width: double.infinity,
-                        child: Text(
-                          context.l10n.confirmRecoveryKey,
-                          style: enteTheme.textTheme.h3Bold,
-                          textAlign: TextAlign.left,
-                        ),
-                      ),
-                      const SizedBox(height: 18),
-                      Text(
-                        context.l10n.recoveryKeyVerifyReason,
-                        style: enteTheme.textTheme.small
-                            .copyWith(color: enteTheme.colorScheme.textMuted),
-                      ),
-                      const SizedBox(height: 12),
-                      TextFormField(
-                        decoration: InputDecoration(
-                          filled: true,
-                          hintText: context.l10n.enterYourRecoveryKey,
-                          contentPadding: const EdgeInsets.all(20),
-                          border: UnderlineInputBorder(
-                            borderSide: BorderSide.none,
-                            borderRadius: BorderRadius.circular(6),
-                          ),
-                        ),
-                        style: const TextStyle(
-                          fontSize: 14,
-                          fontFeatures: [FontFeature.tabularFigures()],
-                        ),
-                        controller: _recoveryKey,
-                        autofocus: false,
-                        autocorrect: false,
-                        keyboardType: TextInputType.multiline,
-                        minLines: 4,
-                        maxLines: null,
-                        onChanged: (_) {
-                          setState(() {});
-                        },
-                      ),
-                      const SizedBox(height: 12),
-                      Expanded(
-                        child: Container(
-                          alignment: Alignment.bottomCenter,
-                          width: double.infinity,
-                          padding: const EdgeInsets.fromLTRB(0, 12, 0, 40),
-                          child: Column(
-                            mainAxisAlignment: MainAxisAlignment.end,
-                            crossAxisAlignment: CrossAxisAlignment.stretch,
-                            children: [
-                              GradientButton(
-                                onTap: _verifyRecoveryKey,
-                                text: context.l10n.confirm,
-                              ),
-                              const SizedBox(height: 8),
-                            ],
-                          ),
-                        ),
-                      ),
-                      const SizedBox(height: 20),
-                    ],
-                  ),
-                ),
-              ),
-            );
-          },
-        ),
-      ),
-    );
-  }
-}
--- a/auth/lib/ui/code_timer_progress.dart
+++ b/auth/lib/ui/code_timer_progress.dart
@@ -7,10 +7,12 @@ import 'package:flutter/material.dart';
 class CodeTimerProgress extends StatefulWidget {
  final int period;
  final bool isCompactMode;
+  final int timeOffsetInMilliseconds;
  const CodeTimerProgress({
    super.key,
    required this.period,
    this.isCompactMode = false,
+    this.timeOffsetInMilliseconds = 0,
  });

  @override
@@ -20,7 +22,7 @@ class CodeTimerProgress extends StatefulWidget {
 class _CodeTimerProgressState extends State<CodeTimerProgress> {
  late final Timer _timer;
  late final ValueNotifier<double> _progress;
-  late final int _periodInMicros;
+  late final int _periodInMilii;

  // Reduce update frequency
  final int _updateIntervalMs =
@@ -29,29 +31,30 @@ class _CodeTimerProgressState extends State<CodeTimerProgress> {
  @override
  void initState() {
    super.initState();
-    _periodInMicros = widget.period * 1000000;
+    _periodInMilii = widget.period * 1000;
    _progress = ValueNotifier<double>(0.0);
-    _updateTimeRemaining(DateTime.now().microsecondsSinceEpoch);
+    _updateTimeRemaining(DateTime.now().millisecondsSinceEpoch);

    _timer = Timer.periodic(Duration(milliseconds: _updateIntervalMs), (timer) {
-      final now = DateTime.now().microsecondsSinceEpoch;
+      final now = DateTime.now().millisecondsSinceEpoch;
      _updateTimeRemaining(now);
    });
  }

-  void _updateTimeRemaining(int currentMicros) {
+  void _updateTimeRemaining(int currentMilliSeconds) {
    // More efficient time calculation using modulo
-    final elapsed = (currentMicros) % _periodInMicros;
-    final timeRemaining = _periodInMicros - elapsed;
-    _progress.value = timeRemaining / _periodInMicros;
+    final elapsed = (currentMilliSeconds + widget.timeOffsetInMilliseconds) %
+        _periodInMilii;
+    final timeRemaining = _periodInMilii - elapsed;
+    _progress.value = timeRemaining / _periodInMilii;
  }

  @override
  void didUpdateWidget(covariant CodeTimerProgress oldWidget) {
    super.didUpdateWidget(oldWidget);
    if (oldWidget.period != widget.period) {
-      _periodInMicros = widget.period * 1000000;
-      _updateTimeRemaining(DateTime.now().microsecondsSinceEpoch);
+      _periodInMilii = widget.period * 1000;
+      _updateTimeRemaining(DateTime.now().millisecondsSinceEpoch);
    }
  }

--- a/auth/lib/ui/code_widget.dart
+++ b/auth/lib/ui/code_widget.dart
@@ -152,6 +152,8 @@ class _CodeWidgetState extends State<CodeWidget> {
                  key: ValueKey('period_${widget.code.period}'),
                  period: widget.code.period,
                  isCompactMode: widget.isCompactMode,
+                  timeOffsetInMilliseconds:
+                      PreferenceService.instance.timeOffsetInMilliSeconds(),
                ),
              widget.isCompactMode
                  ? const SizedBox(height: 4)
--- a/auth/lib/ui/home_page.dart
+++ b/auth/lib/ui/home_page.dart
@@ -319,7 +319,7 @@ class _HomePageState extends State<HomePage> {

  Future<void> navigateToLockScreen() async {
    final bool shouldShowLockScreen =
-        await Configuration.instance.shouldShowLockScreen();
+        await LockScreenSettings.instance.shouldShowLockScreen();
    if (shouldShowLockScreen) {
      await AppLock.of(context)!.showLockScreen();
    } else {
--- a/auth/lib/ui/settings/lock_screen/lock_screen_options.dart
+++ b/auth/lib/ui/settings/lock_screen/lock_screen_options.dart
@@ -1,7 +1,6 @@
 import "dart:async";
 import "dart:io";

-import "package:ente_auth/core/configuration.dart";
 import "package:ente_auth/l10n/l10n.dart";
 import "package:ente_auth/services/local_authentication_service.dart";
 import "package:ente_auth/theme/ente_theme.dart";
@@ -31,8 +30,7 @@ class LockScreenOptions extends StatefulWidget {
 }

 class _LockScreenOptionsState extends State<LockScreenOptions> {
-  final Configuration _configuration = Configuration.instance;
-  final LockScreenSettings _lockscreenSetting = LockScreenSettings.instance;
+  final LockScreenSettings _lockScreenSettings = LockScreenSettings.instance;
  late bool appLock = false;
  bool isPinEnabled = false;
  bool isPasswordEnabled = false;
@@ -43,18 +41,18 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
  @override
  void initState() {
    super.initState();
-    hideAppContent = _lockscreenSetting.getShouldHideAppContent();
-    autoLockTimeInMilliseconds = _lockscreenSetting.getAutoLockTime();
+    hideAppContent = _lockScreenSettings.getShouldHideAppContent();
+    autoLockTimeInMilliseconds = _lockScreenSettings.getAutoLockTime();
    _initializeSettings();
-    appLock = _lockscreenSetting.getIsAppLockSet();
+    appLock = _lockScreenSettings.getIsAppLockSet();
  }

  Future<void> _initializeSettings() async {
-    final bool passwordEnabled = await _lockscreenSetting.isPasswordSet();
-    final bool pinEnabled = await _lockscreenSetting.isPinSet();
+    final bool passwordEnabled = await _lockScreenSettings.isPasswordSet();
+    final bool pinEnabled = await _lockScreenSettings.isPinSet();
    final bool shouldHideAppContent =
-        _lockscreenSetting.getShouldHideAppContent();
-    final bool systemLockEnabled = _configuration.shouldShowSystemLockScreen();
+        _lockScreenSettings.getShouldHideAppContent();
+    final bool systemLockEnabled = _lockScreenSettings.shouldShowSystemLockScreen();
    setState(() {
      isPasswordEnabled = passwordEnabled;
      isPinEnabled = pinEnabled;
@@ -66,8 +64,8 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
  Future<void> _deviceLock() async {
    if (await LocalAuthenticationService.instance
        .isLocalAuthSupportedOnDevice()) {
-      await _lockscreenSetting.removePinAndPassword();
-      await _configuration.setSystemLockScreen(!isSystemLockEnabled);
+      await _lockScreenSettings.removePinAndPassword();
+      await _lockScreenSettings.setSystemLockScreen(!isSystemLockEnabled);
    } else {
      await showDialogWidget(
        context: context,
@@ -96,10 +94,10 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
    );

    if (result) {
-      await _configuration.setSystemLockScreen(false);
-      await _lockscreenSetting.setAppLockEnabled(true);
+      await _lockScreenSettings.setSystemLockScreen(false);
+      await _lockScreenSettings.setAppLockEnabled(true);
      setState(() {
-        appLock = _lockscreenSetting.getIsAppLockSet();
+        appLock = _lockScreenSettings.getIsAppLockSet();
      });
    }
    await _initializeSettings();
@@ -114,9 +112,9 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
      ),
    );
    if (result) {
-      await _configuration.setSystemLockScreen(false);
+      await _lockScreenSettings.setSystemLockScreen(false);
      setState(() {
-        appLock = _lockscreenSetting.getIsAppLockSet();
+        appLock = _lockScreenSettings.getIsAppLockSet();
      });
    }
    await _initializeSettings();
@@ -126,17 +124,17 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
    AppLock.of(context)!.setEnabled(!appLock);
    if (await LocalAuthenticationService.instance
        .isLocalAuthSupportedOnDevice()) {
-      await _configuration.setSystemLockScreen(!appLock);
-      await _lockscreenSetting.setAppLockEnabled(!appLock);
+      await _lockScreenSettings.setSystemLockScreen(!appLock);
+      await _lockScreenSettings.setAppLockEnabled(!appLock);
    } else {
-      await _configuration.setSystemLockScreen(false);
-      await _lockscreenSetting.setAppLockEnabled(false);
+      await _lockScreenSettings.setSystemLockScreen(false);
+      await _lockScreenSettings.setAppLockEnabled(false);
    }
-    await _lockscreenSetting.removePinAndPassword();
+    await _lockScreenSettings.removePinAndPassword();
    if (PlatformUtil.isMobile()) {
-      await _lockscreenSetting.setHideAppContent(!appLock);
+      await _lockScreenSettings.setHideAppContent(!appLock);
      setState(() {
-        hideAppContent = _lockscreenSetting.getShouldHideAppContent();
+        hideAppContent = _lockScreenSettings.getShouldHideAppContent();
      });
    }
    await _initializeSettings();
@@ -152,7 +150,7 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
    ).then(
      (value) {
        setState(() {
-          autoLockTimeInMilliseconds = _lockscreenSetting.getAutoLockTime();
+          autoLockTimeInMilliseconds = _lockScreenSettings.getAutoLockTime();
        });
      },
    );
@@ -162,7 +160,7 @@ class _LockScreenOptionsState extends State<LockScreenOptions> {
    setState(() {
      hideAppContent = !hideAppContent;
    });
-    await _lockscreenSetting.setHideAppContent(hideAppContent);
+    await _lockScreenSettings.setHideAppContent(hideAppContent);
  }

  String _formatTime(Duration duration) {
--- a/auth/lib/ui/settings/security_section_widget.dart
+++ b/auth/lib/ui/settings/security_section_widget.dart
@@ -166,7 +166,7 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
              return;
            }
          }
-          if (await Configuration.instance.shouldShowLockScreen()) {
+          if (await LockScreenSettings.instance.shouldShowLockScreen()) {
            final bool result = await requestAuthentication(
              context,
              context.l10n.authToChangeLockscreenSetting,
--- a/auth/lib/utils/auth_util.dart
+++ b/auth/lib/utils/auth_util.dart
@@ -53,6 +53,7 @@ Future<bool> requestAuthentication(
          signInTitle: l10n.androidSignInTitle,
        ),
        IOSAuthMessages(
+          localizedFallbackTitle: l10n.enterPassword,
          goToSettingsButton: l10n.goToSettings,
          goToSettingsDescription: l10n.goToSettings,
          lockOut: l10n.iOSLockOut,
--- a/auth/lib/utils/lock_screen_settings.dart
+++ b/auth/lib/utils/lock_screen_settings.dart
@@ -3,6 +3,8 @@ import "dart:io";
 import "dart:typed_data";

 import "package:ente_auth/core/configuration.dart";
+import "package:ente_auth/core/event_bus.dart";
+import "package:ente_auth/events/signed_out_event.dart";
 import "package:ente_auth/utils/platform_util.dart";
 import "package:ente_crypto_dart/ente_crypto_dart.dart";
 import "package:flutter/material.dart";
@@ -26,6 +28,7 @@ class LockScreenSettings {
  static const keyHasMigratedLockScreenChanges =
      "ls_has_migrated_lock_screen_changes";
  static const keyShowOfflineModeWarning = "ls_show_offline_mode_warning";
+  static const keyShouldShowLockScreen = "should_show_lock_screen";
  static const String kIsLightMode = "is_light_mode";

  final List<Duration> autoLockDurations = const [
@@ -52,6 +55,10 @@ class LockScreenSettings {
    await runLockScreenChangesMigration();

    await _clearLsDataInKeychainIfFreshInstall();
+
+    Bus.instance.on<SignedOutEvent>().listen((event) {
+      removePinAndPassword();
+    });
  }

  Future<void> setOfflineModeWarningStatus(bool value) async {
@@ -69,8 +76,7 @@ class LockScreenSettings {

    final bool passwordEnabled = await isPasswordSet();
    final bool pinEnabled = await isPinSet();
-    final bool systemLockEnabled =
-        Configuration.instance.shouldShowSystemLockScreen();
+    final bool systemLockEnabled = shouldShowSystemLockScreen();

    if (passwordEnabled || pinEnabled || systemLockEnabled) {
      await setAppLockEnabled(true);
@@ -214,6 +220,24 @@ class LockScreenSettings {
    return await _secureStorage.containsKey(key: password);
  }

+  Future<bool> shouldShowLockScreen() async {
+    final bool isPin = await isPinSet();
+    final bool isPass = await isPasswordSet();
+    return isPin || isPass || shouldShowSystemLockScreen();
+  }
+
+  bool shouldShowSystemLockScreen() {
+    if (_preferences.containsKey(keyShouldShowLockScreen)) {
+      return _preferences.getBool(keyShouldShowLockScreen)!;
+    } else {
+      return false;
+    }
+  }
+
+  Future<void> setSystemLockScreen(bool value) {
+    return _preferences.setBool(keyShouldShowLockScreen, value);
+  }
+
  // If the app was uninstalled (without logging out if it was used with
  // backups), keychain items of the app persist in the keychain. To avoid using
  // old keychain items, we delete them on reinstall.
--- a/auth/lib/utils/totp_util.dart
+++ b/auth/lib/utils/totp_util.dart
@@ -1,8 +1,14 @@
 import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/preference_service.dart';
 import 'package:flutter/foundation.dart';
 import 'package:otp/otp.dart' as otp;
 import 'package:steam_totp/steam_totp.dart';

+int millisecondsSinceEpoch() {
+  return DateTime.now().millisecondsSinceEpoch +
+      PreferenceService.instance.timeOffsetInMilliSeconds();
+}
+
 String getOTP(Code code) {
  if (code.type == Type.steam || code.issuer.toLowerCase() == 'steam') {
    return _getSteamCode(code);
@@ -12,7 +18,7 @@ String getOTP(Code code) {
  }
  return otp.OTP.generateTOTPCodeString(
    getSanitizedSecret(code.secret),
-    DateTime.now().millisecondsSinceEpoch,
+    millisecondsSinceEpoch(),
    length: code.digits,
    interval: code.period,
    algorithm: _getAlgorithm(code),
@@ -34,7 +40,7 @@ String _getSteamCode(Code code, [bool isNext = false]) {
  final SteamTOTP steamtotp = SteamTOTP(secret: code.secret);

  return steamtotp.generate(
-    DateTime.now().millisecondsSinceEpoch ~/ 1000 + (isNext ? code.period : 0),
+    millisecondsSinceEpoch() ~/ 1000 + (isNext ? code.period : 0),
  );
 }

@@ -44,7 +50,7 @@ String getNextTotp(Code code) {
  }
  return otp.OTP.generateTOTPCodeString(
    getSanitizedSecret(code.secret),
-    DateTime.now().millisecondsSinceEpoch + code.period * 1000,
+    millisecondsSinceEpoch() + code.period * 1000,
    length: code.digits,
    interval: code.period,
    algorithm: _getAlgorithm(code),
@@ -56,9 +62,7 @@ String getNextTotp(Code code) {
 // It returns the start time and a list of future codes.
 (int, List<String>) generateFutureTotpCodes(Code code, int count) {
  final int startTime =
-      ((DateTime.now().millisecondsSinceEpoch ~/ 1000) ~/ code.period) *
-          code.period *
-          1000;
+      ((millisecondsSinceEpoch() ~/ 1000) ~/ code.period) * code.period * 1000;
  final String secret = getSanitizedSecret(code.secret);
  final List<String> codes = [];
  if (code.type == Type.steam || code.issuer.toLowerCase() == 'steam') {
--- a/auth/linux/packaging/enteauth.appdata.xml
+++ b/auth/linux/packaging/enteauth.appdata.xml
@@ -18,6 +18,7 @@
        </screenshot>
    </screenshots>
    <releases>
+        <release version="4.4.0" date="2025-05-31" />
        <release version="4.3.8" date="2025-05-20" />
        <release version="4.2.4" date="2025-01-11" />
        <release version="4.0.3" date="2024-10-08" />
--- a/auth/pubspec.lock
+++ b/auth/pubspec.lock
@@ -543,67 +543,74 @@ packages:
  flutter_inappwebview:
    dependency: "direct main"
    description:
-      name: flutter_inappwebview
-      sha256: "80092d13d3e29b6227e25b67973c67c7210bd5e35c4b747ca908e31eb71a46d5"
-      url: "https://pub.dev"
-    source: hosted
-    version: "6.1.5"
+      path: flutter_inappwebview
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "6.2.0-beta.3"
  flutter_inappwebview_android:
    dependency: transitive
    description:
-      name: flutter_inappwebview_android
-      sha256: "62557c15a5c2db5d195cb3892aab74fcaec266d7b86d59a6f0027abd672cddba"
-      url: "https://pub.dev"
-    source: hosted
-    version: "1.1.3"
+      path: flutter_inappwebview_android
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "1.2.0-beta.3"
  flutter_inappwebview_internal_annotations:
    dependency: transitive
    description:
      name: flutter_inappwebview_internal_annotations
-      sha256: "5f80fd30e208ddded7dbbcd0d569e7995f9f63d45ea3f548d8dd4c0b473fb4c8"
+      sha256: "787171d43f8af67864740b6f04166c13190aa74a1468a1f1f1e9ee5b90c359cd"
      url: "https://pub.dev"
    source: hosted
-    version: "1.1.1"
+    version: "1.2.0"
  flutter_inappwebview_ios:
    dependency: transitive
    description:
-      name: flutter_inappwebview_ios
-      sha256: "5818cf9b26cf0cbb0f62ff50772217d41ea8d3d9cc00279c45f8aabaa1b4025d"
-      url: "https://pub.dev"
-    source: hosted
-    version: "1.1.2"
+      path: flutter_inappwebview_ios
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "1.2.0-beta.3"
  flutter_inappwebview_macos:
    dependency: transitive
    description:
-      name: flutter_inappwebview_macos
-      sha256: c1fbb86af1a3738e3541364d7d1866315ffb0468a1a77e34198c9be571287da1
-      url: "https://pub.dev"
-    source: hosted
-    version: "1.1.2"
+      path: flutter_inappwebview_macos
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "1.2.0-beta.3"
  flutter_inappwebview_platform_interface:
    dependency: transitive
    description:
-      name: flutter_inappwebview_platform_interface
-      sha256: cf5323e194096b6ede7a1ca808c3e0a078e4b33cc3f6338977d75b4024ba2500
-      url: "https://pub.dev"
-    source: hosted
-    version: "1.3.0+1"
+      path: flutter_inappwebview_platform_interface
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "1.4.0-beta.3"
  flutter_inappwebview_web:
    dependency: transitive
    description:
-      name: flutter_inappwebview_web
-      sha256: "55f89c83b0a0d3b7893306b3bb545ba4770a4df018204917148ebb42dc14a598"
-      url: "https://pub.dev"
-    source: hosted
-    version: "1.1.2"
+      path: flutter_inappwebview_web
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "1.2.0-beta.3"
  flutter_inappwebview_windows:
    dependency: transitive
    description:
-      name: flutter_inappwebview_windows
-      sha256: "8b4d3a46078a2cdc636c4a3d10d10f2a16882f6be607962dbfff8874d1642055"
-      url: "https://pub.dev"
-    source: hosted
-    version: "0.6.0"
+      path: flutter_inappwebview_windows
+      ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      resolved-ref: "3e6c4c4a25340cd363af9d38891d88498b90be26"
+      url: "https://github.com/pichillilorenzo/flutter_inappwebview.git"
+    source: git
+    version: "0.7.0-beta.3"
  flutter_launcher_icons:
    dependency: "direct main"
    description:
--- a/auth/pubspec.yaml
+++ b/auth/pubspec.yaml
@@ -1,7 +1,7 @@

 name: ente_auth
 description: ente two-factor authenticator
-version: 4.3.8+438
+version: 4.4.1+441
 publish_to: none

 environment:
@@ -45,7 +45,13 @@ dependencies:
  flutter_context_menu: ^0.2.0
  flutter_displaymode: ^0.6.0
  flutter_email_sender: ^6.0.2
-  flutter_inappwebview: ^6.1.5
+  # revert to pub.dev when merged
+  # https://github.com/pichillilorenzo/flutter_inappwebview/pull/2548
+  flutter_inappwebview:
+    git:
+      url: https://github.com/pichillilorenzo/flutter_inappwebview.git
+      path: flutter_inappwebview
+      ref: 3e6c4c4a25340cd363af9d38891d88498b90be26
  flutter_launcher_icons: ^0.14.1
  flutter_local_authentication:
    git:
--- a/cli/config.yaml.example
+++ b/cli/config.yaml.example
@@ -5,8 +5,6 @@

 endpoint:
  api: "http://localhost:8080"
-  # Endpoint for the account service for passkey
-  accounts: "http://localhost:3001"

 log:
 http: false # log status code & time taken by requests
--- a/cli/internal/api/login_type.go
+++ b/cli/internal/api/login_type.go
@@ -35,6 +35,7 @@ type AuthorizationResponse struct {
 	ID                 int64          `json:"id"`
 	KeyAttributes      *KeyAttributes `json:"keyAttributes,omitempty"`
 	EncryptedToken     string         `json:"encryptedToken,omitempty"`
+	AccountsUrl        string         `json:"accountsUrl"`
 	Token              string         `json:"token,omitempty"`
 	TwoFactorSessionID string         `json:"twoFactorSessionID"`
 	PassKeySessionID   string         `json:"passkeySessionID"`
--- a/cli/main.go
+++ b/cli/main.go
@@ -110,7 +110,6 @@ func initConfig(cliConfigDir string) {
 	viper.AddConfigPath(".")                // optionally look for config in the working directory

 	viper.SetDefault("endpoint.api", constants.EnteApiUrl)
-	viper.SetDefault("endpoint.accounts", constants.EnteAccountUrl)
 	viper.SetDefault("log.http", false)
 	if err := viper.ReadInConfig(); err != nil {
 		if _, ok := err.(viper.ConfigFileNotFoundError); ok {
--- a/cli/pkg/sign_in.go
+++ b/cli/pkg/sign_in.go
@@ -8,8 +8,8 @@ import (
 	eCrypto "github.com/ente-io/cli/internal/crypto"
 	"github.com/ente-io/cli/pkg/model"
 	"github.com/ente-io/cli/utils/browser"
+	"github.com/ente-io/cli/utils/constants"
 	"github.com/ente-io/cli/utils/encoding"
-	"github.com/spf13/viper"
 	"log"

 	"github.com/kong/go-srp"
@@ -145,7 +145,10 @@ func (c *ClICtrl) verifyPassKey(ctx context.Context, authResp *api.Authorization
 	if !authResp.IsPasskeyRequired() {
 		return authResp, nil
 	}
-	baseAccountUrl := viper.GetString("endpoint.accounts")
+	baseAccountUrl := constants.EnteAccountUrl
+	if authResp.AccountsUrl != "" {
+		baseAccountUrl = authResp.AccountsUrl
+	}
 	passkeyAuthUrl := fmt.Sprintf("%s/passkeys/verify?passkeySessionID=%s&redirect=ente-cli://passkey&clientPackage=%s", baseAccountUrl, authResp.PassKeySessionID, app.ClientPkg())
 	fmt.Printf("Open this url in browser to verify passkey: %s\n", passkeyAuthUrl)
 	err := browser.OpenURL(passkeyAuthUrl)
--- a/desktop/.github/workflows/desktop-release.yml
+++ b/desktop/.github/workflows/desktop-release.yml
@@ -113,6 +113,11 @@ jobs:
                  APPLE_APP_SPECIFIC_PASSWORD:
                      ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
                  APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+                  # Windows Azure Trusted Signing related values
+                  # https://www.electron.build/code-signing-win#using-azure-trusted-signing-beta
+                  AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+                  AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+                  AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
                  # Default is "draft", but since our nightly builds update
                  # existing pre-releases, set this to "prerelease".
                  EP_PRE_RELEASE: true
--- a/desktop/CHANGELOG.md
+++ b/desktop/CHANGELOG.md
@@ -1,9 +1,21 @@
 # CHANGELOG

-## v1.7.13 (Unreleased)
+## v1.7.15 (Unreleased)
+
+- .
+
+## v1.7.14
+
+- Increase file size limit to 10 GB.
+
+## v1.7.13
+
+- Generate streams for videos (beta)
+
+    > Streamable videos can be enabled in Preferences. For more details, see the
+    > [video streaming FAQ](https://help.ente.io/photos/faq/video-streaming).

 - Support Turkish translations.
- .

 ## v1.7.12

--- a/desktop/docs/dependencies.md
+++ b/desktop/docs/dependencies.md
@@ -3,6 +3,7 @@
 - [Electron](#electron)
 - [Dev dependencies](#dev)
 - [Functionality](#functionality)
+- [Pinned](#pinned)

 ## Electron

@@ -140,3 +141,24 @@ handles to avoid reopening them for every operation.

 [chokidar](https://github.com/paulmillr/chokidar) is used as a file system
 watcher for the watch folders functionality.
+
+## Pinned
+
+- `electron-builder` is pinned to 26.0.16 because of
+  https://github.com/electron-userland/electron-builder/issues/9161#issuecomment-2977829326
+
+- `electron-builder` is pinned to 26.0.14 because of a new error when building:
+
+    > Detected file
+    > "Contents/Resources/app.asar.unpacked/node_modules/onnxruntime-node/bin/napi-v3/darwin/arm64/libonnxruntime.1.20.1.dylib"
+    > that's the same in both x64 and arm64 builds and not covered by the
+    > x64ArchFiles rule: "undefined" failedTask=build stackTrace=Error: Detected
+    > file
+    > "Contents/Resources/app.asar.unpacked/node_modules/onnxruntime-node/bin/napi-v3/darwin/arm64/libonnxruntime.1.20.1.dylib"
+    > that's the same in both x64 and arm64 builds and not covered by the
+    > x64ArchFiles rule: "undefined"
+
+    To reproduce this locally, add `x64ArchFiles: "ffmpeg"` to
+    `electron-builder.yml`, then run `node_modules/.bin/electron-builder --mac`
+
+- `electron-store` is pinned to 8.2.0 because subsequent versions are ESM only.
--- a/desktop/electron-builder.yml
+++ b/desktop/electron-builder.yml
@@ -14,6 +14,11 @@ win:
    target:
        - target: nsis
          arch: [x64, arm64]
+    azureSignOptions:
+        publisherName: ENTE TECHNOLOGIES, INC.
+        endpoint: https://eus.codesigning.azure.net/
+        certificateProfileName: EnteTrustCertProfile
+        codeSigningAccountName: EnteTechnologiesInc
 nsis:
    deleteAppDataOnUninstall: true
 linux:
--- a/desktop/package.json
+++ b/desktop/package.json
@@ -1,6 +1,6 @@
 {
    "name": "ente",
-    "version": "1.7.13-beta",
+    "version": "1.7.15-beta",
    "private": true,
    "description": "Desktop client for Ente Photos",
    "repository": "github:ente-io/photos-desktop",
@@ -31,32 +31,32 @@
        "clip-bpe-js": "^0.0.6",
        "comlink": "^4.4.2",
        "compare-versions": "^6.1.1",
-        "electron-log": "^5.4.0",
+        "electron-log": "^5.4.1",
        "electron-store": "^8.2.0",
-        "electron-updater": "^6.6.3",
+        "electron-updater": "^6.6.5",
        "ffmpeg-static": "^5.2.0",
        "lru-cache": "^11.1.0",
        "next-electron-server": "^1.0.0",
        "node-stream-zip": "^1.15.0",
-        "onnxruntime-node": "^1.20.1"
+        "onnxruntime-node": "^1.20.1",
+        "zod": "^3.25.67"
    },
    "devDependencies": {
-        "@eslint/js": "^9.25.1",
-        "@tsconfig/node22": "^22.0.1",
+        "@eslint/js": "^9.29.0",
+        "@tsconfig/node22": "^22.0.2",
        "@types/auto-launch": "^5.0.5",
-        "@types/ffmpeg-static": "^3.0.3",
        "ajv": "^8.17.1",
        "concurrently": "^9.1.2",
        "cross-env": "^7.0.3",
-        "electron": "^36.2.1",
-        "electron-builder": "^26.0.14",
+        "electron": "^37.1.0",
+        "electron-builder": "26.0.14",
        "eslint": "^9",
        "prettier": "3.5.3",
        "prettier-plugin-organize-imports": "^4.1.0",
-        "prettier-plugin-packagejson": "^2.5.13",
+        "prettier-plugin-packagejson": "^2.5.15",
        "shx": "^0.4.0",
        "typescript": "^5.8.3",
-        "typescript-eslint": "^8.32.1"
+        "typescript-eslint": "^8.34.1"
    },
    "packageManager": "yarn@1.22.22",
    "productName": "ente"
--- a/desktop/src/main/ipc.ts
+++ b/desktop/src/main/ipc.ts
@@ -50,8 +50,8 @@ import { convertToJPEG, generateImageThumbnail } from "./services/image";
 import { logout } from "./services/logout";
 import {
    lastShownChangelogVersion,
-    masterKeyB64,
-    saveMasterKeyB64,
+    masterKeyFromSafeStorage,
+    saveMasterKeyInSafeStorage,
    setLastShownChangelogVersion,
 } from "./services/store";
 import {
@@ -108,10 +108,12 @@ export const attachIPCHandlers = () => {

    ipcMain.handle("selectDirectory", () => selectDirectory());

-    ipcMain.handle("masterKeyB64", () => masterKeyB64());
+    ipcMain.handle("masterKeyFromSafeStorage", () =>
+        masterKeyFromSafeStorage(),
+    );

-    ipcMain.handle("saveMasterKeyB64", (_, masterKeyB64: string) =>
-        saveMasterKeyB64(masterKeyB64),
+    ipcMain.handle("saveMasterKeyInSafeStorage", (_, masterKey: string) =>
+        saveMasterKeyInSafeStorage(masterKey),
    );

    ipcMain.handle("lastShownChangelogVersion", () =>
--- a/desktop/src/main/services/ffmpeg-worker.ts
+++ b/desktop/src/main/services/ffmpeg-worker.ts
@@ -12,11 +12,16 @@ import fs_ from "node:fs";
 import fs from "node:fs/promises";
 import path from "node:path";
 import { Readable } from "node:stream";
+import { z } from "zod/v4";
 import type { FFmpegCommand } from "../../types/ipc";
 import log from "../log-worker";
 import { messagePortMainEndpoint } from "../utils/comlink";
-import { wait } from "../utils/common";
+import { nullToUndefined, wait } from "../utils/common";
 import { execAsyncWorker } from "../utils/exec-worker";
+import {
+    authenticatedRequestHeaders,
+    publicRequestHeaders,
+} from "../utils/http";

 /* Ditto in the web app's code (used by the Wasm FFmpeg invocation). */
 const ffmpegPathPlaceholder = "FFMPEG";
@@ -44,7 +49,9 @@ export interface FFmpegUtilityProcess {
    ffmpegGenerateHLSPlaylistAndSegments: (
        inputFilePath: string,
        outputPathPrefix: string,
-        outputUploadURL: string,
+        fileID: number,
+        fetchURL: string,
+        authToken: string,
    ) => Promise<FFmpegGenerateHLSPlaylistAndSegmentsResult | undefined>;

    ffmpegDetermineVideoDuration: (inputFilePath: string) => Promise<number>;
@@ -52,7 +59,11 @@ export interface FFmpegUtilityProcess {

 log.debugString("Started ffmpeg utility process");

+process.on("uncaughtException", (e, origin) => log.error(origin, e));
+
 process.parentPort.once("message", (e) => {
+    // Initialize ourselves with the data we got from our parent.
+    parseInitData(e.data);
    // Expose an instance of `FFmpegUtilityProcess` on the port we got from our
    // parent.
    expose(
@@ -64,9 +75,26 @@ process.parentPort.once("message", (e) => {
        } satisfies FFmpegUtilityProcess,
        messagePortMainEndpoint(e.ports[0]!),
    );
+    // Let the main process know we're ready.
    mainProcess("ack", undefined);
 });

+/**
+ * We cannot access Electron's {@link app} object within a utility process, so
+ * we pass the value of `app.getVersion()` during initialization, and it can be
+ * subsequently retrieved from here.
+ */
+let _desktopAppVersion: string | undefined;
+
+/** Equivalent to `app.getVersion()` */
+const desktopAppVersion = () => _desktopAppVersion!;
+
+const FFmpegWorkerInitData = z.object({ appVersion: z.string() });
+
+const parseInitData = (data: unknown) => {
+    _desktopAppVersion = FFmpegWorkerInitData.parse(data).appVersion;
+};
+
 /**
 * Send a message to the main process using a barebones RPC protocol.
 */
@@ -184,6 +212,7 @@ export interface FFmpegGenerateHLSPlaylistAndSegmentsResult {
    playlistPath: string;
    dimensions: { width: number; height: number };
    videoSize: number;
+    videoObjectID: string;
 }

 /**
@@ -199,7 +228,7 @@ export interface FFmpegGenerateHLSPlaylistAndSegmentsResult {
 *
 * Example invocation:
 *
- *     ffmpeg -i in.mov -vf 'scale=-2:720,fps=30,zscale=transfer=linear,tonemap=tonemap=hable:desat=0,zscale=primaries=709:transfer=709:matrix=709,format=yuv420p' -c:v libx264 -c:a aac -f hls -hls_key_info_file out.m3u8.info -hls_list_size 0 -hls_flags single_file out.m3u8
+ *     ffmpeg -i in.mov -vf "scale=-2:'min(720,ih)',fps=30,zscale=transfer=linear,tonemap=tonemap=hable:desat=0,zscale=primaries=709:transfer=709:matrix=709,format=yuv420p" -c:v libx264 -c:a aac -f hls -hls_key_info_file out.m3u8.info -hls_list_size 0 -hls_flags single_file out.m3u8
 *
 * See: [Note: Preview variant of videos]
 *
@@ -210,9 +239,17 @@ export interface FFmpegGenerateHLSPlaylistAndSegmentsResult {
 * the user's local file system. This function will write the generated HLS
 * playlist and video segments under this prefix.
 *
- * @returns The paths to two files on the user's local file system - one
- * containing the generated HLS playlist, and the other containing the
- * transcoded and encrypted video segments that the HLS playlist refers to.
+ * @param fileID The ID of the {@link EnteFile} whose HLS playlist we are
+ * generating.
+ *
+ * @param fetchURL The fully resolved API URL for obtaining pre-signed S3 URLs
+ * for uploading the generated video segment file.
+ *
+ * @param authToken A token that can be used to make API request to
+ * {@link fetchURL}.
+ *
+ * @returns The path to the file on the user's file system containing the
+ * generated HLS playlist, and other metadata about the generated video stream.
 *
 * If the video is such that it doesn't require stream generation, then this
 * function returns `undefined`.
@@ -220,7 +257,9 @@ export interface FFmpegGenerateHLSPlaylistAndSegmentsResult {
 const ffmpegGenerateHLSPlaylistAndSegments = async (
    inputFilePath: string,
    outputPathPrefix: string,
-    outputUploadURL: string,
+    fileID: number,
+    fetchURL: string,
+    authToken: string,
 ): Promise<FFmpegGenerateHLSPlaylistAndSegmentsResult | undefined> => {
    const { isH264, isHDR, bitrate } =
        await detectVideoCharacteristics(inputFilePath);
@@ -357,11 +396,23 @@ const ffmpegGenerateHLSPlaylistAndSegments = async (
    // - the first line specifies the key URI that is written into the playlist.
    // - the second line specifies the path to the local file system file from
    //   where ffmpeg should read the key.
+    //
+    // [Note: ffmpeg newlines]
+    //
+    // Tested on Windows that ffmpeg recognizes these lines correctly. In
+    // general, ffmpeg tends to expect input and write output the Unix way (\n),
+    // even when we're running on Windows.
+    //
+    // - The ffmetadata and the HLS playlist file generated by ffmpeg uses \n
+    //   separators, even on Windows.
+    // - The HLS key info file, expected as an input by ffmpeg, works fine when
+    //   \n separated even on Windows.
+    //
    const keyInfo = [keyURI, keyPath].join("\n");

    // Overview:
    //
-    // - Video H.264 HD 720p 30fps.
+    // - Video H.264 HD 720p (max) 30fps.
    // - Audio AAC 128kbps.
    // - Encrypted HLS playlist with a single file containing all the chunks.
    //
@@ -399,7 +450,7 @@ const ffmpegGenerateHLSPlaylistAndSegments = async (
                                // keeping aspect ratio and the calculated
                                // dimension divisible by 2 (some of the other
                                // operations require an even pixel count).
-                                "scale=-2:720",
+                                "scale=-2:'min(720,ih)'",
                                // Convert the video to a constant 30 fps,
                                // duplicating or dropping frames as necessary.
                                "fps=30",
@@ -475,6 +526,7 @@ const ffmpegGenerateHLSPlaylistAndSegments = async (

    let dimensions: { width: number; height: number };
    let videoSize: number;
+    let videoObjectID: string;

    try {
        // Write the key and the keyInfo to their desired paths.
@@ -491,6 +543,15 @@ const ffmpegGenerateHLSPlaylistAndSegments = async (
        // Note: Depending on the size of the input file, this may take long!
        await execAsyncWorker(commandWithRedirection);

+        // While ffmpeg uses \n as the line separator in the generated playlist
+        // file on Windows too, add an extra safety check that should fail the
+        // HLS generation if this doesn't hold. See: [Note: ffmpeg newlines].
+        if (process.platform == "win32") {
+            const playlistText = await fs.readFile(playlistPath, "utf-8");
+            if (playlistText.includes("\r\n"))
+                throw new Error("Unexpected Windows newlines in playlist");
+        }
+
        // Determine the dimensions of the generated video from the stderr
        // output produced by ffmpeg during the conversion.
        dimensions = await detectVideoDimensions(stderrPath);
@@ -499,7 +560,13 @@ const ffmpegGenerateHLSPlaylistAndSegments = async (
        // the generated .ts file.
        videoSize = await fs.stat(videoPath).then((st) => st.size);

-        await uploadVideoSegments(videoPath, videoSize, outputUploadURL);
+        videoObjectID = await uploadVideoSegments(
+            videoPath,
+            videoSize,
+            fileID,
+            fetchURL,
+            authToken,
+        );
    } catch (e) {
        log.error("HLS generation failed", e);
        await Promise.all([deletePathIgnoringErrors(playlistPath)]);
@@ -515,7 +582,7 @@ const ffmpegGenerateHLSPlaylistAndSegments = async (
        ]);
    }

-    return { playlistPath, dimensions, videoSize };
+    return { playlistPath, dimensions, videoSize, videoObjectID };
 };

 /**
@@ -544,10 +611,10 @@ const deletePathIgnoringErrors = async (tempFilePath: string) => {
 *
 *     Stream #0:1[0x2](und): Video: h264 (Constrained Baseline) (avc1 / 0x31637661), yuv420p(progressive), 480x270 [SAR 1:1 DAR 16:9], 539 kb/s, 29.97 fps, 29.97 tbr, 30k tbn (default)
 */
-const videoStreamLineRegex = /Stream #.+: Video:(.+)\n/;
+const videoStreamLineRegex = /Stream #.+: Video:(.+)\r?\n/;

 /** {@link videoStreamLineRegex}, but global. */
-const videoStreamLinesRegex = /Stream #.+: Video:(.+)\n/g;
+const videoStreamLinesRegex = /Stream #.+: Video:(.+)\r?\n/g;

 /**
 * A regex that matches "<digits> kb/s" preceded by a space. See
@@ -762,10 +829,11 @@ const pseudoFFProbeVideo = async (inputFilePath: string) => {
 };

 /**
- * Upload the file at the given {@link videoFilePath} to the provided presigned
- * {@link objectUploadURL} using a HTTP PUT request.
+ * Upload the file at the given {@link videoFilePath} to the provided pre-signed
+ * URL(s) using a HTTP PUT request.
 *
- * In case on non-HTTP-4xx errors, retry up to 3 times with exponential backoff.
+ * All HTTP requests are retried up to 4 times (1 original + 3 retries) with
+ * exponential backoff.
 *
 * See: [Note: Upload HLS video segment from node side].
 *
@@ -774,20 +842,155 @@ const pseudoFFProbeVideo = async (inputFilePath: string) => {
 *
 * @param videoSize The size in bytes of the file at {@link videoFilePath}.
 *
- * @param objectUploadURL A pre-signed URL to upload the file.
+ * @param fileID The ID of the {@link EnteFile} whose video segment this is.
 *
- * ---
+ * @param fetchURL The API URL for fetching pre-signed upload URLs.
 *
- * This is an inlined but bespoke reimplementation of `retryEnsuringHTTPOkOr4xx`
- * from `web/packages/base/http.ts`
+ * @param authToken The user's auth token for use with {@link fetchURL}.
+ *
+ * @return The object ID of the uploaded file on remote storage.
+ */
+const uploadVideoSegments = async (
+    videoFilePath: string,
+    videoSize: number,
+    fileID: number,
+    fetchURL: string,
+    authToken: string,
+) => {
+    // Self hosters might be using Cloudflare's free plan which (currently) has
+    // a maximum request size of 100 MB. Keeping a bit of margin for headers,
+    const partSize = 96 * 1024 * 1024; /* 96 MB */
+    const partCount = Math.ceil(videoSize / partSize);
+
+    const { objectID, url, partURLs, completeURL } =
+        await getFilePreviewDataUploadURL(
+            partCount,
+            fileID,
+            fetchURL,
+            authToken,
+        );
+
+    if (url) {
+        await uploadVideoSegmentsSingle(videoFilePath, videoSize, url);
+    } else if (partURLs && completeURL) {
+        await uploadVideoSegmentsMultipart(
+            videoFilePath,
+            videoSize,
+            partSize,
+            partURLs,
+            completeURL,
+        );
+    } else {
+        throw new Error("Malformed upload URLs");
+    }
+
+    return objectID;
+};
+
+const FilePreviewDataUploadURLResponse = z.object({
+    /**
+     * The objectID with which this uploaded data can be referred to post upload
+     * (e.g. when invoking {@link putVideoData}).
+     */
+    objectID: z.string(),
+    /**
+     * A pre-signed URL that can be used to upload the file.
+     *
+     * This will be present only if we requested a singular object upload URL.
+     */
+    url: z.string().nullish().transform(nullToUndefined),
+    /**
+     * A list of pre-signed URLs that can be used to upload parts of a multipart
+     * upload of the uploaded data.
+     *
+     * This will be present only if we requested a multipart upload URLs for the
+     * object by setting `isMultiPart` true in the request.
+     */
+    partURLs: z.string().array().nullish().transform(nullToUndefined),
+    /**
+     * A pre-signed URL that can be used to finalize the multipart upload.
+     *
+     * This will be present only if we requested a multipart upload URLs for the
+     * object by setting `isMultiPart` true in the request.
+     */
+    completeURL: z.string().nullish().transform(nullToUndefined),
+});
+
+/**
+ * Obtain a pre-signed URL(s) that can be used to upload the "file preview data"
+ * of type "vid_preview".
+ *
+ * This will be the file containing the encrypted video segments which the
+ * "vid_preview" HLS playlist for the file would refer to.
+ *
+ * @param partCount If greater than 1, then we request for a multipart upload.
+ */
+export const getFilePreviewDataUploadURL = async (
+    partCount: number,
+    fileID: number,
+    fetchURL: string,
+    authToken: string,
+) => {
+    const params = new URLSearchParams({
+        fileID: fileID.toString(),
+        type: "vid_preview",
+    });
+    if (partCount > 1) {
+        params.set("isMultiPart", "true");
+        params.set("count", partCount.toString());
+    }
+
+    const res = await retryEnsuringHTTPOk(() =>
+        fetch(`${fetchURL}?${params.toString()}`, {
+            headers: authenticatedRequestHeaders(
+                desktopAppVersion(),
+                authToken,
+            ),
+        }),
+    );
+
+    return FilePreviewDataUploadURLResponse.parse(await res.json());
+};
+
+const uploadVideoSegmentsSingle = (
+    videoFilePath: string,
+    videoSize: number,
+    objectUploadURL: string,
+) =>
+    retryEnsuringHTTPOk(() =>
+        // net.fetch is 40-50x slower than the native fetch for this particular
+        // PUT request. This is easily reproducible - replace `fetch` with
+        // `net.fetch`, then even on localhost the PUT requests start taking a
+        // minute or so, while they take second(s) with node's native fetch.
+        fetch(objectUploadURL, {
+            method: "PUT",
+            // net.fetch deduces and inserts a content-length for us, when we
+            // use the node native fetch then we need to provide it explicitly.
+            headers: {
+                ...publicRequestHeaders(desktopAppVersion()),
+                "Content-Length": `${videoSize}`,
+            },
+            // See: [Note: duplex param required for stream body]
+            // @ts-expect-error ^see note above
+            duplex: "half",
+            body: Readable.toWeb(fs_.createReadStream(videoFilePath)),
+        }),
+    );
+
+/**
+ * Retry a async operation on failure up to 4 times (1 original + 3 retries)
+ * with exponential backoff.
+ *
+ * This is an inlined but bespoke reimplementation of `retryEnsuringHTTPOk` from
+ * `web/packages/base/http.ts`
 *
 * - We don't have the rest of the scaffolding used by that function, which is
 *   why it is intially inlined bespoked.
 *
 * - It handles the specific use case of uploading videos since generating the
 *   HLS stream is a fairly expensive operation, so a retry to discount
- *   transient network issues is called for. There are only 2 retries for a
- *   total of 3 attempts, and the retry gaps are more spaced out.
+ *   transient network issues is called for. The number of retries and their
+ *   gaps are same as the "background" `retryProfile` of the web implementation.
 *
 * - Later it was discovered that net.fetch is much slower than node's native
 *   fetch, so this implementation has further diverged.
@@ -795,65 +998,84 @@ const pseudoFFProbeVideo = async (inputFilePath: string) => {
 * - This also moved to a utility process, where we also have a more restricted
 *   ability to import electron API.
 */
-const uploadVideoSegments = async (
-    videoFilePath: string,
-    videoSize: number,
-    objectUploadURL: string,
-) => {
-    const waitTimeBeforeNextTry = [5000, 20000];
+const retryEnsuringHTTPOk = async (request: () => Promise<Response>) => {
+    const waitTimeBeforeNextTry = [10000, 30000, 120000];

    while (true) {
-        let abort = false;
        try {
-            const nodeStream = fs_.createReadStream(videoFilePath);
-            const webStream = Readable.toWeb(nodeStream);
-
-            // net.fetch is 40-50x slower than the native fetch for this
-            // particular PUT request. This is easily reproducible - replace
-            // `fetch` with `net.fetch`, then even on localhost the PUT requests
-            // start taking a minute or so, while they take second(s) with
-            // node's native fetch.
-            const res = await fetch(objectUploadURL, {
-                method: "PUT",
-                // net.fetch apparently deduces and inserts a content-length,
-                // because when we use the node native fetch then we need to
-                // provide it explicitly.
-                headers: { "Content-Length": `${videoSize}` },
-                // The duplex option is required since we're passing a stream.
-                //
-                // @ts-expect-error TypeScript's libdom.d.ts does not include
-                // the "duplex" parameter, e.g. see
-                // https://github.com/node-fetch/node-fetch/issues/1769.
-                duplex: "half",
-                body: webStream,
-            });
-
-            if (res.ok) {
-                // Success.
-                return;
-            }
-            if (res.status >= 400 && res.status < 500 && res.status != 429) {
-                // HTTP 4xx, except potentially transient 429 rate limits.
-                abort = true;
-            }
+            const res = await request();
+            if (res.ok) /* Success. */ return res;
            throw new Error(
-                `Failed to upload generated HLS video: HTTP ${res.status} ${res.statusText}`,
+                `Request failed: HTTP ${res.status} ${res.statusText}`,
            );
        } catch (e) {
-            if (abort) {
-                throw e;
-            }
            const t = waitTimeBeforeNextTry.shift();
            if (!t) {
                throw e;
            } else {
                log.warn("Will retry potentially transient request failure", e);
+                await wait(t);
            }
-            await wait(t);
        }
    }
 };

+const uploadVideoSegmentsMultipart = async (
+    videoFilePath: string,
+    videoSize: number,
+    partSize: number,
+    partUploadURLs: string[],
+    completionURL: string,
+) => {
+    // The part we're currently uploading.
+    let partNumber = 0;
+    // A rolling offset into the file.
+    let start = 0;
+    // See `createMultipartUploadRequestBody` in the web code for a more
+    // expansive and documented version of this XML body construction.
+    const completionXML = ["<CompleteMultipartUpload>"];
+    for (const partUploadURL of partUploadURLs) {
+        partNumber += 1;
+        const size = Math.min(start + partSize, videoSize) - start;
+        const end = start + size - 1;
+        const res = await retryEnsuringHTTPOk(() =>
+            fetch(partUploadURL, {
+                method: "PUT",
+                headers: {
+                    ...publicRequestHeaders(desktopAppVersion()),
+                    "Content-Length": `${size}`,
+                },
+                // See: [Note: duplex param required for stream body]
+                // @ts-expect-error ^see note above
+                duplex: "half",
+                body: Readable.toWeb(
+                    // start and end are inclusive 0-indexed range of bytes to
+                    // read from the file.
+                    fs_.createReadStream(videoFilePath, { start, end }),
+                ),
+            }),
+        );
+        const eTag = res.headers.get("etag");
+        if (!eTag) throw new Error("Response did not have an ETag");
+        start += size;
+        completionXML.push(
+            `<Part><PartNumber>${partNumber}</PartNumber><ETag>${eTag}</ETag></Part>`,
+        );
+    }
+    completionXML.push("</CompleteMultipartUpload>");
+    const completionBody = completionXML.join("");
+    return await retryEnsuringHTTPOk(() =>
+        fetch(completionURL, {
+            method: "POST",
+            headers: {
+                ...publicRequestHeaders(desktopAppVersion()),
+                "Content-Type": "text/xml",
+            },
+            body: completionBody,
+        }),
+    );
+};
+
 /**
 * A regex that matches the first line of the form
 *
--- a/desktop/src/main/services/logout.ts
+++ b/desktop/src/main/services/logout.ts
@@ -3,6 +3,7 @@ import log from "../log";
 import { clearPendingVideoResults } from "../stream";
 import { clearStores } from "./store";
 import { watchReset } from "./watch";
+import { terminateUtilityProcesses } from "./workers";
 import { clearOpenZipCache } from "./zip";

 /**
@@ -36,4 +37,9 @@ export const logout = (watcher: FSWatcher) => {
    } catch (e) {
        ignoreError("zip cache", e);
    }
+    try {
+        terminateUtilityProcesses();
+    } catch (e) {
+        ignoreError("utility processes", e);
+    }
 };
--- a/desktop/src/main/services/ml-worker.ts
+++ b/desktop/src/main/services/ml-worker.ts
@@ -15,6 +15,7 @@ import { existsSync } from "fs";
 import fs from "node:fs/promises";
 import path from "node:path";
 import * as ort from "onnxruntime-node";
+import { z } from "zod/v4";
 import log from "../log-worker";
 import { messagePortMainEndpoint } from "../utils/comlink";
 import { wait } from "../utils/common";
@@ -23,6 +24,8 @@ import { fsStatMtime } from "./fs";

 log.debugString("Started ML utility process");

+process.on("uncaughtException", (e, origin) => log.error(origin, e));
+
 process.parentPort.once("message", (e) => {
    // Initialize ourselves with the data we got from our parent.
    parseInitData(e.data);
@@ -50,17 +53,10 @@ let _userDataPath: string | undefined;
 /** Equivalent to app.getPath("userData") */
 const userDataPath = () => _userDataPath!;

+const MLWorkerInitData = z.object({ userDataPath: z.string() });
+
 const parseInitData = (data: unknown) => {
-    if (
-        data &&
-        typeof data == "object" &&
-        "userDataPath" in data &&
-        typeof data.userDataPath == "string"
-    ) {
-        _userDataPath = data.userDataPath;
-    } else {
-        log.error("Unparseable initialization data");
-    }
+    _userDataPath = MLWorkerInitData.parse(data).userDataPath;
 };

 /**
@@ -188,14 +184,13 @@ const downloadModel = async (saveLocation: string, name: string) => {
 /**
 * Create an ONNX {@link InferenceSession} with some defaults.
 */
-const createInferenceSession = async (modelPath: string) => {
-    return await ort.InferenceSession.create(modelPath, {
+const createInferenceSession = (modelPath: string) =>
+    ort.InferenceSession.create(modelPath, {
        // Restrict the number of threads to 1.
        intraOpNumThreads: 1,
        // Be more conservative with RAM usage.
        enableCpuMemArena: false,
    });
-};

 const cachedCLIPImageSession = makeCachedInferenceSession(
    "mobileclip_s2_image_opset18_rgba_opt.onnx",
@@ -237,9 +232,11 @@ const getTokenizer = () => (_tokenizer ??= new Tokenizer());
 export const computeCLIPTextEmbeddingIfAvailable = async (text: string) => {
    const sessionOrSkip = await Promise.race([
        cachedCLIPTextSession(),
-        // Wait for a tick to get the session promise to resolved the first time
-        // this code runs on each app start (and the model has been downloaded).
-        wait(0).then(() => 1),
+        // Wait a bit to get the session promise to resolved the first time this
+        // code runs on each app start (in these cases the model will already be
+        // downloaded, so session creation should take only a 1 or 2 ticks: file
+        // system stat, and ort.InferenceSession.create).
+        wait(50).then(() => 1),
    ]);

    // Don't wait for the download to complete.
--- a/desktop/src/main/services/store.ts
+++ b/desktop/src/main/services/store.ts
@@ -24,17 +24,17 @@ export const clearStores = () => {
 * On macOS, `safeStorage` stores our data under a Keychain entry named
 * "<app-name> Safe Storage". In our case, "ente Safe Storage".
 */
-export const saveMasterKeyB64 = (masterKeyB64: string) => {
-    const encryptedKey = safeStorage.encryptString(masterKeyB64);
-    const b64EncryptedKey = Buffer.from(encryptedKey).toString("base64");
-    safeStorageStore.set("encryptionKey", b64EncryptedKey);
+export const saveMasterKeyInSafeStorage = (masterKey: string) => {
+    const encryptedKeyBuffer = safeStorage.encryptString(masterKey);
+    const encryptedKey = Buffer.from(encryptedKeyBuffer).toString("base64");
+    safeStorageStore.set("encryptionKey", encryptedKey);
 };

-export const masterKeyB64 = (): string | undefined => {
-    const b64EncryptedKey = safeStorageStore.get("encryptionKey");
-    if (!b64EncryptedKey) return undefined;
-    const keyBuffer = Buffer.from(b64EncryptedKey, "base64");
-    return safeStorage.decryptString(keyBuffer);
+export const masterKeyFromSafeStorage = (): string | undefined => {
+    const encryptedKey = safeStorageStore.get("encryptionKey");
+    if (!encryptedKey) return undefined;
+    const encryptedKeyBuffer = Buffer.from(encryptedKey, "base64");
+    return safeStorage.decryptString(encryptedKeyBuffer);
 };

 export const lastShownChangelogVersion = (): number | undefined =>
--- a/desktop/src/main/services/watch.ts
+++ b/desktop/src/main/services/watch.ts
@@ -28,6 +28,13 @@ export const createWatcher = (mainWindow: BrowserWindow) => {
        // Ask the watcher to wait for a the file size to stabilize before
        // telling us about a new file. By default, it waits for 2 seconds.
        awaitWriteFinish: true,
+        // On macOS we start getting "EMFILE: too many open files" when watching
+        // large folders. This is a known regression in Chokidar v4:
+        // https://github.com/paulmillr/chokidar/issues/1385
+        //
+        // The recommended workaround for now is to enable usePolling. Since it
+        // comes at a performance cost, we only do it where needed (macOS).
+        ...(process.platform == "darwin" ? { usePolling: true } : {}),
    });

    watcher
--- a/desktop/src/main/services/workers.ts
+++ b/desktop/src/main/services/workers.ts
@@ -15,9 +15,22 @@ import type { UtilityProcessType } from "../../types/ipc";
 import log, { processUtilityProcessLogMessage } from "../log";
 import { messagePortMainEndpoint } from "../utils/comlink";

+/**
+ * Terminate any existing utility processes if they're running.
+ *
+ * This function is called during the logout sequence.
+ */
+export const terminateUtilityProcesses = () => {
+    terminateMLProcessIfRunning();
+    terminateFFmpegProcessIfRunning();
+};
+
 /** The active ML utility process, if any. */
 let _utilityProcessML: UtilityProcess | undefined;

+/** The active FFmpeg utility process, if any. */
+let _utilityProcessFFmpeg: UtilityProcess | undefined;
+
 /**
 * A promise to a comlink {@link Endpoint} that can be used to communicate with
 * the active ffmpeg utility process (if any).
@@ -92,18 +105,22 @@ export const triggerCreateUtilityProcess = (
    window: BrowserWindow,
 ) => triggerCreateMLUtilityProcess(window);

-export const triggerCreateMLUtilityProcess = (window: BrowserWindow) => {
+const terminateMLProcessIfRunning = () => {
    if (_utilityProcessML) {
-        log.debug(() => "Terminating previous ML utility process");
+        log.debug(() => "Terminating running ML utility process");
        _utilityProcessML.kill();
        _utilityProcessML = undefined;
    }
+};
+
+export const triggerCreateMLUtilityProcess = (window: BrowserWindow) => {
+    terminateMLProcessIfRunning();

    const { port1, port2 } = new MessageChannelMain();

    const child = utilityProcess.fork(path.join(__dirname, "ml-worker.js"));
    const userDataPath = app.getPath("userData");
-    child.postMessage({ userDataPath }, [port1]);
+    child.postMessage(/* MLWorkerInitData */ { userDataPath }, [port1]);

    window.webContents.postMessage("utilityProcessPort/ml", undefined, [port2]);

@@ -173,7 +190,20 @@ const handleMessagesFromMLUtilityProcess = (child: UtilityProcess) => {
 export const ffmpegUtilityProcessEndpoint = () =>
    (_utilityProcessFFmpegEndpoint ??= createFFmpegUtilityProcessEndpoint());

+const terminateFFmpegProcessIfRunning = () => {
+    if (_utilityProcessFFmpeg) {
+        log.debug(() => "Terminating running FFmpeg utility process");
+        _utilityProcessFFmpeg.kill();
+        _utilityProcessFFmpeg = undefined;
+        _utilityProcessFFmpegEndpoint = undefined;
+    }
+};
+
 const createFFmpegUtilityProcessEndpoint = () => {
+    if (_utilityProcessFFmpeg) {
+        throw new Error("FFmpeg utility process is already running");
+    }
+
    // Promise.withResolvers is currently in the node available to us.
    let resolve: ((endpoint: Endpoint) => void) | undefined;
    const promise = new Promise<Endpoint>((r) => (resolve = r));
@@ -182,8 +212,10 @@ const createFFmpegUtilityProcessEndpoint = () => {

    const child = utilityProcess.fork(path.join(__dirname, "ffmpeg-worker.js"));
    // Send a handle to the port (one end of the message channel) to the utility
-    // process. The utility process will reply with an "ack" when it get it.
-    child.postMessage({}, [port1]);
+    // process (alongwith any other init data). The utility process will reply
+    // with an "ack" when it get it.
+    const appVersion = app.getVersion();
+    child.postMessage(/* FFmpegWorkerInitData */ { appVersion }, [port1]);

    child.on("message", (m: unknown) => {
        if (m && typeof m == "object" && "method" in m) {
@@ -201,6 +233,8 @@ const createFFmpegUtilityProcessEndpoint = () => {
        log.info("Ignoring unknown message from ffmpeg utility process", m);
    });

+    _utilityProcessFFmpeg = child;
+
    // Resolve with the other end of the message channel (once we get an "ack"
    // from the utility process).
    return promise;
--- a/desktop/src/main/stream.ts
+++ b/desktop/src/main/stream.ts
@@ -277,9 +277,9 @@ const handleVideoDone = async (token: string) => {
 *
 * The difference here is that we the conversion generates two streams^ - one
 * for the HLS playlist itself, and one for the file containing the encrypted
- * and transcoded video chunks. The video stream we write to the objectUploadURL
- * (provided via {@link params}), and then we return a JSON object containing
- * the token for the playlist, and other metadata for use by the renderer.
+ * and transcoded video chunks. The video stream we write to the pre-signed
+ * object upload URL(s), and then we return a JSON object containing the token
+ * for the playlist, and other metadata for use by the renderer.
 *
 * ^ if the video doesn't require a stream to be generated (e.g. it is very
 *   small and already uses a compatible codec) then a HTT 204 is returned and
@@ -289,8 +289,10 @@ const handleGenerateHLSWrite = async (
    request: Request,
    params: URLSearchParams,
 ) => {
-    const objectUploadURL = params.get("objectUploadURL");
-    if (!objectUploadURL) throw new Error("Missing objectUploadURL");
+    const fileID = parseInt(params.get("fileID") ?? "", 10);
+    const fetchURL = params.get("fetchURL");
+    const authToken = params.get("authToken");
+    if (!fileID || !fetchURL || !authToken) throw new Error("Missing params");

    let inputItem: Parameters<typeof makeFileForStreamOrPathOrZipItem>[0];
    const path = params.get("path");
@@ -324,7 +326,9 @@ const handleGenerateHLSWrite = async (
        result = await worker.ffmpegGenerateHLSPlaylistAndSegments(
            inputFilePath,
            outputFilePathPrefix,
-            objectUploadURL,
+            fileID,
+            fetchURL,
+            authToken,
        );

        if (!result) {
@@ -332,13 +336,18 @@ const handleGenerateHLSWrite = async (
            return new Response(null, { status: 204 });
        }

-        const { playlistPath, videoSize, dimensions } = result;
+        const { playlistPath, dimensions, videoSize, videoObjectID } = result;

        const playlistToken = randomUUID();
        pendingVideoResults.set(playlistToken, playlistPath);

        return new Response(
-            JSON.stringify({ playlistToken, videoSize, dimensions }),
+            JSON.stringify({
+                playlistToken,
+                dimensions,
+                videoSize,
+                videoObjectID,
+            }),
            { status: 200 },
        );
    } finally {
--- a/desktop/src/main/utils/common.ts
+++ b/desktop/src/main/utils/common.ts
@@ -15,3 +15,11 @@
 */
 export const wait = (ms: number) =>
    new Promise((resolve) => setTimeout(resolve, ms));
+
+/**
+ * Convert `null` to `undefined`, passthrough everything else unchanged.
+ *
+ * Duplicated from `web/packages/utils/transform.ts`.
+ */
+export const nullToUndefined = <T>(v: T | null | undefined): T | undefined =>
+    v === null ? undefined : v;
--- a/desktop/src/main/utils/http.ts
+++ b/desktop/src/main/utils/http.ts
@@ -0,0 +1,31 @@
+export const clientPackageName = "io.ente.photos.desktop";
+
+/**
+ * Reimplementation of {@link publicRequestHeaders} from the web source.
+ *
+ * @param desktopAppVersion The desktop app's version. This will get passed on
+ * as the "X-Client-Version" header.
+ *
+ * We cannot directly use `app.getVersion()` to obtain this value since the
+ * {@link app} module is not accessible to Electron utility processes which also
+ * calls this function.
+ */
+export const publicRequestHeaders = (desktopAppVersion: string) => ({
+    "X-Client-Package": clientPackageName,
+    "X-Client-Version": desktopAppVersion,
+});
+
+/**
+ * Reimplementation of {@link authenticatedRequestHeaders} from the web source.
+ *
+ * This builds on top of {@link publicRequestHeaders} and takes the same
+ * parameters, and additionally also requires the {@link authToken} that will be
+ * passed as the "X-Auth-Token" header.
+ */
+export const authenticatedRequestHeaders = (
+    desktopAppVersion: string,
+    authToken: string,
+) => ({
+    ...publicRequestHeaders(desktopAppVersion),
+    "X-Auth-Token": authToken,
+});
--- a/desktop/src/preload.ts
+++ b/desktop/src/preload.ts
@@ -113,10 +113,11 @@ const logout = () => {
    return ipcRenderer.invoke("logout");
 };

-const masterKeyB64 = () => ipcRenderer.invoke("masterKeyB64");
+const masterKeyFromSafeStorage = () =>
+    ipcRenderer.invoke("masterKeyFromSafeStorage");

-const saveMasterKeyB64 = (masterKeyB64: string) =>
-    ipcRenderer.invoke("saveMasterKeyB64", masterKeyB64);
+const saveMasterKeyInSafeStorage = (masterKey: string) =>
+    ipcRenderer.invoke("saveMasterKeyInSafeStorage", masterKey);

 const lastShownChangelogVersion = () =>
    ipcRenderer.invoke("lastShownChangelogVersion");
@@ -358,8 +359,8 @@ contextBridge.exposeInMainWorld("electron", {
    selectDirectory,
    pathForFile,
    logout,
-    masterKeyB64,
-    saveMasterKeyB64,
+    masterKeyFromSafeStorage,
+    saveMasterKeyInSafeStorage,
    lastShownChangelogVersion,
    setLastShownChangelogVersion,
    isAutoLaunchEnabled,
--- a/desktop/yarn.lock
+++ b/desktop/yarn.lock
@@ -25,7 +25,7 @@
    ajv "^6.12.0"
    ajv-keywords "^3.4.1"

-"@electron/asar@3.4.1":
+"@electron/asar@3.4.1", "@electron/asar@^3.2.7":
  version "3.4.1"
  resolved "https://registry.yarnpkg.com/@electron/asar/-/asar-3.4.1.tgz#4e9196a4b54fba18c56cd8d5cac67c5bdc588065"
  integrity sha512-i4/rNPRS84t0vSRa2HorerGRXWyF4vThfHesw0dmcWHp+cspK743UanA0suA5Q5y8kzY2y6YKrvbIUn69BCAiA==
@@ -34,15 +34,6 @@
    glob "^7.1.6"
    minimatch "^3.0.4"

-"@electron/asar@^3.2.7":
-  version "3.2.18"
-  resolved "https://registry.yarnpkg.com/@electron/asar/-/asar-3.2.18.tgz#fa607f829209bab8b9e0ce6658d3fe81b2cba517"
-  integrity sha512-2XyvMe3N3Nrs8cV39IKELRHTYUWFKrmqqSY1U+GMlc0jvqjIVnoxhNd2H4JolWQncbJi1DCvb5TNxZuI2fEjWg==
-  dependencies:
-    commander "^5.0.0"
-    glob "^7.1.6"
-    minimatch "^3.0.4"
-
 "@electron/fuses@^1.8.0":
  version "1.8.0"
  resolved "https://registry.yarnpkg.com/@electron/fuses/-/fuses-1.8.0.tgz#ad34d3cc4703b1258b83f6989917052cfc1490a0"
@@ -184,10 +175,10 @@
  resolved "https://registry.yarnpkg.com/@eslint/js/-/js-9.9.1.tgz#4a97e85e982099d6c7ee8410aacb55adaa576f06"
  integrity sha512-xIDQRsfg5hNBqHz04H1R3scSVwmI+KUbqjsQKHKQ1DAUSaUjYPReZZmS/5PNiKu1fUvzDd6H7DEDKACSEhu+TQ==

-"@eslint/js@^9.25.1":
-  version "9.25.1"
-  resolved "https://registry.yarnpkg.com/@eslint/js/-/js-9.25.1.tgz#25f5c930c2b68b5ebe7ac857f754cbd61ef6d117"
-  integrity sha512-dEIwmjntEx8u3Uvv+kr3PDeeArL8Hw07H9kyYxCjnM9pBjfEhk6uLXSchxxzgiwtRhhzVzqmUSDFBOi1TuZ7qg==
+"@eslint/js@^9.29.0":
+  version "9.29.0"
+  resolved "https://registry.yarnpkg.com/@eslint/js/-/js-9.29.0.tgz#dc6fd117c19825f8430867a662531da36320fe56"
+  integrity sha512-3PIF4cBw/y+1u2EazflInpV+lYsSG0aByVIQzAgb1m1MhHFSbqTyNqtBKHgWf/9Ykud+DhILS9EGkmekVhbKoQ==

 "@eslint/object-schema@^2.1.4":
  version "2.1.4"
@@ -209,6 +200,18 @@
  resolved "https://registry.yarnpkg.com/@humanwhocodes/retry/-/retry-0.3.0.tgz#6d86b8cb322660f03d3f0aa94b99bdd8e172d570"
  integrity sha512-d2CGZR2o7fS6sWB7DG/3a95bGKQyHMACZ5aW8qGkkqQpUoZV6C0X7Pc7l4ZNMZkfNBf4VWNe9E1jRsf0G146Ew==

+"@isaacs/balanced-match@^4.0.1":
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz#3081dadbc3460661b751e7591d7faea5df39dd29"
+  integrity sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==
+
+"@isaacs/brace-expansion@^5.0.0":
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz#4b3dabab7d8e75a429414a96bd67bf4c1d13e0f3"
+  integrity sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==
+  dependencies:
+    "@isaacs/balanced-match" "^4.0.1"
+
 "@isaacs/fs-minipass@^4.0.0":
  version "4.0.1"
  resolved "https://registry.yarnpkg.com/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz#2d59ae3ab4b38fb4270bfa23d30f8e2e86c7fe32"
@@ -297,10 +300,10 @@
  resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-2.0.0.tgz#f544a148d3ab35801c1f633a7441fd87c2e484bf"
  integrity sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==

-"@tsconfig/node22@^22.0.1":
-  version "22.0.1"
-  resolved "https://registry.yarnpkg.com/@tsconfig/node22/-/node22-22.0.1.tgz#27e3ee9b359e31e5b94690bf2bad5a923c1d57d0"
-  integrity sha512-VkgOa3n6jvs1p+r3DiwBqeEwGAwEvnVCg/hIjiANl5IEcqP3G0u5m8cBJspe1t9qjZRlZ7WFgqq5bJrGdgAKMg==
+"@tsconfig/node22@^22.0.2":
+  version "22.0.2"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node22/-/node22-22.0.2.tgz#1e04e2c5cc946dac787d69bb502462a851ae51b6"
+  integrity sha512-Kmwj4u8sDRDrMYRoN9FDEcXD8UpBSaPQQ24Gz+Gamqfm7xxn+GBR7ge/Z7pK8OXNGyUzbSwJj+TH6B+DS/epyA==

 "@types/auto-launch@^5.0.5":
  version "5.0.5"
@@ -324,11 +327,6 @@
  dependencies:
    "@types/ms" "*"

-"@types/ffmpeg-static@^3.0.3":
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/@types/ffmpeg-static/-/ffmpeg-static-3.0.3.tgz#605358ac6304507a75c2fd5fd861534837b19e2f"
-  integrity sha512-wmjANN0CiYs5clQESK+xE6plet0y9ndqaNBdQx4IIw7ZbPBMQw+14Lq4ky2WqMqGlpFJ9ZUxU0O43TvVZziyyA==
-
 "@types/fs-extra@9.0.13", "@types/fs-extra@^9.0.11":
  version "9.0.13"
  resolved "https://registry.yarnpkg.com/@types/fs-extra/-/fs-extra-9.0.13.tgz#7594fbae04fe7f1918ce8b3d213f74ff44ac1f45"
@@ -392,62 +390,78 @@
  dependencies:
    "@types/node" "*"

-"@typescript-eslint/eslint-plugin@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.32.1.tgz#9185b3eaa3b083d8318910e12d56c68b3c4f45b4"
-  integrity sha512-6u6Plg9nP/J1GRpe/vcjjabo6Uc5YQPAMxsgQyGC/I0RuukiG1wIe3+Vtg3IrSCVJDmqK3j8adrtzXSENRtFgg==
+"@typescript-eslint/eslint-plugin@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.34.1.tgz#56cf35b89383eaf2bdcf602f5bbdac6dbb11e51b"
+  integrity sha512-STXcN6ebF6li4PxwNeFnqF8/2BNDvBupf2OPx2yWNzr6mKNGF7q49VM00Pz5FaomJyqvbXpY6PhO+T9w139YEQ==
  dependencies:
    "@eslint-community/regexpp" "^4.10.0"
-    "@typescript-eslint/scope-manager" "8.32.1"
-    "@typescript-eslint/type-utils" "8.32.1"
-    "@typescript-eslint/utils" "8.32.1"
-    "@typescript-eslint/visitor-keys" "8.32.1"
+    "@typescript-eslint/scope-manager" "8.34.1"
+    "@typescript-eslint/type-utils" "8.34.1"
+    "@typescript-eslint/utils" "8.34.1"
+    "@typescript-eslint/visitor-keys" "8.34.1"
    graphemer "^1.4.0"
    ignore "^7.0.0"
    natural-compare "^1.4.0"
    ts-api-utils "^2.1.0"

-"@typescript-eslint/parser@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-8.32.1.tgz#18b0e53315e0bc22b2619d398ae49a968370935e"
-  integrity sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==
+"@typescript-eslint/parser@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-8.34.1.tgz#f102357ab3a02d5b8aa789655905662cc5093067"
+  integrity sha512-4O3idHxhyzjClSMJ0a29AcoK0+YwnEqzI6oz3vlRf3xw0zbzt15MzXwItOlnr5nIth6zlY2RENLsOPvhyrKAQA==
  dependencies:
-    "@typescript-eslint/scope-manager" "8.32.1"
-    "@typescript-eslint/types" "8.32.1"
-    "@typescript-eslint/typescript-estree" "8.32.1"
-    "@typescript-eslint/visitor-keys" "8.32.1"
+    "@typescript-eslint/scope-manager" "8.34.1"
+    "@typescript-eslint/types" "8.34.1"
+    "@typescript-eslint/typescript-estree" "8.34.1"
+    "@typescript-eslint/visitor-keys" "8.34.1"
    debug "^4.3.4"

-"@typescript-eslint/scope-manager@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-8.32.1.tgz#9a6bf5fb2c5380e14fe9d38ccac6e4bbe17e8afc"
-  integrity sha512-7IsIaIDeZn7kffk7qXC3o6Z4UblZJKV3UBpkvRNpr5NSyLji7tvTcvmnMNYuYLyh26mN8W723xpo3i4MlD33vA==
+"@typescript-eslint/project-service@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/project-service/-/project-service-8.34.1.tgz#20501f8b87202c45f5e70a5b24dcdcb8fe12d460"
+  integrity sha512-nuHlOmFZfuRwLJKDGQOVc0xnQrAmuq1Mj/ISou5044y1ajGNp2BNliIqp7F2LPQ5sForz8lempMFCovfeS1XoA==
  dependencies:
-    "@typescript-eslint/types" "8.32.1"
-    "@typescript-eslint/visitor-keys" "8.32.1"
+    "@typescript-eslint/tsconfig-utils" "^8.34.1"
+    "@typescript-eslint/types" "^8.34.1"
+    debug "^4.3.4"

-"@typescript-eslint/type-utils@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-8.32.1.tgz#b9292a45f69ecdb7db74d1696e57d1a89514d21e"
-  integrity sha512-mv9YpQGA8iIsl5KyUPi+FGLm7+bA4fgXaeRcFKRDRwDMu4iwrSHeDPipwueNXhdIIZltwCJv+NkxftECbIZWfA==
+"@typescript-eslint/scope-manager@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-8.34.1.tgz#727ea43441f4d23d5c73d34195427d85042e5117"
+  integrity sha512-beu6o6QY4hJAgL1E8RaXNC071G4Kso2MGmJskCFQhRhg8VOH/FDbC8soP8NHN7e/Hdphwp8G8cE6OBzC8o41ZA==
  dependencies:
-    "@typescript-eslint/typescript-estree" "8.32.1"
-    "@typescript-eslint/utils" "8.32.1"
+    "@typescript-eslint/types" "8.34.1"
+    "@typescript-eslint/visitor-keys" "8.34.1"
+
+"@typescript-eslint/tsconfig-utils@8.34.1", "@typescript-eslint/tsconfig-utils@^8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.34.1.tgz#d6abb1b1e9f1f1c83ac92051c8fbf2dbc4dc9f5e"
+  integrity sha512-K4Sjdo4/xF9NEeA2khOb7Y5nY6NSXBnod87uniVYW9kHP+hNlDV8trUSFeynA2uxWam4gIWgWoygPrv9VMWrYg==
+
+"@typescript-eslint/type-utils@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-8.34.1.tgz#df860d8edefbfe142473ea4defb7408edb0c379e"
+  integrity sha512-Tv7tCCr6e5m8hP4+xFugcrwTOucB8lshffJ6zf1mF1TbU67R+ntCc6DzLNKM+s/uzDyv8gLq7tufaAhIBYeV8g==
+  dependencies:
+    "@typescript-eslint/typescript-estree" "8.34.1"
+    "@typescript-eslint/utils" "8.34.1"
    debug "^4.3.4"
    ts-api-utils "^2.1.0"

-"@typescript-eslint/types@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-8.32.1.tgz#b19fe4ac0dc08317bae0ce9ec1168123576c1d4b"
-  integrity sha512-YmybwXUJcgGqgAp6bEsgpPXEg6dcCyPyCSr0CAAueacR/CCBi25G3V8gGQ2kRzQRBNol7VQknxMs9HvVa9Rvfg==
+"@typescript-eslint/types@8.34.1", "@typescript-eslint/types@^8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-8.34.1.tgz#565a46a251580dae674dac5aafa8eb14b8322a35"
+  integrity sha512-rjLVbmE7HR18kDsjNIZQHxmv9RZwlgzavryL5Lnj2ujIRTeXlKtILHgRNmQ3j4daw7zd+mQgy+uyt6Zo6I0IGA==

-"@typescript-eslint/typescript-estree@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-8.32.1.tgz#9023720ca4ecf4f59c275a05b5fed69b1276face"
-  integrity sha512-Y3AP9EIfYwBb4kWGb+simvPaqQoT5oJuzzj9m0i6FCY6SPvlomY2Ei4UEMm7+FXtlNJbor80ximyslzaQF6xhg==
+"@typescript-eslint/typescript-estree@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-8.34.1.tgz#befdb042a6bc44fdad27429b2d3b679c80daad71"
+  integrity sha512-rjCNqqYPuMUF5ODD+hWBNmOitjBWghkGKJg6hiCHzUvXRy6rK22Jd3rwbP2Xi+R7oYVvIKhokHVhH41BxPV5mA==
  dependencies:
-    "@typescript-eslint/types" "8.32.1"
-    "@typescript-eslint/visitor-keys" "8.32.1"
+    "@typescript-eslint/project-service" "8.34.1"
+    "@typescript-eslint/tsconfig-utils" "8.34.1"
+    "@typescript-eslint/types" "8.34.1"
+    "@typescript-eslint/visitor-keys" "8.34.1"
    debug "^4.3.4"
    fast-glob "^3.3.2"
    is-glob "^4.0.3"
@@ -455,23 +469,23 @@
    semver "^7.6.0"
    ts-api-utils "^2.1.0"

-"@typescript-eslint/utils@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-8.32.1.tgz#4d6d5d29b9e519e9a85e9a74e9f7bdb58abe9704"
-  integrity sha512-DsSFNIgLSrc89gpq1LJB7Hm1YpuhK086DRDJSNrewcGvYloWW1vZLHBTIvarKZDcAORIy/uWNx8Gad+4oMpkSA==
+"@typescript-eslint/utils@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-8.34.1.tgz#f98c9b0c5cae407e34f5131cac0f3a74347a398e"
+  integrity sha512-mqOwUdZ3KjtGk7xJJnLbHxTuWVn3GO2WZZuM+Slhkun4+qthLdXx32C8xIXbO1kfCECb3jIs3eoxK3eryk7aoQ==
  dependencies:
    "@eslint-community/eslint-utils" "^4.7.0"
-    "@typescript-eslint/scope-manager" "8.32.1"
-    "@typescript-eslint/types" "8.32.1"
-    "@typescript-eslint/typescript-estree" "8.32.1"
+    "@typescript-eslint/scope-manager" "8.34.1"
+    "@typescript-eslint/types" "8.34.1"
+    "@typescript-eslint/typescript-estree" "8.34.1"

-"@typescript-eslint/visitor-keys@8.32.1":
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-8.32.1.tgz#4321395cc55c2eb46036cbbb03e101994d11ddca"
-  integrity sha512-ar0tjQfObzhSaW3C3QNmTc5ofj0hDoNQ5XWrCy6zDyabdr0TWhCkClp+rywGNj/odAFBVzzJrK4tEq5M4Hmu4w==
+"@typescript-eslint/visitor-keys@8.34.1":
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-8.34.1.tgz#28a1987ea3542ccafb92aa792726a304b39531cf"
+  integrity sha512-xoh5rJ+tgsRKoXnkBPFRLZ7rjKM0AfVbC68UZ/ECXoDbfggb9RbEySN359acY1vS3qZ0jVTVWzbtfapwm5ztxw==
  dependencies:
-    "@typescript-eslint/types" "8.32.1"
-    eslint-visitor-keys "^4.2.0"
+    "@typescript-eslint/types" "8.34.1"
+    eslint-visitor-keys "^4.2.1"

 "@xmldom/xmldom@^0.8.8":
  version "0.8.10"
@@ -1177,7 +1191,7 @@ ejs@^3.1.8:
  dependencies:
    jake "^10.8.5"

-electron-builder@^26.0.14:
+electron-builder@26.0.14:
  version "26.0.14"
  resolved "https://registry.yarnpkg.com/electron-builder/-/electron-builder-26.0.14.tgz#8927c6da42a69425d15e08f351e944ea0e7866da"
  integrity sha512-YBxpWLMGj0oS7fbS3LVingeZqFunU0F8s+uB9QTd5+wN4qgrf/rSGRkqoImbWg2+F2yHq11wmaA/Xr9xzvgQ0w==
@@ -1193,10 +1207,10 @@ electron-builder@^26.0.14:
    simple-update-notifier "2.0.0"
    yargs "^17.6.2"

-electron-log@^5.4.0:
-  version "5.4.0"
-  resolved "https://registry.yarnpkg.com/electron-log/-/electron-log-5.4.0.tgz#3180bf5194b2e2efacb62ec1392f8150faf4de6b"
-  integrity sha512-AXI5OVppskrWxEAmCxuv8ovX+s2Br39CpCAgkGMNHQtjYT3IiVbSQTncEjFVGPgoH35ZygRm/mvUMBDWwhRxgg==
+electron-log@^5.4.1:
+  version "5.4.1"
+  resolved "https://registry.yarnpkg.com/electron-log/-/electron-log-5.4.1.tgz#700ddc6ef4b06c13a983468580ba7a7e579129d4"
+  integrity sha512-QvisA18Z++8E3Th0zmhUelys9dEv7aIeXJlbFw3UrxCc8H9qSRW0j8/ooTef/EtHui8tVmbKSL+EIQzP9GoRLg==

 electron-publish@26.0.13:
  version "26.0.13"
@@ -1220,10 +1234,10 @@ electron-store@^8.2.0:
    conf "^10.2.0"
    type-fest "^2.17.0"

-electron-updater@^6.6.3:
-  version "6.6.3"
-  resolved "https://registry.yarnpkg.com/electron-updater/-/electron-updater-6.6.3.tgz#a1f53671ffbb08a475d495d48f0c0d971e665d5d"
-  integrity sha512-i448/SwMtqxy5wqAcXScnWjiFxZp+hmWA2jZCmojcdfodEGhi/DWTdRP01mE3lCILb8hmdE28SBaHf1oQW3+kw==
+electron-updater@^6.6.5:
+  version "6.6.5"
+  resolved "https://registry.yarnpkg.com/electron-updater/-/electron-updater-6.6.5.tgz#6614daa2f737c294471eee7ce7b61deda0d5543a"
+  integrity sha512-jnk38WfByl2Pb0cje02xls/pJkvkq3AQZI7usDCLriU23adkerLTkRrugbCPuUxUOa79nY1g/rokHPWHZFBKyA==
  dependencies:
    builder-util-runtime "9.3.2"
    fs-extra "^10.1.0"
@@ -1234,10 +1248,10 @@ electron-updater@^6.6.3:
    semver "^7.6.3"
    tiny-typed-emitter "^2.1.0"

-electron@^36.2.1:
-  version "36.2.1"
-  resolved "https://registry.yarnpkg.com/electron/-/electron-36.2.1.tgz#7c9d7c6c7076a3ddb7b1c326a851cb92c775b0b1"
-  integrity sha512-mm1Y+Ms46xcOTA69h8hpqfX392HfV4lga9aEkYkd/Syx1JBStvcACOIouCgGrnZpxNZPVS1jM8NTcMkNjuK6BQ==
+electron@^37.1.0:
+  version "37.1.0"
+  resolved "https://registry.yarnpkg.com/electron/-/electron-37.1.0.tgz#6d6d1891f8add5d2d44007e2ee5d4542140fc4b4"
+  integrity sha512-Fcr3yfAw4oU392waVZSlrFUQx4P+h/k31+PRgkBY9tFx9E/zxzdPQQj0achZlG1HRDusw3ooQB+OXb9PvufdzA==
  dependencies:
    "@electron/get" "^2.0.0"
    "@types/node" "^22.7.7"
@@ -1312,11 +1326,16 @@ eslint-visitor-keys@^3.3.0, eslint-visitor-keys@^3.4.3:
  resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz#0cd72fe8550e3c2eae156a96a4dddcd1c8ac5800"
  integrity sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==

-eslint-visitor-keys@^4.0.0, eslint-visitor-keys@^4.2.0:
+eslint-visitor-keys@^4.0.0:
  version "4.2.0"
  resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz#687bacb2af884fcdda8a6e7d65c606f46a14cd45"
  integrity sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==

+eslint-visitor-keys@^4.2.1:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz#4cfea60fe7dd0ad8e816e1ed026c1d5251b512c1"
+  integrity sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==
+
 eslint@^9:
  version "9.9.1"
  resolved "https://registry.yarnpkg.com/eslint/-/eslint-9.9.1.tgz#147ac9305d56696fb84cf5bdecafd6517ddc77ec"
@@ -2260,11 +2279,11 @@ mimic-response@^3.1.0:
  integrity sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==

 minimatch@^10.0.0:
-  version "10.0.1"
-  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.0.1.tgz#ce0521856b453c86e25f2c4c0d03e6ff7ddc440b"
-  integrity sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==
+  version "10.0.3"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.0.3.tgz#cf7a0314a16c4d9ab73a7730a0e8e3c3502d47aa"
+  integrity sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==
  dependencies:
-    brace-expansion "^2.0.1"
+    "@isaacs/brace-expansion" "^5.0.0"

 minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2:
  version "3.1.2"
@@ -2664,13 +2683,13 @@ prettier-plugin-organize-imports@^4.1.0:
  resolved "https://registry.yarnpkg.com/prettier-plugin-organize-imports/-/prettier-plugin-organize-imports-4.1.0.tgz#f3d3764046a8e7ba6491431158b9be6ffd83b90f"
  integrity sha512-5aWRdCgv645xaa58X8lOxzZoiHAldAPChljr/MT0crXVOWTZ+Svl4hIWlz+niYSlO6ikE5UXkN1JrRvIP2ut0A==

-prettier-plugin-packagejson@^2.5.13:
-  version "2.5.13"
-  resolved "https://registry.yarnpkg.com/prettier-plugin-packagejson/-/prettier-plugin-packagejson-2.5.13.tgz#4e908d25b97a8f8f1cb69fd611caa677653787d5"
-  integrity sha512-94B/Xy25HwiwSkGUGnwQw3cBw9jg9L5LfKCHpuRMjC8ETPq4oCMa2S4EblV628E0XER9n6v5rH0TQY9cUd10pg==
+prettier-plugin-packagejson@^2.5.15:
+  version "2.5.15"
+  resolved "https://registry.yarnpkg.com/prettier-plugin-packagejson/-/prettier-plugin-packagejson-2.5.15.tgz#7ea880d4bb1681b5331ea7044efd3d653776f469"
+  integrity sha512-2QSx6y4IT6LTwXtCvXAopENW5IP/aujC8fobEM2pDbs0IGkiVjW/ipPuYAHuXigbNe64aGWF7vIetukuzM3CBw==
  dependencies:
    sort-package-json "3.2.1"
-    synckit "0.11.5"
+    synckit "0.11.8"

 prettier@3.5.3:
  version "3.5.3"
@@ -3108,13 +3127,12 @@ supports-preserve-symlinks-flag@^1.0.0:
  resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09"
  integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==

-synckit@0.11.5:
-  version "0.11.5"
-  resolved "https://registry.yarnpkg.com/synckit/-/synckit-0.11.5.tgz#258b3185736512f7ef11a42d67c4f3ad49da1744"
-  integrity sha512-frqvfWyDA5VPVdrWfH24uM6SI/O8NLpVbIIJxb8t/a3YGsp4AW9CYgSKC0OaSEfexnp7Y1pVh2Y6IHO8ggGDmA==
+synckit@0.11.8:
+  version "0.11.8"
+  resolved "https://registry.yarnpkg.com/synckit/-/synckit-0.11.8.tgz#b2aaae998a4ef47ded60773ad06e7cb821f55457"
+  integrity sha512-+XZ+r1XGIJGeQk3VvXhT6xx/VpbHsRzsTkGgF6E5RX9TTXD0118l87puaEBZ566FhqblC6U0d4XnubznJDm30A==
  dependencies:
    "@pkgr/core" "^0.2.4"
-    tslib "^2.8.1"

 tar@^6.0.5, tar@^6.1.11, tar@^6.1.12, tar@^6.2.1:
  version "6.2.1"
@@ -3214,11 +3232,6 @@ tslib@^2.1.0:
  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.7.0.tgz#d9b40c5c40ab59e8738f297df3087bf1a2690c01"
  integrity sha512-gLXCKdN1/j47AiHiOkJN69hJmcbGTHI0ImLmbYLHykhgeN0jVGola9yVjFgzCUklsZQMW55o+dW7IXv3RCXDzA==

-tslib@^2.8.1:
-  version "2.8.1"
-  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.1.tgz#612efe4ed235d567e8aba5f2a5fab70280ade83f"
-  integrity sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==
-
 type-check@^0.4.0, type-check@~0.4.0:
  version "0.4.0"
  resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1"
@@ -3241,14 +3254,14 @@ typedarray@^0.0.6:
  resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777"
  integrity sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==

-typescript-eslint@^8.32.1:
-  version "8.32.1"
-  resolved "https://registry.yarnpkg.com/typescript-eslint/-/typescript-eslint-8.32.1.tgz#1784335c781491be528ff84ab666e2f0f7591fd1"
-  integrity sha512-D7el+eaDHAmXvrZBy1zpzSNIRqnCOrkwTgZxTu3MUqRWk8k0q9m9Ho4+vPf7iHtgUfrK/o8IZaEApsxPlHTFCg==
+typescript-eslint@^8.34.1:
+  version "8.34.1"
+  resolved "https://registry.yarnpkg.com/typescript-eslint/-/typescript-eslint-8.34.1.tgz#4bab64b298531b9f6f3ff59b41a7161321ef8cd6"
+  integrity sha512-XjS+b6Vg9oT1BaIUfkW3M3LvqZE++rbzAMEHuccCfO/YkP43ha6w3jTEMilQxMF92nVOYCcdjv1ZUhAa1D/0ow==
  dependencies:
-    "@typescript-eslint/eslint-plugin" "8.32.1"
-    "@typescript-eslint/parser" "8.32.1"
-    "@typescript-eslint/utils" "8.32.1"
+    "@typescript-eslint/eslint-plugin" "8.34.1"
+    "@typescript-eslint/parser" "8.34.1"
+    "@typescript-eslint/utils" "8.34.1"

 typescript@^5.4.3, typescript@^5.8.3:
  version "5.8.3"
@@ -3410,3 +3423,8 @@ yocto-queue@^0.1.0:
  version "0.1.0"
  resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b"
  integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==
+
+zod@^3.25.67:
+  version "3.25.67"
+  resolved "https://registry.yarnpkg.com/zod/-/zod-3.25.67.tgz#62987e4078e2ab0f63b491ef0c4f33df24236da8"
+  integrity sha512-idA2YXwpCdqUSKRCACDE6ItZD9TZzy3OZMtpfLoh6oPR47lipysRrJfjzMqFxQ3uJuUPyUeWe1r9vLH33xO/Qw==
--- a/docs/docs/.vitepress/config.ts
+++ b/docs/docs/.vitepress/config.ts
@@ -8,13 +8,6 @@ export default defineConfig({
    head: [["link", { rel: "icon", type: "image/png", href: "/favicon.png" }]],
    cleanUrls: true,
    ignoreDeadLinks: "localhostLinks",
-    vite: {
-      build: {
-        rollupOptions: {
-          external: ['client-museum-s3.png'] // Added to handle static asset import
-        }
-      }
-    },
    themeConfig: {
        // We use the default theme (with some CSS color overrides). This
        // themeConfig block can be used to further customize the default theme.
--- a/docs/docs/.vitepress/sidebar.ts
+++ b/docs/docs/.vitepress/sidebar.ts
@@ -52,6 +52,10 @@ export const sidebar = [
                        link: "/photos/features/machine-learning",
                    },
                    { text: "Map", link: "/photos/features/map" },
+                    {
+                        text: "Notifications",
+                        link: "/photos/features/notifications",
+                    },
                    {
                        text: "Passkeys",
                        link: "/photos/features/passkeys",
@@ -292,7 +296,7 @@ export const sidebar = [
                    },
                    {
                        text: "Bucket CORS",
-                        link: '/self-hosting/troubleshooting/bucket-cors'
+                        link: "/self-hosting/troubleshooting/bucket-cors",
                    },
                    {
                        text: "Uploads",
@@ -311,16 +315,16 @@ export const sidebar = [
            {
                text: "Community Guides",
                collapsed: true,
-                items :[
+                items: [
                    {
                        text: "Ente via Tailscale",
-                        link: "/self-hosting/guides/Tailscale",
+                        link: "/self-hosting/guides/tailscale",
                    },
                    {
                        text: "Ente with External S3",
                        link: "/self-hosting/guides/external-s3",
-                    }                
-                ]
+                    },
+                ],
            },
            {
                text: "FAQ",
@@ -347,12 +351,4 @@ export const sidebar = [
            },
        ],
    },
-    {
-        text: "About",
-        link: "/about/",
-    },
-    {
-        text: "Contribute",
-        link: "/about/contribute",
-    },
 ];
--- a/docs/docs/about/contribute.md
+++ b/docs/docs/about/contribute.md
@@ -1,15 +0,0 @@
---
-title: Contribute
-description: Details about how to contribute to Ente's docs
---
-
-# Contributing
-
-To contribute to these docs, you can use the "Edit this page" button at the
-bottom of each page. This will allow you to directly edit the markdown file that
-is used to generate this documentation and open a quick pull request directly
-from GitHub's UI.
-
-If you're more comfortable in contributing with your text editor, see the
-`docs/` folder of our GitHub repository,
-[github.com/ente-io/ente](https://github.com/ente-io/ente).
--- a/docs/docs/about/index.md
+++ b/docs/docs/about/index.md
@@ -1,72 +0,0 @@
---
-title: About Ente
-description: >
-    An overview of Ente: the company, and the people behind it, and the products
-    that we make.
---
-
-# About
-
-Ente is a end-to-end encrypted platform for privately, reliably, and securely
-storing your data on the cloud. On top of this platform, Ente offers two
-products:
-
- **Ente Photos** - An alternative to Google Photos and Apple Photos
-
- **Ente Auth** - A free 2FA alternative to Authy
-
-Both these apps are available for all desktop (Linux, Mac, Windows) and mobile
-(Android, iOS and F-Droid) platforms. They also work directly in your web
-browser without you needing to install anything.
-
-More products are in the pipeline.
-
-## History
-
-Ente was the founded by Vishnu Mohandas (he's also Ente's CEO) in response to
-privacy concerns with major tech companies. The underlying motivation was the
-understanding that big tech had no incentive to fix their act, but with
-end-to-end encrypted cross platform apps, there was a way for people to take
-back control over their own data without sacrificing on features.
-
-### What does Ente mean?
-
-In Malayalam, Vishnu's native language, "ente" means "mine". Thus "Ente Photos"
-has the literal meaning "my photos".
-
-This was a good name, but still Vishnu looked around for better ones. But one
-day, he discovered that "ente" means "duck" in German. This unexpected
-connection sealed the deal. We should ask him why he likes ducks so much, but
-apparently he does, so this dual meaning ("mine" / "duck") led him to finalize
-the name, and also led to the adoption of "Ducky", Ente's mascot:
-
-<div align="center">
-
-![Ente's mascot, Ducky](ducky.png){width=200px}
-
-</div>
-
-For the full origin story of Ducky you can check out
-[this blog post](https://ente.io/blog/ducky/).
-
-### How do I pronounce Ente?
-
-en-_tay_. Like ca<i>fe</i>.
-
-## Get in touch
-
-If you have a support query that is not answered by these docs, please reach out
-to our Customer Support by sending an email to support@ente.io
-
-To stay up to date with new product launches, and behind the scenes details of
-how we're building Ente, you can read our [blog](https://ente.io/blog) (or
-subscribe to it via [RSS](https://ente.io/blog/rss.xml))
-
-To suggest new features and/or offer your perspective on how we should design
-planned and upcoming features, use our
-[GitHub discussions](https://github.com/ente-io/ente/discussions)
-
-Or if you'd just like to hang out, join our
-[Discord](https://discord.gg/z2YVKkycX3), follow us on
-[Twitter](https://twitter.com/enteio) or give us a shout out on
-[Mastodon](https://mstdn.social/@ente)
--- a/docs/docs/auth/faq/index.md
+++ b/docs/docs/auth/faq/index.md
@@ -41,6 +41,16 @@ Usually, this discrepancy occurs because the time in your browser might be
 incorrect. In particular, multiple users have reported that Firefox provides
 incorrect time when certain privacy settings are enabled.

+> [!TIP]
+>
+> Newer Ente Auth clients (upcoming 4.4.0+) will automatically try to correct
+> for incorrect system time, so you should be seeing correct codes even if your
+> system time is out of sync. However, this automatic correction will not work
+> if you're using Ente Auth in offline mode.
+>
+> If you've recently changed your system time and the codes are still incorrect,
+> try to refresh / restart the app if needed.
+
 ### Can I access my codes on web?

 You can access your codes on the web at [auth.ente.io](https://auth.ente.io).
--- a/docs/docs/auth/migration-guides/authy/index.md
+++ b/docs/docs/auth/migration-guides/authy/index.md
@@ -10,8 +10,9 @@ A guide written by Green, an ente.io lover
 > [!WARNING]
 >
 > Authy has dropped all support for its desktop apps. It is no longer possible
-> to export data from Authy using methods 1 and 2. You will need either an iOS device
-> and computer (method 4) or a rooted Android phone (method 3) to follow this guide.
+> to export data from Authy using methods 1 and 2. You will need either an iOS
+> device and computer (method 4) or a rooted Android phone (method 3) to follow
+> this guide.

 ---

@@ -204,11 +205,24 @@ This uses the tool [Aegis Authenticator](https://getaegis.app/) from

 ## Method 4: Authy-iOS-MiTM

-**Who should use this?** Technical iOS users of Authy that cannot export their tokens with methods 1 or 2 (due to those methods being patched) or method 3 (due to that method requiring a rooted Android device).
+**Who should use this?** Technical iOS users of Authy that cannot export their
+tokens with methods 1 or 2 (due to those methods being patched) or method 3 (due
+to that method requiring a rooted Android device).

-This method works by intercepting the data the Authy app receives while logging in for the first time, which contains your encrypted authenticator tokens. After the encrypted authenticator tokens are dumped, you can decrypt them using your backup password and convert them to an Ente token file.
+This method works by intercepting the data the Authy app receives while logging
+in for the first time, which contains your encrypted authenticator tokens. After
+the encrypted authenticator tokens are dumped, you can decrypt them using your
+backup password and convert them to an Ente token file.

-For an up-to-date guide of how to retrieve the encrypted authenticator tokens and decrypt them, please see [Authy-iOS-MiTM](https://github.com/AlexTech01/Authy-iOS-MiTM). To convert the `decrypted_tokens.json` file from that guide into a format Ente Authenticator can recognize, use [this](https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93?permalink_comment_id=5317087#gistcomment-5317087) Python script. Once you have the `ente_auth_import.plain` file from that script, transfer it to your device and follow the instructions below to import it into Ente Authenticator.
+For an up-to-date guide of how to retrieve the encrypted authenticator tokens
+and decrypt them, please see
+[Authy-iOS-MiTM](https://github.com/AlexTech01/Authy-iOS-MiTM). To convert the
+`decrypted_tokens.json` file from that guide into a format Ente Authenticator
+can recognize, use
+[this](https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93?permalink_comment_id=5317087#gistcomment-5317087)
+Python script. Once you have the `ente_auth_import.plain` file from that script,
+transfer it to your device and follow the instructions below to import it into
+Ente Authenticator.

 ## Importing to Ente Authenticator (Method 1, method 2.1, method 4)

--- a/docs/docs/de/auth/index.md
+++ b/docs/docs/de/auth/index.md
@@ -10,4 +10,4 @@ Ende-zu-Ende-verschlüsselte Authenticator-App für jedermann. Wir sind froh, da
 du hier bist!

 **Please note that this German translation is currently just a placeholder.**
-Know German? [Help us fill this in!](/about/contribute).
+Know German? [Help us fill this in!](/#contribute).
--- a/docs/docs/index.md
+++ b/docs/docs/index.md
@@ -1,15 +1,82 @@
 ---
 title: Home
+description: >
+    Introduction to Ente: Products, Community and Support
 ---

 # Welcome!

-This site contains documentation and help for Ente Photos and Ente Auth. It
-describes various features, and also offers various troubleshooting suggestions.
+![Ducky: Ente's Mascot](/public/ducky.png){width=50% style="margin: 0 auto"}

-Use the **sidebar** menu to navigate to information about the product (Photos or
-Auth) you'd like to know more about. Or use the **search** at the top to try and
-jump directly to page that might contain the information you need.
+## Introduction

-To know more about Ente, see [about](/about/) or visit our website
-[ente.io](https://ente.io).
+Ente (pronounced en-_tay_) is a end-to-end encrypted platform for privately,
+reliably, and securely storing your data on the cloud, over which 2 applications
+have been developed and made available for mobile, web and desktop, namely:
+
+- **Ente Photos** - An alternative to Google Photos and Apple Photos
+- **Ente Auth** - A free 2FA alternative to Authy
+
+## History
+
+Ente was the founded by Vishnu Mohandas (he's also Ente's CEO) in response to
+privacy concerns with major tech companies. The underlying motivation was the
+understanding that big tech had no incentive to fix their act, but with
+end-to-end encrypted cross platform apps, there was a way for people to take
+back control over their own data without sacrificing on features.
+
+### Origin of the name
+
+In Malayalam, Vishnu's native language, "ente" means "mine", thus "Ente Photos"
+literally means "my photos".
+
+But one day, he discovered that "ente" means "duck" in German. This unexpected
+connection sealed the deal after looking for alternative names and led to the
+adoption of ["Ducky"](https://ente.io/blog/ducky/), representing the playfulness
+and friendly nature of the community and team.
+
+## Getting Started
+
+We recommend reading the documentation for [Ente Photos](/photos/) or
+[Ente Auth](/auth/) to get started with installation on the desired platform,
+explore available features and usage.
+
+If you are looking to self-host Ente, we recommend you to read the
+[official documentation](/self-hosting/) for updated information on getting
+started, installation, administration and maintenance.
+
+## Contributing
+
+There are many ways to support Ente and you don't have to be a programmer for
+that. You can spread the word, give feedback, report bugs, help us with
+translations, contribute documentation and community guides and more.
+
+To suggest new features and/or offer your perspective on how we should design
+(planned and upcoming features), use our
+[GitHub discussions](https://github.com/ente-io/ente/discussions)
+
+You can find our contribution guidelines
+[here](https://github.com/ente-io/ente/blob/main/CONTRIBUTING.md).
+
+You can always engage with our community and team to hang out, answer queries
+and stay updated:
+
+- Chat: [Discord](https://ente.io/discord)
+- Discussions: [GitHub](https://github.com/ente-io/ente/discussions)
+- Socials:
+    - Twitter: [enteio](https://twitter.com/enteio)
+    - Mastodon: [@ente@fosstodon.org](https://fosstodon.org/@ente)
+    - Bluesky: [ente.io](https://bsky.app/profile/ente.io)
+    - Instagram: [ente.app](https://www.instagram.com/ente.app)
+- Website:
+    - [Blog](https://ente.io/blog)
+    - [RSS](https://ente.io/blog/rss.xml)
+
+## Getting Help
+
+If you encounter any issues with any of the products that's not answered by our
+documentation, please reach out to our team by sending an email to
+[support@ente.io](mailto:support@ente.io)
+
+For community support, please post your queries on
+[Discord](https://discord.gg/z2YVKkycX3)
--- a/docs/docs/photos/faq/desktop.md
+++ b/docs/docs/photos/faq/desktop.md
@@ -1,6 +1,7 @@
 ---
 title: Desktop app FAQ
-description: An assortment of frequently asked questions about Ente Photos desktop app
+description:
+    An assortment of frequently asked questions about Ente Photos desktop app
 ---

 # Desktop app FAQ
@@ -15,7 +16,8 @@ to manually update the software.

 ### Upload errors

-**How do I identify which files experienced upload issues within the desktop app?**
+**How do I identify which files experienced upload issues within the desktop
+app?**

 Check the sections within the upload progress bar for "Failed Uploads," "Ignored
 Uploads," and "Unsuccessful Uploads."
@@ -33,6 +35,5 @@ be specific to your distro (e.g. `xdg-desktop-menu forceupdate`).

 > [!NOTE]
 >
-> If you're using an AppImage and not seeing the icon, you'll need to [enable
-> AppImage desktop
-> integration](/photos/troubleshooting/desktop-install/#appimage-desktop-integration).
+> If you're using an AppImage and not seeing the icon, you'll need to
+> [enable AppImage desktop integration](/photos/troubleshooting/desktop-install/#appimage-desktop-integration).
--- a/docs/docs/photos/faq/export.md
+++ b/docs/docs/photos/faq/export.md
@@ -7,9 +7,10 @@ description: Frequently asked questions about keeping extra backups of your data

 ## How can I backup my data in a local drive outside Ente?

-You can use our CLI tool or our desktop app to set up exports of your data
-to your local drive. This way, you can use Ente in your day to day use, with an additional guarantee that a copy of your original photos and videos are
-always available on your machine.
+You can use our CLI tool or our desktop app to set up exports of your data to
+your local drive. This way, you can use Ente in your day to day use, with an
+additional guarantee that a copy of your original photos and videos are always
+available on your machine.

 - You can use [Ente's CLI](https://github.com/ente-io/ente/tree/main/cli#export)
  to export your data in a cron job to a location of your choice. The exports
@@ -21,7 +22,7 @@ always available on your machine.
  background without you needing to run any other cron jobs. See
  [migration/export](/photos/migration/export/) for more details.

-## Does the exported data preserve folder structure?
+## Does the exported data preserve album structure?

 Yes. When you export your data for local backup, it will maintain the exact
 album structure how you have set up within Ente.
--- a/docs/docs/photos/faq/face-recognition.md
+++ b/docs/docs/photos/faq/face-recognition.md
@@ -1,7 +1,6 @@
 ---
 title: Face recognition
-description:
-    Frequently asked questions about Ente's face recognition
+description: Frequently asked questions about Ente's face recognition
 ---

 # Face recognition
--- a/docs/docs/photos/faq/general.md
+++ b/docs/docs/photos/faq/general.md
@@ -26,7 +26,6 @@ unsupported file format and we will do our best to help you out.

 Yes, we currently do not support files larger than 4 GB.

-
 ## Does Ente support videos?

 Ente supports backing up and downloading of videos in their original format and
@@ -101,29 +100,53 @@ clicking on "Your map" under "Locations" on the search screen.

 ## How to reset my password if I lost it?

-On the login page, enter your email and click on Forgot Password. Then, enter your recovery key and create a new password.
+On the login page, enter your email and click on Forgot Password. Then, enter
+your recovery key and create a new password.

- # iOS Album Backup and Organization in Ente
+## Can I search for photos using the descriptions I’ve added?

- ### How does Ente handle photos that are part of multiple iOS albums?
-When you select multiple albums for backup, Ente prioritizes uploading each photo to the album with the fewest photos. This means a photo will only be uploaded once, even if it exists in multiple albums on your device. If you create new albums on your device after the initial backup, those photos may not appear in the corresponding Ente album if they were already uploaded to a different album.
+Yes, descriptions are searchable, making it easier to find specific photos
+later. To do this, open the photo, tap the (i) button, and enter your
+description.

+## How does the deduplication feature work on the desktop app?

-### Why don’t all photos from a new iOS album appear in the corresponding Ente album?
-If you create a new album on your device after the initial backup, the photos in that album may have already been uploaded to another album in Ente. To fix this, go to the "On Device" album in Ente, select all photos, and manually add them to the corresponding album in Ente.
+If the app finds exact duplicates, it will show them in the deduplication. When
+you delete a duplicate, the app keeps one copy and creates a symlink for the
+other duplicate. This helps save storage space.

-### What happens if I reorganize my photos in the iOS Photos app after backing up?
-Reorganizing photos in the iOS Photos app (e.g., moving photos to new albums) won’t automatically reflect in Ente. You’ll need to manually add those photos to the corresponding albums in Ente to maintain consistency.
+## What happens if I lose access to my email address? Can I use my recovery key to bypass email verification?

-### Can I search for photos using the descriptions I’ve added?
-Yes, descriptions are searchable, making it easier to find specific photos later.
-To do this, open the photo, tap the (i) button, and enter your description.
-
-### How does the deduplication feature work on the desktop app?
-If the app finds exact duplicates, it will show them in the deduplication. When you delete a duplicate, the app keeps one copy and creates a symlink for the other duplicate. This helps save storage space.
-
-### What happens if I lose access to my email address? Can I use my recovery key to bypass email verification?
-No, the recovery key does not bypass email verification. For security reasons, we do not disable or bypass email verification unless the account owner reaches out to us and successfully verifies their identity by providing details about their account.
+No, the recovery key does not bypass email verification. For security reasons,
+we do not disable or bypass email verification unless the account owner reaches
+out to us and successfully verifies their identity by providing details about
+their account.

 If you lose access to your email, please contact our support team at
 support@ente.io
+
+---
+
+# iOS Album Backup and Organization in Ente
+
+## How does Ente handle photos that are part of multiple iOS albums?
+
+When you select multiple albums for backup, Ente prioritizes uploading each
+photo to the album with the fewest photos. This means a photo will only be
+uploaded once, even if it exists in multiple albums on your device. If you
+create new albums on your device after the initial backup, those photos may not
+appear in the corresponding Ente album if they were already uploaded to a
+different album.
+
+## Why don’t all photos from a new iOS album appear in the corresponding Ente album?
+
+If you create a new album on your device after the initial backup, the photos in
+that album may have already been uploaded to another album in Ente. To fix this,
+go to the "On Device" album in Ente, select all photos, and manually add them to
+the corresponding album in Ente.
+
+## What happens if I reorganize my photos in the iOS Photos app after backing up?
+
+Reorganizing photos in the iOS Photos app (e.g., moving photos to new albums)
+won’t automatically reflect in Ente. You’ll need to manually add those photos to
+the corresponding albums in Ente to maintain consistency.
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 216 214.94"><path d="M109.8,214.94a4.87,4.87,0,0,1-4.26-2.66,4.5,4.5,0,0,1,.44-4.82l50.49-69.53L68,174.11a4.61,4.61,0,0,1-1.9.41,4.77,4.77,0,0,1-4.52-3.4,4.57,4.57,0,0,1,2-5.21L141.33,120,4.41,112.13a4.69,4.69,0,0,1,0-9.36l137-7.87L63.61,49a4.56,4.56,0,0,1-1.94-5.2,4.74,4.74,0,0,1,4.51-3.4,4.6,4.6,0,0,1,1.9.4L156.5,77,106,7.48a4.56,4.56,0,0,1-.44-4.83A4.84,4.84,0,0,1,109.84,0a4.59,4.59,0,0,1,3.28,1.41L213.77,102.05a7.65,7.65,0,0,1,0,10.8L113.08,213.53A4.59,4.59,0,0,1,109.8,214.94Z"/></svg>
				`@@ -0,0 +1 @@`
				`<svg height="2100" viewBox="0 0 32 21" width="3200" xmlns="http://www.w3.org/2000/svg"><path d="m9.9 20.1c-5.5 0-9.9-4.4-9.9-9.9s4.4-9.9 9.9-9.9h11.6c5.5 0 9.9 4.4 9.9 9.9s-4.4 9.9-9.9 9.9zm11.3-3.5c3.6 0 6.4-2.9 6.4-6.4 0-3.6-2.9-6.4-6.4-6.4h-11c-3.6 0-6.4 2.9-6.4 6.4s2.9 6.4 6.4 6.4z" fill="#c74634"/></svg>`