[docs] Update custom server section for cli

v0.8.68 (#1076 )
v0.8.68
2024-03-13 12:02:36 +05:30 · 2024-03-13 11:47:47 +05:30 · 2024-03-13 11:47:25 +05:30 · 2024-03-13 11:46:04 +05:30 · 2024-03-13 11:45:53 +05:30 · 2024-03-13 11:43:31 +05:30
472 changed files with 18213 additions and 5950 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,3 @@
+# Set line endings of shell scripts to LF, even on Windows, otherwise execution
+# within Docker fails.
+*.sh text eol=lf
--- a/.github/assets/github-badge.png
+++ b/.github/assets/github-badge.png
--- a/.github/assets/mastodon.svg
+++ b/.github/assets/mastodon.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="30" height="30" fill="#6364ff" viewBox="0 0 16 16">
+  <path d="M11.19 12.195c2.016-.24 3.77-1.475 3.99-2.603.348-1.778.32-4.339.32-4.339 0-3.47-2.286-4.488-2.286-4.488C12.062.238 10.083.017 8.027 0h-.05C5.92.017 3.942.238 2.79.765c0 0-2.285 1.017-2.285 4.488l-.002.662c-.004.64-.007 1.35.011 2.091.083 3.394.626 6.74 3.78 7.57 1.454.383 2.703.463 3.709.408 1.823-.1 2.847-.647 2.847-.647l-.06-1.317s-1.303.41-2.767.36c-1.45-.05-2.98-.156-3.215-1.928a4 4 0 0 1-.033-.496s1.424.346 3.228.428c1.103.05 2.137-.064 3.188-.189zm1.613-2.47H11.13v-4.08c0-.859-.364-1.295-1.091-1.295-.804 0-1.207.517-1.207 1.541v2.233H7.168V5.89c0-1.024-.403-1.541-1.207-1.541-.727 0-1.091.436-1.091 1.296v4.079H3.197V5.522q0-1.288.66-2.046c.456-.505 1.052-.764 1.793-.764.856 0 1.504.328 1.933.983L8 4.39l.417-.695c.429-.655 1.077-.983 1.934-.983.74 0 1.336.259 1.791.764q.662.757.661 2.046z"/>
+</svg>
--- a/.github/assets/twitter.svg
+++ b/.github/assets/twitter.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="#1e9bf0" viewBox="0 0 16 16">
+  <path d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334q.002-.211-.006-.422A6.7 6.7 0 0 0 16 3.542a6.7 6.7 0 0 1-1.889.518 3.3 3.3 0 0 0 1.447-1.817 6.5 6.5 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.32 9.32 0 0 1-6.767-3.429 3.29 3.29 0 0 0 1.018 4.382A3.3 3.3 0 0 1 .64 6.575v.045a3.29 3.29 0 0 0 2.632 3.218 3.2 3.2 0 0 1-.865.115 3 3 0 0 1-.614-.057 3.28 3.28 0 0 0 3.067 2.277A6.6 6.6 0 0 1 .78 13.58a6 6 0 0 1-.78-.045A9.34 9.34 0 0 0 5.026 15"/>
+</svg>
--- a/.github/workflows/auth-crowdin.yml
+++ b/.github/workflows/auth-crowdin.yml
@@ -3,15 +3,16 @@ name: "Sync Crowdin translations (auth)"
 on:
    push:
        paths:
-            # Run action when auth's intl_en.arb is changed
+            # Run workflow when auth's intl_en.arb is changed
            - "mobile/lib/l10n/arb/app_en.arb"
            # Or the workflow itself is changed
            - ".github/workflows/auth-crowdin.yml"
        branches: [main]
    schedule:
-        # Run every 24 hours - https://crontab.guru/#0_*/24_*_*_*
-        - cron: "0 */24 * * *"
-    workflow_dispatch: # Allow manually running the action
+        # See: [Note: Run every 24 hours]
+        - cron: "50 1 * * *"
+    # Also allow manually running the workflow
+    workflow_dispatch:

 jobs:
    synchronize-with-crowdin:
@@ -32,8 +33,8 @@ jobs:
                  localization_branch_name: crowdin-translations-auth
                  create_pull_request: true
                  skip_untranslated_strings: true
-                  pull_request_title: "New translations (auth)"
-                  pull_request_body: "New translations via [Crowdin GH Action](https://github.com/crowdin/github-action)"
+                  pull_request_title: "[auth] New translations"
+                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-authenticator-app)"
                  pull_request_base_branch_name: "main"
                  project_id: 575169
              env:
--- a/.github/workflows/auth-lint.yml
+++ b/.github/workflows/auth-lint.yml
@@ -1,11 +1,9 @@
 name: "Lint (auth)"

 on:
-    # Run on every push to branches (this also covers pull requests)
+    # Run on every push to a branch other than main that changes auth/
    push:
-        # See: [Note: Specify branch when specifying a path filter]
-        branches: ["**"]
-        # Only run if something changes in these paths
+        branches-ignore: [main]
        paths:
            - "auth/**"
            - ".github/workflows/auth-lint.yml"
@@ -35,3 +33,6 @@ jobs:
            - run: flutter pub get

            - run: flutter analyze --no-fatal-infos
+
+            - name: Verify custom icon JSON
+              run: cat assets/custom-icons/_data/custom-icons.json | jq empty
--- a/.github/workflows/auth-release.yml
+++ b/.github/workflows/auth-release.yml
@@ -29,7 +29,7 @@ on:
            - "auth-v*"

 env:
-    FLUTTER_VERSION: "3.16.9"
+    FLUTTER_VERSION: "3.13.4"

 jobs:
    build-ubuntu:
@@ -118,14 +118,11 @@ jobs:
                  updateOnlyUnreleased: true

            - name: Upload AAB to PlayStore
-              # Temporarily disable GP upload, enable this once desktop build
-              # testing is complete.
-              if: false
              uses: r0adkll/upload-google-play@v1
              with:
                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
                  packageName: io.ente.auth
-                  releaseFiles: build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
+                  releaseFiles: auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
                  track: internal

    build-windows:
--- a/.github/workflows/cli-release.yml
+++ b/.github/workflows/cli-release.yml
@@ -47,5 +47,8 @@ jobs:
                  release_name: ${{ github.ref_name }}
                  goversion: "1.20"
                  project_path: "./cli"
+                  pre_command: export CGO_ENABLED=0
+                  build_flags: "-trimpath"
+                  ldflags: "-X main.AppVersion=${{ github.ref_name }} -s -w"
                  md5sum: false
                  sha256sum: true
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -0,0 +1,47 @@
+name: "Deploy (docs)"
+
+on:
+    # Run on every push to main that changes docs/
+    push:
+        branches: [main]
+        paths:
+            - "docs/**"
+            - ".github/workflows/docs-deploy.yml"
+    # Also allow manually running the workflow
+    workflow_dispatch:
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: docs
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build production site
+              # Will create docs/.vitepress/dist
+              run: yarn build
+
+            - name: Publish
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: help
+                  directory: docs/docs/.vitepress/dist
+                  wranglerVersion: "3"
--- a/.github/workflows/docs-verify-build.yml
+++ b/.github/workflows/docs-verify-build.yml
@@ -0,0 +1,37 @@
+name: "Verify build (docs)"
+
+# Preflight build of docs. This allows us to ensure that yarn build is
+# succeeding before we merge the PR into main.
+
+on:
+    # Run on every push to a branch other than main that changes docs/
+    push:
+        branches-ignore: [main]
+        paths:
+            - "docs/**"
+            - ".github/workflows/docs-verify-build.yml"
+
+jobs:
+    verify-build:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: docs
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build production site
+              run: yarn build
--- a/.github/workflows/mobile-crowdin.yml
+++ b/.github/workflows/mobile-crowdin.yml
@@ -3,15 +3,16 @@ name: "Sync Crowdin translations (mobile)"
 on:
    push:
        paths:
-            # Run action when mobiles's intl_en.arb is changed
+            # Run workflow when mobiles's intl_en.arb is changed
            - "mobile/lib/l10n/intl_en.arb"
            # Or the workflow itself is changed
            - ".github/workflows/mobile-crowdin.yml"
        branches: [main]
    schedule:
-        # Run every 24 hours - https://crontab.guru/#0_*/24_*_*_*
-        - cron: "0 */24 * * *"
-    workflow_dispatch: # Allow manually running the action
+        # See: [Note: Run every 24 hours]
+        - cron: "40 1 * * *"
+    # Also allow manually running the workflow
+    workflow_dispatch:

 jobs:
    synchronize-with-crowdin:
@@ -32,8 +33,8 @@ jobs:
                  localization_branch_name: crowdin-translations-mobile
                  create_pull_request: true
                  skip_untranslated_strings: true
-                  pull_request_title: "New translations (mobile)"
-                  pull_request_body: "New translations via [Crowdin GH Action](https://github.com/crowdin/github-action)"
+                  pull_request_title: "[mobile] New translations"
+                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-photos-app)"
                  pull_request_base_branch_name: "main"
                  project_id: 574741
              env:
--- a/.github/workflows/mobile-lint.yml
+++ b/.github/workflows/mobile-lint.yml
@@ -1,11 +1,9 @@
 name: "Lint (mobile)"

 on:
-    # Run on every push (this also covers pull requests)
+    # Run on every push to a branch other than main that changes mobile/
    push:
-        # See: [Note: Specify branch when specifying a path filter]
-        branches: ["**"]
-        # Only run if something changes in these paths
+        branches-ignore: [main]
        paths:
            - "mobile/**"
            - ".github/workflows/mobile-lint.yml"
--- a/.github/workflows/mobile-release.yml
+++ b/.github/workflows/mobile-release.yml
@@ -39,7 +39,9 @@ jobs:
                  encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}

            - name: Build independent APK
-              run: flutter build apk --release --flavor independent && mv build/app/outputs/flutter-apk/app-independent-release.apk build/app/outputs/flutter-apk/ente.apk
+              run: |
+                flutter build apk --release --flavor independent
+                mv build/app/outputs/flutter-apk/app-independent-release.apk build/app/outputs/flutter-apk/ente-${{ github.ref_name }}.apk
              env:
                  SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_photos_key.jks"
                  SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
@@ -52,5 +54,5 @@ jobs:
            - name: Create a draft GitHub release
              uses: ncipollo/release-action@v1
              with:
-                  artifacts: "mobile/build/app/outputs/flutter-apk/ente.apk,mobile/build/app/outputs/flutter-apk/sha256sum"
+                  artifacts: "mobile/build/app/outputs/flutter-apk/ente-${{ github.ref_name }}.apk,mobile/build/app/outputs/flutter-apk/sha256sum"
                  draft: true
--- a/.github/workflows/server-lint.yml
+++ b/.github/workflows/server-lint.yml
@@ -1,11 +1,9 @@
 name: "Lint (server)"

 on:
-    # Run on every push (this also covers pull requests)
+    # Run on every push to a branch other than main that changes server/
    push:
-        # See: [Note: Specify branch when specifying a path filter]
-        branches: ["**"]
-        # Only run if something changes in these paths
+        branches-ignore: [main]
        paths:
            - "server/**"
            - ".github/workflows/server-lint.yml"
--- a/.github/workflows/web-crowdin.yml
+++ b/.github/workflows/web-crowdin.yml
@@ -3,15 +3,16 @@ name: "Sync Crowdin translations (web)"
 on:
    push:
        paths:
-            # Run action when web's en-US/translation.json is changed
+            # Run workflow when web's en-US/translation.json is changed
            - "web/apps/photos/public/locales/en-US/translation.json"
            # Or the workflow itself is changed
            - ".github/workflows/web-crowdin.yml"
        branches: [main]
    schedule:
-        # Run every 24 hours - https://crontab.guru/#0_*/24_*_*_*
-        - cron: "0 */24 * * *"
-    workflow_dispatch: # Allow manually running the action
+        # See: [Note: Run every 24 hours]
+        - cron: "20 1 * * *"
+    # Also allow manually running the workflow
+    workflow_dispatch:

 jobs:
    synchronize-with-crowdin:
@@ -32,8 +33,8 @@ jobs:
                  localization_branch_name: crowdin-translations-web
                  create_pull_request: true
                  skip_untranslated_strings: true
-                  pull_request_title: "New translations (web)"
-                  pull_request_body: "New translations via [Crowdin GH Action](https://github.com/crowdin/github-action)"
+                  pull_request_title: "[web] New translations"
+                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-photos-web)"
                  pull_request_base_branch_name: "main"
                  project_id: 569613
              env:
--- a/.github/workflows/web-deploy-accounts.yml
+++ b/.github/workflows/web-deploy-accounts.yml
@@ -0,0 +1,43 @@
+name: "Deploy (accounts)"
+
+on:
+    push:
+        # Run workflow on pushes to the deploy/accounts
+        branches: [deploy/accounts]
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: web
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build accounts
+              run: yarn build:accounts
+
+            - name: Publish accounts
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: deploy/accounts
+                  directory: web/apps/accounts/out
+                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-auth.yml
+++ b/.github/workflows/web-deploy-auth.yml
@@ -0,0 +1,43 @@
+name: "Deploy (auth)"
+
+on:
+    push:
+        # Run workflow on pushes to the deploy/auth
+        branches: [deploy/auth]
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: web
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build auth
+              run: yarn build:auth
+
+            - name: Publish auth
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: deploy/auth
+                  directory: web/apps/auth/out
+                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-cast.yml
+++ b/.github/workflows/web-deploy-cast.yml
@@ -0,0 +1,43 @@
+name: "Deploy (cast)"
+
+on:
+    push:
+        # Run workflow on pushes to the deploy/cast
+        branches: [deploy/cast]
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: web
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build cast
+              run: yarn build:cast
+
+            - name: Publish cast
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: deploy/cast
+                  directory: web/apps/cast/out
+                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-photos.yml
+++ b/.github/workflows/web-deploy-photos.yml
@@ -0,0 +1,43 @@
+name: "Deploy (photos)"
+
+on:
+    push:
+        # Run workflow on pushes to the deploy/photos
+        branches: [deploy/photos]
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: web
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build photos
+              run: yarn build:photos
+
+            - name: Publish photos
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: deploy/photos
+                  directory: web/apps/photos/out
+                  wranglerVersion: "3"
--- a/.github/workflows/web-lint.yml
+++ b/.github/workflows/web-lint.yml
@@ -1,20 +1,9 @@
 name: "Lint (web)"

 on:
-    # Run on every push (this also covers pull requests)
+    # Run on every push to a branch other than main that changes web/
    push:
-        # [Note: Specify branch when specifying a path filter]
-        #
-        # Path filters are ignored for tag pushes, which causes this workflow to
-        # always run when we push a tag. Defining an explicit branch solves the
-        # issue. From GitHub's docs:
-        #
-        # > if you define both branches/branches-ignore and paths/paths-ignore,
-        # > the workflow will only run when both filters are satisfied.
-        #
-        # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
-        branches: ["**"]
-        # Only run if something changes in these paths
+        branches-ignore: [main]
        paths:
            - "web/**"
            - ".github/workflows/web-lint.yml"
--- a/.github/workflows/web-nightly.yml
+++ b/.github/workflows/web-nightly.yml
@@ -0,0 +1,94 @@
+name: "Nightly (web)"
+
+on:
+    schedule:
+        # [Note: Run every 24 hours]
+        #
+        # Run every 24 hours - First field is minute, second is hour of the day
+        # This runs 23:15 UTC everyday - 1 and 15 are just arbitrary offset to
+        # avoid scheduling it on the exact hour, as suggested by GitHub.
+        #
+        # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
+        # https://crontab.guru/
+        #
+        - cron: "15 23 * * *"
+    # Also allow manually running the workflow
+    workflow_dispatch:
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: web
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build accounts
+              run: yarn build:accounts
+
+            - name: Publish accounts
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: n-accounts
+                  directory: web/apps/accounts/out
+                  wranglerVersion: "3"
+
+            - name: Build auth
+              run: yarn build:auth
+
+            - name: Publish auth
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: n-auth
+                  directory: web/apps/auth/out
+                  wranglerVersion: "3"
+
+            - name: Build cast
+              run: yarn build:cast
+
+            - name: Publish cast
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: n-cast
+                  directory: web/apps/cast/out
+                  wranglerVersion: "3"
+
+            - name: Build photos
+              run: yarn build:photos
+              env:
+                  NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT: https://albums.ente.sh
+
+            - name: Publish photos
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: n-photos
+                  directory: web/apps/photos/out
+                  wranglerVersion: "3"
--- a/.github/workflows/web-preview.yml
+++ b/.github/workflows/web-preview.yml
@@ -0,0 +1,52 @@
+name: "Preview (web)"
+
+on:
+    workflow_dispatch:
+        inputs:
+            app:
+                description: "App to build and deploy"
+                type: choice
+                required: true
+                default: "photos"
+                options:
+                    - "accounts"
+                    - "auth"
+                    - "cast"
+                    - "photos"
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: web
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "docs/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Build ${{ inputs.app }}
+              run: yarn build:${{ inputs.app }}
+
+            - name: Publish ${{ inputs.app }} to preview
+              uses: cloudflare/pages-action@1
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  projectName: ente
+                  branch: preview
+                  directory: web/apps/${{ inputs.app }}/out
+                  wranglerVersion: "3"
--- a/.gitmodules
+++ b/.gitmodules
@@ -9,10 +9,6 @@
 [submodule "auth/assets/simple-icons"]
 	path = auth/assets/simple-icons
 	url = https://github.com/simple-icons/simple-icons.git
-[submodule "desktop/thirdparty/next-electron-server"]
-	path = desktop/thirdparty/next-electron-server
-	url = https://github.com/ente-io/next-electron-server.git
-	branch = desktop
 [submodule "mobile/thirdparty/flutter"]
 	path = mobile/thirdparty/flutter
 	url = https://github.com/flutter/flutter.git
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -50,21 +50,22 @@ Thank you for your support.

 ## Document

-_Coming soon!_
-
 The help guides and FAQs for users of Ente products are also open source, and
 can be edited in a wiki-esque manner by our community members. More than the
 quantity, we feel this helps improve the quality and approachability of the
 documentation by bringing in more diverse viewpoints and familiarity levels.

+See [docs/](docs/README.md) for how to edit these documents.
+
 ## Code contributions

 If you'd like to contribute code, it is best to start small.

 Each of the individual product/platform specific directories in this repository
 have instructions on setting up a dev environment and making changes. The issues
-labelled "good first issues" should be good starting points. Once you have a
-bearing, you can head on to issues labelled "help wanted".
+and discussions (feature requests) labelled "good first issues" should be good
+starting points. Once you have a bearing, you can head on to issues or
+discussions labelled "help wanted".

 If you're planning on adding a new feature or making any other substantial
 change, please [discuss it with
--- a/README.md
+++ b/README.md
@@ -70,6 +70,7 @@ existing users will be grandfathered in.
 [<img height="42" src=".github/assets/app-store-badge.svg">](https://apps.apple.com/app/id6444121398)
 [<img height="42" src=".github/assets/play-store-badge.png">](https://play.google.com/store/apps/details?id=io.ente.auth)
 [<img height="42" src=".github/assets/f-droid-badge.png">](https://f-droid.org/packages/io.ente.auth/)
+[<img height="42" src=".github/assets/github-badge.png">](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
 [<img height="42" src=".github/assets/web-badge.svg">](https://auth.ente.io)

 </div>
@@ -98,6 +99,8 @@ connect with the community.
 [![Discord](https://img.shields.io/discord/948937918347608085?style=for-the-badge&logo=Discord&logoColor=white&label=Discord)](https://discord.gg/z2YVKkycX3)
 [![Ente's Blog RSS](https://img.shields.io/badge/blog-rss-F88900?style=for-the-badge&logo=rss&logoColor=white)](https://ente.io/blog/rss.xml)

+[![Twitter](.github/assets/twitter.svg)](https://twitter.com/enteio) &nbsp; [![Mastodon](.github/assets/mastodon.svg)](https://mstdn.social/@ente)
+
 ---

 ## Security
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -7,7 +7,7 @@ details as possible about whatever it is that you need help with, and we will
 get back to you as soon as possible.

 In some cases, your query might already have been answered in our help
-documentation (_Coming soon!_).
+documentation at [help.ente.io](https://help.ente.io).

 Other ways to get in touch are:

--- a/auth/README.md
+++ b/auth/README.md
@@ -12,7 +12,7 @@ multi-device sync.
 ### Android

 This repository's [GitHub
-releases](https://github.com/ente-io/ente/releases/latest/download/ente-auth.apk)
+releases](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
 contains APKs, built straight from source. These builds keep themselves updated,
 without relying on third party stores.

--- a/auth/analysis_options.yaml
+++ b/auth/analysis_options.yaml
@@ -27,6 +27,7 @@ linter:
    - use_rethrow_when_possible
    - directives_ordering
    - always_use_package_imports
+    - unawaited_futures

 analyzer:
  errors:
@@ -45,6 +46,8 @@ analyzer:
    prefer_const_declarations: warning
    prefer_const_constructors_in_immutables: ignore # too many warnings

+    unawaited_futures: warning # convert to warning after fixing existing issues
+
    avoid_renaming_method_parameters: ignore # incorrect warnings for `equals` overrides

  exclude:
--- a/auth/android/app/build.gradle
+++ b/auth/android/app/build.gradle
@@ -56,11 +56,11 @@ android {

    signingConfigs {
       release {
-           storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : file(System.getenv("SIGNING_KEY_PATH"))
-           keyAlias keystoreProperties['keyAlias'] ? keystoreProperties['keyAlias'] : System.getenv("SIGNING_KEY_ALIAS")
-           keyPassword keystoreProperties['keyPassword'] ? keystoreProperties['keyPassword'] : System.getenv("SIGNING_KEY_PASSWORD")
-           storePassword keystoreProperties['storePassword'] ? keystoreProperties['storePassword'] : System.getenv("SIGNING_STORE_PASSWORD")
-       }
+            storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : System.getenv("SIGNING_KEY_PATH") ? file(System.getenv("SIGNING_KEY_PATH")) : null
+            keyAlias keystoreProperties['keyAlias'] ? keystoreProperties['keyAlias'] : System.getenv("SIGNING_KEY_ALIAS")
+            keyPassword keystoreProperties['keyPassword'] ? keystoreProperties['keyPassword'] : System.getenv("SIGNING_KEY_PASSWORD")
+            storePassword keystoreProperties['storePassword'] ? keystoreProperties['storePassword'] : System.getenv("SIGNING_STORE_PASSWORD")
+        }
    }
    
    flavorDimensions "default"
--- a/auth/android/app/src/main/AndroidManifest.xml
+++ b/auth/android/app/src/main/AndroidManifest.xml
@@ -35,6 +35,13 @@
                <data android:scheme="otpauth" />
            </intent-filter>

+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+                <data android:scheme="enteauth" />
+            </intent-filter>
+
        </activity>

        <!-- Don't delete the meta-data below.
--- a/auth/assets/custom-icons/_data/custom-icons.json
+++ b/auth/assets/custom-icons/_data/custom-icons.json
@@ -37,8 +37,7 @@
    {
      "title": "BorgBase",
      "altNames": ["borg"],
-      "slug": "BorgBase",
-      "hex": "222C31"
+      "slug": "BorgBase"
    },
    {
      "title": "Brave Creators",
@@ -109,12 +108,11 @@
    {
      "title": "Gosuslugi",
      "altNames": ["Госуслуги"],
-      "slug": "Gosuslugi",
-      "hex": "EE2F53"
+      "slug": "Gosuslugi"
    },
    {
      "title": "Healthchecks.io",
-      "slug": "healthchecks",
+      "slug": "healthchecks"
    },
    {
      "title": "ING"
@@ -127,13 +125,11 @@
    },
    {
      "title": "IVPN",
-      "slug": "IVPN",
-      "hex": "FA3243"
+      "slug": "IVPN"
    },
    {
      "title": "IceDrive",
-      "slug": "Icedrive",
-      "hex": "1F4FD0"
+      "slug": "Icedrive"
    },
    {
      "title": "Jagex",
@@ -154,8 +150,7 @@
      "title": "Kite"
    },
    {
-      "title": "Koofr",
-      "hex": "71BA05"
+      "title": "Koofr"
    },
    {
      "title": "Kraken",
@@ -184,8 +179,7 @@
    {
      "title": "Murena",
      "altNames": ["eCloud"],
-      "slug": "ecloud",
-      "hex": "EC6A55"
+      "slug": "ecloud"
    },
    {
      "title": "Microsoft"
@@ -230,8 +224,7 @@
    },
    {
      "title": "pCloud",
-      "slug": "pCloud",
-      "hex": "1EBCC5"
+      "slug": "pCloud"
    },
    {
      "title": "Peerberry",
@@ -302,7 +295,7 @@
    },
    {
      "title": "Synology DSM",
-      "slug": "synology_dsm",
+      "slug": "synology_dsm"
    },
    {
      "title": "TCPShield",
@@ -371,8 +364,7 @@
    {
      "title": "Yandex",
      "altNames": ["Ya", "Яндекс"],
-      "slug": "Yandex",
-      "hex": "FC3F1D"
+      "slug": "Yandex"
    }
  ]
 }
--- a/auth/docs/README.md
+++ b/auth/docs/README.md
@@ -1,3 +1,12 @@
 ## Developer docs

 Documentation and notes about more advanced or infrequently needed details.
+
+### Running
+
+If you're using VSCode, you can setup the launch configuration by copying the
+template into your `.vscode` folder at the root of the project.
+
+```bash
+cp auth/docs/vscode/launch.json .vscode/
+```
--- a/auth/docs/release.md
+++ b/auth/docs/release.md
@@ -20,9 +20,3 @@ Set "Previous tag" to the last release of auth and press "Generate release
 notes". The generated release note will contain all PRs and new contributors
 from all the releases in the monorepo, so you'll need to filter them to keep
 only the things that relate to the auth.
-
---
-
-(TODO(MR): Fix this after the monorepo move) Xcode Cloud has already been
-configured and will automatically build and release to TestFlight when step 1
-was merged to main (you can see logs under the PR checks).
--- a/auth/docs/vscode/launch.json
+++ b/auth/docs/vscode/launch.json
@@ -6,14 +6,14 @@
            "request": "launch",
            "type": "dart",
            "flutterMode": "debug",
-            "program": "lib/main.dart",
+            "program": "auth/lib/main.dart",
            "args": ["--dart-define", "endpoint=http://localhost:8080"]
        },
        {
            "name": "Auth Android Dev",
            "request": "launch",
            "type": "dart",
-            "program": "lib/main.dart",
+            "program": "auth/lib/main.dart",
            "args": [
                "--dart-define",
                "endpoint=http://192.168.1.3:8080",
@@ -25,21 +25,21 @@
            "name": "Auth iOS Dev",
            "request": "launch",
            "type": "dart",
-            "program": "lib/main.dart",
+            "program": "auth/lib/main.dart",
            "args": ["--dart-define", "endpoint=http://192.168.1.30:8080"]
        },
        {
            "name": "Auth iOS Prod",
            "request": "launch",
            "type": "dart",
-            "program": "lib/main.dart",
+            "program": "auth/lib/main.dart",
            "args": ["--target", "lib/main.dart"]
        },
        {
            "name": "Auth Android Prod",
            "request": "launch",
            "type": "dart",
-            "program": "lib/main.dart",
+            "program": "auth/lib/main.dart",
            "args": ["--target", "lib/main.dart", "--flavor", "independent"]
        }
    ]
--- a/auth/flutter
+++ b/auth/flutter
--- a/auth/ios/Podfile.lock
+++ b/auth/ios/Podfile.lock
@@ -71,8 +71,6 @@ PODS:
  - move_to_background (0.0.1):
    - Flutter
  - MTBBarcodeScanner (5.0.11)
-  - open_filex (0.0.2):
-    - Flutter
  - OrderedSet (5.0.0)
  - package_info_plus (0.4.5):
    - Flutter
@@ -126,7 +124,6 @@ DEPENDENCIES:
  - fluttertoast (from `.symlinks/plugins/fluttertoast/ios`)
  - local_auth_ios (from `.symlinks/plugins/local_auth_ios/ios`)
  - move_to_background (from `.symlinks/plugins/move_to_background/ios`)
-  - open_filex (from `.symlinks/plugins/open_filex/ios`)
  - package_info_plus (from `.symlinks/plugins/package_info_plus/ios`)
  - path_provider_foundation (from `.symlinks/plugins/path_provider_foundation/darwin`)
  - privacy_screen (from `.symlinks/plugins/privacy_screen/ios`)
@@ -183,8 +180,6 @@ EXTERNAL SOURCES:
    :path: ".symlinks/plugins/local_auth_ios/ios"
  move_to_background:
    :path: ".symlinks/plugins/move_to_background/ios"
-  open_filex:
-    :path: ".symlinks/plugins/open_filex/ios"
  package_info_plus:
    :path: ".symlinks/plugins/package_info_plus/ios"
  path_provider_foundation:
@@ -226,7 +221,6 @@ SPEC CHECKSUMS:
  local_auth_ios: c6cf091ded637a88f24f86a8875d8b0f526e2605
  move_to_background: 39a5b79b26d577b0372cbe8a8c55e7aa9fcd3a2d
  MTBBarcodeScanner: f453b33c4b7dfe545d8c6484ed744d55671788cb
-  open_filex: 6e26e659846ec990262224a12ef1c528bb4edbe4
  OrderedSet: aaeb196f7fef5a9edf55d89760da9176ad40b93c
  package_info_plus: fd030dabf36271f146f1f3beacd48f564b0f17f7
  path_provider_foundation: 29f094ae23ebbca9d3d0cec13889cd9060c0e943
--- a/auth/ios/Runner/Info.plist
+++ b/auth/ios/Runner/Info.plist
@@ -37,6 +37,7 @@
 			<key>CFBundleURLSchemes</key>
 			<array>
 				<string>otpauth</string>
+				<string>enteauth</string>
 			</array>
 		</dict>
 	</array>
--- a/auth/lib/core/configuration.dart
+++ b/auth/lib/core/configuration.dart
@@ -6,6 +6,7 @@ import 'dart:typed_data';
 import 'package:bip39/bip39.dart' as bip39;
 import 'package:ente_auth/core/constants.dart';
 import 'package:ente_auth/core/event_bus.dart';
+import 'package:ente_auth/events/endpoint_updated_event.dart';
 import 'package:ente_auth/events/signed_in_event.dart';
 import 'package:ente_auth/events/signed_out_event.dart';
 import 'package:ente_auth/models/key_attributes.dart';
@@ -42,6 +43,7 @@ class Configuration {
  static const userIDKey = "user_id";
  static const hasMigratedSecureStorageKey = "has_migrated_secure_storage";
  static const hasOptedForOfflineModeKey = "has_opted_for_offline_mode";
+  static const endPointKey = "endpoint";
  final List<String> onlineSecureKeys = [
    keyKey,
    secretKeyKey,
@@ -317,7 +319,12 @@ class Configuration {
  }

  String getHttpEndpoint() {
-    return endpoint;
+    return _preferences.getString(endPointKey) ?? endpoint;
+  }
+
+  Future<void> setHttpEndpoint(String endpoint) async {
+    await _preferences.setString(endPointKey, endpoint);
+    Bus.instance.fire(EndpointUpdatedEvent());
  }

  String? getToken() {
--- a/auth/lib/core/logging/super_logging.dart
+++ b/auth/lib/core/logging/super_logging.dart
@@ -167,7 +167,7 @@ class SuperLogging {
      await setupLogDir();
    }
    if (sentryIsEnabled) {
-      setupSentry();
+      setupSentry().ignore();
    }

    Logger.root.level = Level.ALL;
@@ -250,7 +250,7 @@ class SuperLogging {

    // add error to sentry queue
    if (sentryIsEnabled && rec.error != null) {
-      _sendErrorToSentry(rec.error!, null);
+      _sendErrorToSentry(rec.error!, null).ignore();
    }
  }

@@ -289,7 +289,7 @@ class SuperLogging {
    SuperLogging.setUserID(await _getOrCreateAnonymousUserID());
    await for (final error in sentryQueueControl.stream.asBroadcastStream()) {
      try {
-        Sentry.captureException(
+        await Sentry.captureException(
          error,
        );
      } catch (e) {
--- a/auth/lib/core/network.dart
+++ b/auth/lib/core/network.dart
@@ -2,28 +2,24 @@ import 'dart:io';

 import 'package:dio/dio.dart';
 import 'package:ente_auth/core/configuration.dart';
-import 'package:ente_auth/core/constants.dart';
+import 'package:ente_auth/core/event_bus.dart';
+import 'package:ente_auth/events/endpoint_updated_event.dart';
 import 'package:fk_user_agent/fk_user_agent.dart';
 import 'package:flutter/foundation.dart';
 import 'package:package_info_plus/package_info_plus.dart';
-import 'package:shared_preferences/shared_preferences.dart';
 import 'package:uuid/uuid.dart';

 int kConnectTimeout = 15000;

 class Network {
-  // apiEndpoint points to the Ente server's API endpoint
-  static const apiEndpoint = String.fromEnvironment(
-    "endpoint",
-    defaultValue: kDefaultProductionEndpoint,
-  );
  late Dio _dio;
  late Dio _enteDio;

  Future<void> init() async {
    await FkUserAgent.init();
    final packageInfo = await PackageInfo.fromPlatform();
-    final preferences = await SharedPreferences.getInstance();
+    final endpoint = Configuration.instance.getHttpEndpoint();
+    
    _dio = Dio(
      BaseOptions(
        connectTimeout: kConnectTimeout,
@@ -34,10 +30,10 @@ class Network {
        },
      ),
    );
-    _dio.interceptors.add(RequestIdInterceptor());
+    
    _enteDio = Dio(
      BaseOptions(
-        baseUrl: apiEndpoint,
+        baseUrl: endpoint,
        connectTimeout: kConnectTimeout,
        headers: {
          HttpHeaders.userAgentHeader: FkUserAgent.userAgent,
@@ -46,7 +42,13 @@ class Network {
        },
      ),
    );
-    _enteDio.interceptors.add(EnteRequestInterceptor(preferences, apiEndpoint));
+    _setupInterceptors(endpoint);
+    
+    Bus.instance.on<EndpointUpdatedEvent>().listen((event) {
+      final endpoint = Configuration.instance.getHttpEndpoint();
+      _enteDio.options.baseUrl = endpoint;
+      _setupInterceptors(endpoint);
+    });
  }

  Network._privateConstructor();
@@ -55,34 +57,41 @@ class Network {

  Dio getDio() => _dio;
  Dio get enteDio => _enteDio;
+
+  void _setupInterceptors(String endpoint) {
+    _dio.interceptors.clear();
+    _dio.interceptors.add(RequestIdInterceptor());
+
+    _enteDio.interceptors.clear();
+    _enteDio.interceptors.add(EnteRequestInterceptor(endpoint));
+  }
 }

 class RequestIdInterceptor extends Interceptor {
  @override
  void onRequest(RequestOptions options, RequestInterceptorHandler handler) {
-    // ignore: prefer_const_constructors
-    options.headers.putIfAbsent("x-request-id", () => Uuid().v4().toString());
+    options.headers
+        .putIfAbsent("x-request-id", () => const Uuid().v4().toString());
    return super.onRequest(options, handler);
  }
 }

 class EnteRequestInterceptor extends Interceptor {
-  final SharedPreferences _preferences;
-  final String enteEndpoint;
+  final String endpoint;

-  EnteRequestInterceptor(this._preferences, this.enteEndpoint);
+  EnteRequestInterceptor(this.endpoint);

  @override
  void onRequest(RequestOptions options, RequestInterceptorHandler handler) {
    if (kDebugMode) {
      assert(
-      options.baseUrl == enteEndpoint,
-      "interceptor should only be used for API endpoint",
+        options.baseUrl == endpoint,
+        "interceptor should only be used for API endpoint",
      );
    }
-    // ignore: prefer_const_constructors
-    options.headers.putIfAbsent("x-request-id", () => Uuid().v4().toString());
-    final String? tokenValue = _preferences.getString(Configuration.tokenKey);
+    options.headers
+        .putIfAbsent("x-request-id", () => const Uuid().v4().toString());
+    final String? tokenValue = Configuration.instance.getToken();
    if (tokenValue != null) {
      options.headers.putIfAbsent("X-Auth-Token", () => tokenValue);
    }
--- a/auth/lib/events/endpoint_updated_event.dart
+++ b/auth/lib/events/endpoint_updated_event.dart
@@ -0,0 +1,3 @@
+import 'package:ente_auth/events/event.dart';
+
+class EndpointUpdatedEvent extends Event {}
--- a/auth/lib/gateway/authenticator.dart
+++ b/auth/lib/gateway/authenticator.dart
@@ -1,43 +1,29 @@
 import 'package:dio/dio.dart';
-import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/errors.dart';
+import 'package:ente_auth/core/network.dart';
 import 'package:ente_auth/models/authenticator/auth_entity.dart';
 import 'package:ente_auth/models/authenticator/auth_key.dart';

 class AuthenticatorGateway {
-  final Dio _dio;
-  final Configuration _config;
-  late String _basedEndpoint;
+  late Dio _enteDio;

-  AuthenticatorGateway(this._dio, this._config) {
-    _basedEndpoint = _config.getHttpEndpoint() + "/authenticator";
+  AuthenticatorGateway() {
+    _enteDio = Network.instance.enteDio;
  }

  Future<void> createKey(String encKey, String header) async {
-    await _dio.post(
-      _basedEndpoint + "/key",
+    await _enteDio.post(
+      "/authenticator/key",
      data: {
        "encryptedKey": encKey,
        "header": header,
      },
-      options: Options(
-        headers: {
-          "X-Auth-Token": _config.getToken(),
-        },
-      ),
    );
  }

  Future<AuthKey> getKey() async {
    try {
-      final response = await _dio.get(
-        _basedEndpoint + "/key",
-        options: Options(
-          headers: {
-            "X-Auth-Token": _config.getToken(),
-          },
-        ),
-      );
+      final response = await _enteDio.get("/authenticator/key");
      return AuthKey.fromMap(response.data);
    } on DioError catch (e) {
      if (e.response != null && (e.response!.statusCode ?? 0) == 404) {
@@ -51,17 +37,12 @@ class AuthenticatorGateway {
  }

  Future<AuthEntity> createEntity(String encryptedData, String header) async {
-    final response = await _dio.post(
-      _basedEndpoint + "/entity",
+    final response = await _enteDio.post(
+      "/authenticator/entity",
      data: {
        "encryptedData": encryptedData,
        "header": header,
      },
-      options: Options(
-        headers: {
-          "X-Auth-Token": _config.getToken(),
-        },
-      ),
    );
    return AuthEntity.fromMap(response.data);
  }
@@ -71,50 +52,35 @@ class AuthenticatorGateway {
    String encryptedData,
    String header,
  ) async {
-    await _dio.put(
-      _basedEndpoint + "/entity",
+    await _enteDio.put(
+      "/authenticator/entity",
      data: {
        "id": id,
        "encryptedData": encryptedData,
        "header": header,
      },
-      options: Options(
-        headers: {
-          "X-Auth-Token": _config.getToken(),
-        },
-      ),
    );
  }

  Future<void> deleteEntity(
    String id,
  ) async {
-    await _dio.delete(
-      _basedEndpoint + "/entity",
+    await _enteDio.delete(
+      "/authenticator/entity",
      queryParameters: {
        "id": id,
      },
-      options: Options(
-        headers: {
-          "X-Auth-Token": _config.getToken(),
-        },
-      ),
    );
  }

  Future<List<AuthEntity>> getDiff(int sinceTime, {int limit = 500}) async {
    try {
-      final response = await _dio.get(
-        _basedEndpoint + "/entity/diff",
+      final response = await _enteDio.get(
+        "/authenticator/entity/diff",
        queryParameters: {
          "sinceTime": sinceTime,
          "limit": limit,
        },
-        options: Options(
-          headers: {
-            "X-Auth-Token": _config.getToken(),
-          },
-        ),
      );
      final List<AuthEntity> authEntities = <AuthEntity>[];
      final diff = response.data["diff"] as List;
--- a/auth/lib/l10n/arb/app_en.arb
+++ b/auth/lib/l10n/arb/app_en.arb
@@ -59,7 +59,7 @@
    }
  },
  "contactSupport": "Contact support",
-  "rateUsOnStore" : "Rate us on {storeName}",
+  "rateUsOnStore": "Rate us on {storeName}",
  "blog": "Blog",
  "merchandise": "Merchandise",
  "verifyPassword": "Verify password",
@@ -133,7 +133,6 @@
  "faq_q_5": "How can I enable FaceID lock in ente Auth",
  "faq_a_5": "You can enable FaceID lock under Settings → Security → Lockscreen.",
  "somethingWentWrongMessage": "Something went wrong, please try again",
-
  "leaveFamily": "Leave family",
  "leaveFamilyMessage": "Are you sure that you want to leave the family plan?",
  "inFamilyPlanMessage": "You are on a family plan!",
@@ -145,6 +144,8 @@
  "enterCodeHint": "Enter the 6-digit code from\nyour authenticator app",
  "lostDeviceTitle": "Lost device?",
  "twoFactorAuthTitle": "Two-factor authentication",
+  "passkeyAuthTitle": "Passkey verification",
+  "verifyPasskey": "Verify passkey",
  "recoverAccount": "Recover account",
  "enterRecoveryKeyHint": "Enter your recovery key",
  "recover": "Recover",
@@ -337,10 +338,10 @@
  "offlineModeWarning": "You have chosen to proceed without backups. Please take manual backups to make sure your codes are safe.",
  "showLargeIcons": "Show large icons",
  "shouldHideCode": "Hide codes",
-  "doubleTapToViewHiddenCode" : "You can double tap on an entry to view code",
+  "doubleTapToViewHiddenCode": "You can double tap on an entry to view code",
  "focusOnSearchBar": "Focus search on app start",
  "confirmUpdatingkey": "Are you sure you want to update the secret key?",
-  "minimizeAppOnCopy":  "Minimize app on copy",
+  "minimizeAppOnCopy": "Minimize app on copy",
  "editCodeAuthMessage": "Authenticate to edit code",
  "deleteCodeAuthMessage": "Authenticate to delete code",
  "showQRAuthMessage": "Authenticate to show QR code",
@@ -405,5 +406,15 @@
  "signOutOtherDevices": "Sign out other devices",
  "doNotSignOut": "Do not sign out",
  "hearUsWhereTitle": "How did you hear about Ente? (optional)",
-  "hearUsExplanation": "We don't track app installs. It'd help if you told us where you found us!"
-}
+  "hearUsExplanation": "We don't track app installs. It'd help if you told us where you found us!",
+  "waitingForBrowserRequest": "Waiting for browser request...",
+  "waitingForVerification": "Waiting for verification...",
+  "passkey": "Passkey",
+  "developerSettingsWarning":"Are you sure that you want to modify Developer settings?",
+  "developerSettings": "Developer settings",
+  "serverEndpoint": "Server endpoint",
+  "invalidEndpoint": "Invalid endpoint",
+  "invalidEndpointMessage": "Sorry, the endpoint you entered is invalid. Please enter a valid endpoint and try again.",
+  "endpointUpdatedMessage": "Endpoint updated successfully",
+  "customEndpoint": "Connected to {endpoint}"
+}
--- a/auth/lib/l10n/arb/app_sv.arb
+++ b/auth/lib/l10n/arb/app_sv.arb
@@ -59,6 +59,12 @@
  "recreatePassword": "Återskapa lösenord",
  "useRecoveryKey": "Använd återställningsnyckel",
  "incorrectPasswordTitle": "Felaktigt lösenord",
+  "welcomeBack": "Välkommen tillbaka!",
+  "changePassword": "Ändra lösenord",
+  "cancel": "Avbryt",
+  "yes": "Ja",
+  "no": "Nej",
+  "settings": "Inställningar",
  "pleaseTryAgain": "Försök igen",
  "existingUser": "Befintlig användare",
  "delete": "Radera",
@@ -68,9 +74,23 @@
  "suggestFeatures": "Föreslå funktionalitet",
  "faq": "FAQ",
  "faq_q_1": "Hur säkert är ente Auth?",
+  "scan": "Skanna",
+  "twoFactorAuthTitle": "Tvåfaktorsautentisering",
+  "enterRecoveryKeyHint": "Ange din återställningsnyckel",
+  "noRecoveryKeyTitle": "Ingen återställningsnyckel?",
+  "enterEmailHint": "Ange din e-postadress",
+  "invalidEmailTitle": "Ogiltig e-postadress",
+  "invalidEmailMessage": "Ange en giltig e-postadress.",
+  "deleteAccount": "Radera konto",
+  "yesSendFeedbackAction": "Ja, skicka feedback",
+  "noDeleteAccountAction": "Nej, radera konto",
+  "createNewAccount": "Skapa nytt konto",
  "weakStrength": "Svag",
  "strongStrength": "Stark",
  "moderateStrength": "Måttligt",
+  "confirmPassword": "Bekräfta lösenord",
+  "close": "Stäng",
+  "language": "Språk",
  "searchHint": "Sök...",
  "search": "Sök",
  "sorryUnableToGenCode": "Tyvärr, det gick inte att generera en kod för {issuerName}",
@@ -83,5 +103,45 @@
  "copiedNextToClipboard": "Kopierade nästa kod till urklipp",
  "error": "Fel",
  "recoveryKeyCopiedToClipboard": "Återställningsnyckel kopierad till urklipp",
-  "recoveryKeyOnForgotPassword": "Om du glömmer ditt lösenord är det enda sättet du kan återställa dina data med denna nyckel."
+  "recoveryKeyOnForgotPassword": "Om du glömmer ditt lösenord är det enda sättet du kan återställa dina data med denna nyckel.",
+  "saveKey": "Spara nyckel",
+  "back": "Tillbaka",
+  "createAccount": "Skapa konto",
+  "password": "Lösenord",
+  "privacyPolicyTitle": "Integritetspolicy",
+  "termsOfServicesTitle": "Villkor",
+  "encryption": "Kryptering",
+  "changePasswordTitle": "Ändra lösenord",
+  "resetPasswordTitle": "Återställ lösenord",
+  "encryptionKeys": "Krypteringsnycklar",
+  "continueLabel": "Fortsätt",
+  "logInLabel": "Logga in",
+  "logout": "Logga ut",
+  "areYouSureYouWantToLogout": "Är du säker på att du vill logga ut?",
+  "yesLogout": "Ja, logga ut",
+  "invalidKey": "Ogiltig nyckel",
+  "tryAgain": "Försök igen",
+  "viewRecoveryKey": "Visa återställningsnyckel",
+  "confirmRecoveryKey": "Bekräfta återställningsnyckel",
+  "confirmYourRecoveryKey": "Bekräfta din återställningsnyckel",
+  "confirm": "Bekräfta",
+  "copyEmailAddress": "Kopiera e-postadress",
+  "exportLogs": "Exportera loggar",
+  "enterYourRecoveryKey": "Ange din återställningsnyckel",
+  "about": "Om",
+  "terms": "Villkor",
+  "warning": "Varning",
+  "pendingSyncs": "Varning",
+  "activeSessions": "Aktiva sessioner",
+  "enterPassword": "Ange lösenord",
+  "export": "Exportera",
+  "singIn": "Logga in",
+  "androidCancelButton": "Avbryt",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "iOSOkButton": "OK",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  }
 }
--- a/auth/lib/l10n/arb/app_zh.arb
+++ b/auth/lib/l10n/arb/app_zh.arb
@@ -144,6 +144,7 @@
  "enterCodeHint": "从你的身份验证器应用中\n输入6位数字代码",
  "lostDeviceTitle": "丢失了设备吗？",
  "twoFactorAuthTitle": "双因素认证",
+  "passkeyAuthTitle": "通行密钥认证",
  "recoverAccount": "恢复账户",
  "enterRecoveryKeyHint": "输入您的恢复密钥",
  "recover": "恢复",
@@ -404,5 +405,8 @@
  "signOutOtherDevices": "登出其他设备",
  "doNotSignOut": "不要退登",
  "hearUsWhereTitle": "您是如何知道Ente的？ （可选的）",
-  "hearUsExplanation": "我们不跟踪应用程序安装情况。如果您告诉我们您是在哪里找到我们的，将会有所帮助！"
+  "hearUsExplanation": "我们不跟踪应用程序安装情况。如果您告诉我们您是在哪里找到我们的，将会有所帮助！",
+  "waitingForBrowserRequest": "正在等待浏览器请求...",
+  "launchPasskeyUrlAgain": "再次启动 通行密钥 URL",
+  "passkey": "通行密钥"
 }
--- a/auth/lib/main.dart
+++ b/auth/lib/main.dart
@@ -1,3 +1,6 @@
+import 'dart:async';
+import 'dart:io';
+
 import 'package:adaptive_theme/adaptive_theme.dart';
 import 'package:computer/computer.dart';
 import "package:ente_auth/app/view/app.dart";
@@ -33,7 +36,9 @@ void main() async {
  WidgetsFlutterBinding.ensureInitialized();
  await _runInForeground();
  await _setupPrivacyScreen();
-  FlutterDisplayMode.setHighRefreshRate();
+  if (Platform.isAndroid) {
+    FlutterDisplayMode.setHighRefreshRate().ignore();
+  }
 }

 Future<void> _runInForeground() async {
@@ -42,7 +47,7 @@ Future<void> _runInForeground() async {
    _logger.info("Starting app in foreground");
    await _init(false, via: 'mainMethod');
    final Locale locale = await getLocale();
-    UpdateService.instance.showUpdateNotification();
+    unawaited(UpdateService.instance.showUpdateNotification());
    runApp(
      AppLock(
        builder: (args) => App(locale: locale),
@@ -79,7 +84,7 @@ Future _runWithLogs(Function() function, {String prefix = ""}) async {

 Future<void> _init(bool bool, {String? via}) async {
  // Start workers asynchronously. No need to wait for them to start
-  Computer.shared().turnOn(workersCount: 4, verbose: kDebugMode);
+  Computer.shared().turnOn(workersCount: 4, verbose: kDebugMode).ignore();
  CryptoUtil.init();
  await PreferenceService.instance.init();
  await CodeStore.instance.init();
--- a/auth/lib/models/account/two_factor.dart
+++ b/auth/lib/models/account/two_factor.dart
@@ -0,0 +1,13 @@
+enum TwoFactorType { totp, passkey }
+
+// ToString for TwoFactorType
+String twoFactorTypeToString(TwoFactorType type) {
+  switch (type) {
+    case TwoFactorType.totp:
+      return "totp";
+    case TwoFactorType.passkey:
+      return "passkey";
+    default:
+      return type.name;
+  }
+}
--- a/auth/lib/onboarding/view/onboarding_page.dart
+++ b/auth/lib/onboarding/view/onboarding_page.dart
@@ -17,6 +17,8 @@ import 'package:ente_auth/ui/common/gradient_button.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
 import 'package:ente_auth/ui/components/models/button_result.dart';
 import 'package:ente_auth/ui/home_page.dart';
+import 'package:ente_auth/ui/settings/developer_settings_page.dart';
+import 'package:ente_auth/ui/settings/developer_settings_widget.dart';
 import 'package:ente_auth/ui/settings/language_picker.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
@@ -33,8 +35,12 @@ class OnboardingPage extends StatefulWidget {
 }

 class _OnboardingPageState extends State<OnboardingPage> {
+  static const kDeveloperModeTapCountThreshold = 7;
+
  late StreamSubscription<TriggerLogoutEvent> _triggerLogoutEvent;

+  int _developerModeTapCount = 0;
+
  @override
  void initState() {
    _triggerLogoutEvent =
@@ -56,114 +62,143 @@ class _OnboardingPageState extends State<OnboardingPage> {
    final l10n = context.l10n;
    return Scaffold(
      body: SafeArea(
-        child: Center(
-          child: SingleChildScrollView(
-            child: Padding(
-              padding:
-                  const EdgeInsets.symmetric(vertical: 40.0, horizontal: 40),
-              child: Column(
-                children: [
-                  Column(
-                    children: [
-                      kDebugMode
-                          ? GestureDetector(
-                              child: const Align(
-                                alignment: Alignment.topRight,
-                                child: Text("Lang"),
-                              ),
-                              onTap: () async {
-                                final locale = await getLocale();
-                                routeToPage(
-                                  context,
-                                  LanguageSelectorPage(
-                                    appSupportedLocales,
-                                    (locale) async {
-                                      await setLocale(locale);
-                                      App.setLocale(context, locale);
-                                    },
-                                    locale,
+        child: GestureDetector(
+          onTap: () async {
+            _developerModeTapCount++;
+            if (_developerModeTapCount >= kDeveloperModeTapCountThreshold) {
+              _developerModeTapCount = 0;
+              final result = await showChoiceDialog(
+                context,
+                title: l10n.developerSettings,
+                firstButtonLabel: l10n.yes,
+                body: l10n.developerSettingsWarning,
+                isDismissible: false,
+              );
+              if (result?.action == ButtonAction.first) {
+                await Navigator.of(context).push(
+                  MaterialPageRoute(
+                    builder: (BuildContext context) {
+                      return const DeveloperSettingsPage();
+                    },
+                  ),
+                );
+                setState(() {});
+              }
+            }
+          },
+          child: Center(
+            child: SingleChildScrollView(
+              child: Padding(
+                padding:
+                    const EdgeInsets.symmetric(vertical: 40.0, horizontal: 40),
+                child: Column(
+                  children: [
+                    Column(
+                      children: [
+                        kDebugMode
+                            ? GestureDetector(
+                                child: const Align(
+                                  alignment: Alignment.topRight,
+                                  child: Text("Lang"),
+                                ),
+                                onTap: () async {
+                                  final locale = await getLocale();
+                                  // ignore: unawaited_futures
+                                  routeToPage(
+                                    context,
+                                    LanguageSelectorPage(
+                                      appSupportedLocales,
+                                      (locale) async {
+                                        await setLocale(locale);
+                                        App.setLocale(context, locale);
+                                      },
+                                      locale,
+                                    ),
+                                  ).then((value) {
+                                    setState(() {});
+                                  });
+                                },
+                              )
+                            : const SizedBox(),
+                        Image.asset(
+                          "assets/sheild-front-gradient.png",
+                          width: 200,
+                          height: 200,
+                        ),
+                        const SizedBox(height: 12),
+                        const Text(
+                          "ente",
+                          style: TextStyle(
+                            fontWeight: FontWeight.bold,
+                            fontFamily: 'Montserrat',
+                            fontSize: 42,
+                          ),
+                        ),
+                        const SizedBox(height: 4),
+                        Text(
+                          "Authenticator",
+                          style: Theme.of(context).textTheme.headlineMedium,
+                        ),
+                        const SizedBox(height: 32),
+                        Text(
+                          l10n.onBoardingBody,
+                          textAlign: TextAlign.center,
+                          style:
+                              Theme.of(context).textTheme.titleLarge!.copyWith(
+                                    color: Colors.white38,
                                  ),
-                                ).then((value) {
-                                  setState(() {});
-                                });
-                              },
-                            )
-                          : const SizedBox(),
-                      Image.asset(
-                        "assets/sheild-front-gradient.png",
-                        width: 200,
-                        height: 200,
-                      ),
-                      const SizedBox(height: 12),
-                      const Text(
-                        "ente",
-                        style: TextStyle(
-                          fontWeight: FontWeight.bold,
-                          fontFamily: 'Montserrat',
-                          fontSize: 42,
                        ),
+                      ],
+                    ),
+                    const SizedBox(height: 100),
+                    Container(
+                      width: double.infinity,
+                      padding: const EdgeInsets.symmetric(horizontal: 20),
+                      child: GradientButton(
+                        onTap: _navigateToSignUpPage,
+                        text: l10n.newUser,
                      ),
-                      const SizedBox(height: 4),
-                      Text(
-                        "Authenticator",
-                        style: Theme.of(context).textTheme.headlineMedium,
-                      ),
-                      const SizedBox(height: 32),
-                      Text(
-                        l10n.onBoardingBody,
-                        textAlign: TextAlign.center,
-                        style: Theme.of(context).textTheme.titleLarge!.copyWith(
-                              color: Colors.white38,
+                    ),
+                    const SizedBox(height: 4),
+                    Container(
+                      width: double.infinity,
+                      padding: const EdgeInsets.fromLTRB(20, 12, 20, 0),
+                      child: Hero(
+                        tag: "log_in",
+                        child: ElevatedButton(
+                          style: Theme.of(context)
+                              .colorScheme
+                              .optionalActionButtonStyle,
+                          onPressed: _navigateToSignInPage,
+                          child: Text(
+                            l10n.existingUser,
+                            style: const TextStyle(
+                              color: Colors.black, // same for both themes
                            ),
-                      ),
-                    ],
-                  ),
-                  const SizedBox(height: 100),
-                  Container(
-                    width: double.infinity,
-                    padding: const EdgeInsets.symmetric(horizontal: 20),
-                    child: GradientButton(
-                      onTap: _navigateToSignUpPage,
-                      text: l10n.newUser,
-                    ),
-                  ),
-                  const SizedBox(height: 4),
-                  Container(
-                    width: double.infinity,
-                    padding: const EdgeInsets.fromLTRB(20, 12, 20, 0),
-                    child: Hero(
-                      tag: "log_in",
-                      child: ElevatedButton(
-                        style: Theme.of(context)
-                            .colorScheme
-                            .optionalActionButtonStyle,
-                        onPressed: _navigateToSignInPage,
-                        child: Text(
-                          l10n.existingUser,
-                          style: const TextStyle(
-                            color: Colors.black, // same for both themes
                          ),
                        ),
                      ),
                    ),
-                  ),
-                  const SizedBox(height: 4),
-                  Container(
-                    width: double.infinity,
-                    padding: const EdgeInsets.only(top: 20, bottom: 20),
-                    child: GestureDetector(
-                      onTap: _optForOfflineMode,
-                      child: Center(
-                        child: Text(
-                          l10n.useOffline,
-                          style: body.copyWith(
-                            color: Theme.of(context).colorScheme.mutedTextColor,
+                    const SizedBox(height: 4),
+                    Container(
+                      width: double.infinity,
+                      padding: const EdgeInsets.only(top: 20, bottom: 20),
+                      child: GestureDetector(
+                        onTap: _optForOfflineMode,
+                        child: Center(
+                          child: Text(
+                            l10n.useOffline,
+                            style: body.copyWith(
+                              color:
+                                  Theme.of(context).colorScheme.mutedTextColor,
+                            ),
                          ),
                        ),
                      ),
                    ),
-                  ),
-                ],
+                    const DeveloperSettingsWidget(),
+                  ],
+                ),
              ),
            ),
          ),
@@ -194,6 +229,7 @@ class _OnboardingPageState extends State<OnboardingPage> {
    }
    if (hasOptedBefore || result?.action == ButtonAction.first) {
      await Configuration.instance.optForOfflineMode();
+      // ignore: unawaited_futures
      Navigator.of(context).push(
        MaterialPageRoute(
          builder: (BuildContext context) {
--- a/auth/lib/services/auth_feature_flag.dart
+++ b/auth/lib/services/auth_feature_flag.dart
@@ -0,0 +1,23 @@
+import 'package:ente_auth/core/configuration.dart';
+import 'package:flutter/foundation.dart';
+
+class FeatureFlagService {
+  FeatureFlagService._privateConstructor();
+  static final FeatureFlagService instance =
+      FeatureFlagService._privateConstructor();
+
+  static final _internalUserIDs = const String.fromEnvironment(
+    "internal_user_ids",
+    defaultValue: "1,2,3,4,191,125,1580559962388044,1580559962392434,10000025",
+  ).split(",").map((element) {
+    return int.parse(element);
+  }).toSet();
+
+  bool isInternalUserOrDebugBuild() {
+    final String? email = Configuration.instance.getEmail();
+    final userID = Configuration.instance.getUserID();
+    return (email != null && email.endsWith("@ente.io")) ||
+        _internalUserIDs.contains(userID) ||
+        kDebugMode;
+  }
+}
--- a/auth/lib/services/authenticator_service.dart
+++ b/auth/lib/services/authenticator_service.dart
@@ -5,7 +5,6 @@ import 'dart:math';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/errors.dart';
 import 'package:ente_auth/core/event_bus.dart';
-import 'package:ente_auth/core/network.dart';
 import 'package:ente_auth/events/codes_updated_event.dart';
 import 'package:ente_auth/events/signed_in_event.dart';
 import 'package:ente_auth/events/trigger_logout_event.dart';
@@ -26,6 +25,7 @@ enum AccountMode {
  online,
  offline,
 }
+
 extension on AccountMode {
  bool get isOnline => this == AccountMode.online;
  bool get isOffline => this == AccountMode.offline;
@@ -56,7 +56,7 @@ class AuthenticatorService {
    _prefs = await SharedPreferences.getInstance();
    _db = AuthenticatorDB.instance;
    _offlineDb = OfflineAuthenticatorDB.instance;
-    _gateway = AuthenticatorGateway(Network.instance.getDio(), _config);
+    _gateway = AuthenticatorGateway();
    if (Configuration.instance.hasConfiguredAccount()) {
      unawaited(onlineSync());
    }
@@ -154,7 +154,7 @@ class AuthenticatorService {
    } else {
      debugPrint("Skipping delete since account mode is offline");
    }
-    if(accountMode.isOnline) {
+    if (accountMode.isOnline) {
      await _db.deleteByIDs(generatedIDs: [genID]);
    } else {
      await _offlineDb.deleteByIDs(generatedIDs: [genID]);
@@ -163,7 +163,7 @@ class AuthenticatorService {

  Future<bool> onlineSync() async {
    try {
-      if(getAccountMode().isOffline) {
+      if (getAccountMode().isOffline) {
        debugPrint("Skipping sync since account mode is offline");
        return false;
      }
@@ -208,7 +208,7 @@ class AuthenticatorService {
    if (deletedIDs.isNotEmpty) {
      await _db.deleteByIDs(ids: deletedIDs);
    }
-    _prefs.setInt(_lastEntitySyncTime, maxSyncTime);
+    await _prefs.setInt(_lastEntitySyncTime, maxSyncTime);
    _logger.info("Setting synctime to " + maxSyncTime.toString());
    if (result.length == fetchLimit) {
      _logger.info("Diff limit reached, pulling again");
@@ -253,7 +253,7 @@ class AuthenticatorService {
  }

  Future<Uint8List> getOrCreateAuthDataKey(AccountMode mode) async {
-    if(mode.isOffline) {
+    if (mode.isOffline) {
      return _config.getOfflineSecretKey()!;
    }
    if (_config.getAuthSecretKey() != null) {
--- a/auth/lib/services/local_authentication_service.dart
+++ b/auth/lib/services/local_authentication_service.dart
@@ -54,6 +54,7 @@ class LocalAuthenticationService {
            .setEnabled(Configuration.instance.shouldShowLockScreen());
      }
    } else {
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        errorDialogTitle,
--- a/auth/lib/services/notification_service.dart
+++ b/auth/lib/services/notification_service.dart
@@ -27,6 +27,7 @@ class NotificationService {
        _flutterLocalNotificationsPlugin.resolvePlatformSpecificImplementation<
            AndroidFlutterLocalNotificationsPlugin>();
    if (implementation != null) {
+      // ignore: unawaited_futures
      implementation.requestPermission();
    }
  }
--- a/auth/lib/services/passkey_service.dart
+++ b/auth/lib/services/passkey_service.dart
@@ -0,0 +1,55 @@
+import 'package:ente_auth/core/network.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:flutter/widgets.dart';
+import 'package:logging/logging.dart';
+import 'package:url_launcher/url_launcher_string.dart';
+
+class PasskeyService {
+  PasskeyService._privateConstructor();
+  static final PasskeyService instance = PasskeyService._privateConstructor();
+
+  final _enteDio = Network.instance.enteDio;
+
+  Future<String> getJwtToken() async {
+    final response = await _enteDio.get(
+      "/users/accounts-token",
+    );
+    return response.data!["accountsToken"] as String;
+  }
+
+  Future<bool> isPasskeyRecoveryEnabled() async {
+    final response = await _enteDio.get(
+      "/users/two-factor/recovery-status",
+    );
+    return response.data!["isPasskeyRecoveryEnabled"] as bool;
+  }
+
+  Future<void> configurePasskeyRecovery(
+    String secret,
+    String userEncryptedSecret,
+    String userSecretNonce,
+  ) async {
+    await _enteDio.post(
+      "/users/two-factor/passkeys/configure-recovery",
+      data: {
+        "secret": secret,
+        "userSecretCipher": userEncryptedSecret,
+        "userSecretNonce": userSecretNonce,
+      },
+    );
+  }
+
+  Future<void> openPasskeyPage(BuildContext context) async {
+    try {
+      final jwtToken = await getJwtToken();
+      final url = "https://accounts.ente.io/account-handoff?token=$jwtToken";
+      await launchUrlString(
+        url,
+        mode: LaunchMode.externalApplication,
+      );
+    } catch (e) {
+      Logger('PasskeyService').severe("failed to open passkey page", e);
+      showGenericErrorDialog(context: context).ignore();
+    }
+  }
+}
--- a/auth/lib/services/update_service.dart
+++ b/auth/lib/services/update_service.dart
@@ -1,3 +1,4 @@
+import 'dart:async';
 import 'dart:io';

 import 'package:ente_auth/core/constants.dart';
@@ -70,9 +71,11 @@ class UpdateService {
    if (shouldUpdate &&
        hasBeen3DaysSinceLastNotification &&
        _latestVersion!.shouldNotify!) {
-      NotificationService.instance.showNotification(
-        "Update available",
-        "Click to install our best version yet",
+      unawaited(
+        NotificationService.instance.showNotification(
+          "Update available",
+          "Click to install our best version yet",
+        ),
      );
      await _prefs.setInt(kUpdateAvailableShownTimeKey, now);
    } else {
--- a/auth/lib/services/user_service.dart
+++ b/auth/lib/services/user_service.dart
@@ -11,6 +11,7 @@ import 'package:ente_auth/core/event_bus.dart';
 import 'package:ente_auth/core/network.dart';
 import 'package:ente_auth/events/user_details_changed_event.dart';
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/account/two_factor.dart';
 import 'package:ente_auth/models/api/user/srp.dart';
 import 'package:ente_auth/models/delete_account.dart';
 import 'package:ente_auth/models/key_attributes.dart';
@@ -26,6 +27,7 @@ import 'package:ente_auth/ui/account/password_reentry_page.dart';
 import 'package:ente_auth/ui/account/recovery_page.dart';
 import 'package:ente_auth/ui/common/progress_dialog.dart';
 import 'package:ente_auth/ui/home_page.dart';
+import 'package:ente_auth/ui/passkey_page.dart';
 import 'package:ente_auth/ui/two_factor_authentication_page.dart';
 import 'package:ente_auth/ui/two_factor_recovery_page.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
@@ -146,18 +148,18 @@ class UserService {
      final userDetails = UserDetails.fromMap(response.data);
      if (shouldCache) {
        if (userDetails.profileData != null) {
-          _preferences.setBool(
+          await _preferences.setBool(
            kIsEmailMFAEnabled,
            userDetails.profileData!.isEmailMFAEnabled,
          );
-          _preferences.setBool(
+          await _preferences.setBool(
            kCanDisableEmailMFA,
            userDetails.profileData!.canDisableEmailMFA,
          );
        }
        // handle email change from different client
        if (userDetails.email != _config.getEmail()) {
-          setEmail(userDetails.email);
+          await setEmail(userDetails.email);
        }
      }
      return userDetails;
@@ -264,6 +266,34 @@ class UserService {
    }
  }

+  Future<void> onPassKeyVerified(BuildContext context, Map response) async {
+    final userPassword = Configuration.instance.getVolatilePassword();
+    if (userPassword == null) throw Exception("volatile password is null");
+
+    await _saveConfiguration(response);
+
+    Widget page;
+    if (Configuration.instance.getEncryptedToken() != null) {
+      await Configuration.instance.decryptSecretsAndGetKeyEncKey(
+        userPassword,
+        Configuration.instance.getKeyAttributes()!,
+      );
+      page = const HomePage();
+    } else {
+      throw Exception("unexpected response during passkey verification");
+    }
+
+    // ignore: unawaited_futures
+    Navigator.of(context).pushAndRemoveUntil(
+      MaterialPageRoute(
+        builder: (BuildContext context) {
+          return page;
+        },
+      ),
+      (route) => route.isFirst,
+    );
+  }
+
  Future<void> verifyEmail(
    BuildContext context,
    String ott, {
@@ -303,6 +333,7 @@ class UserService {
            );
          }
        }
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
@@ -326,6 +357,7 @@ class UserService {
        );
        Navigator.of(context).pop();
      } else {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.incorrectCode,
@@ -335,6 +367,7 @@ class UserService {
    } catch (e) {
      await dialog.hide();
      _logger.severe(e);
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -371,6 +404,7 @@ class UserService {
        Bus.instance.fire(UserDetailsChangedEvent());
        return;
      }
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -379,12 +413,14 @@ class UserService {
    } on DioError catch (e) {
      await dialog.hide();
      if (e.response != null && e.response!.statusCode == 403) {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.oops,
          context.l10n.thisEmailIsAlreadyInUse,
        );
      } else {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.incorrectCode,
@@ -394,6 +430,7 @@ class UserService {
    } catch (e) {
      await dialog.hide();
      _logger.severe(e);
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -487,9 +524,9 @@ class UserService {
        final clientS = client.calculateSecret(serverB);
        final clientM = client.calculateClientEvidenceMessage();
        // ignore: unused_local_variable
-        late Response srpCompleteResponse;
+        late Response _;
        if (setKeysRequest == null) {
-          srpCompleteResponse = await _enteDio.post(
+          _ = await _enteDio.post(
            "/users/srp/complete",
            data: {
              'setupID': setupSRPResponse.setupID,
@@ -497,7 +534,7 @@ class UserService {
            },
          );
        } else {
-          srpCompleteResponse = await _enteDio.post(
+          _ = await _enteDio.post(
            "/users/srp/update",
            data: {
              'setupID': setupSRPResponse.setupID,
@@ -581,11 +618,15 @@ class UserService {
      },
    );
    if (response.statusCode == 200) {
-      Widget page;
+      Widget? page;
+      final String passkeySessionID = response.data["passkeySessionID"];
      final String twoFASessionID = response.data["twoFactorSessionID"];
      Configuration.instance.setVolatilePassword(userPassword);
+
      if (twoFASessionID.isNotEmpty) {
        page = TwoFactorAuthenticationPage(twoFASessionID);
+      } else if (passkeySessionID.isNotEmpty) {
+        page = PasskeyPage(passkeySessionID);
      } else {
        await _saveConfiguration(response);
        if (Configuration.instance.getEncryptedToken() != null) {
@@ -600,10 +641,11 @@ class UserService {
        }
      }
      await dialog.hide();
+      // ignore: unawaited_futures
      Navigator.of(context).pushAndRemoveUntil(
        MaterialPageRoute(
          builder: (BuildContext context) {
-            return page;
+            return page!;
          },
        ),
        (route) => route.isFirst,
@@ -677,6 +719,7 @@ class UserService {
      if (response.statusCode == 200) {
        showShortToast(context, context.l10n.authenticationSuccessful);
        await _saveConfiguration(response);
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
@@ -691,6 +734,7 @@ class UserService {
      _logger.severe(e);
      if (e.response != null && e.response!.statusCode == 404) {
        showToast(context, "Session expired");
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
@@ -700,6 +744,7 @@ class UserService {
          (route) => route.isFirst,
        );
      } else {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.incorrectCode,
@@ -709,6 +754,7 @@ class UserService {
    } catch (e) {
      await dialog.hide();
      _logger.severe(e);
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -717,7 +763,11 @@ class UserService {
    }
  }

-  Future<void> recoverTwoFactor(BuildContext context, String sessionID) async {
+  Future<void> recoverTwoFactor(
+    BuildContext context,
+    String sessionID,
+    TwoFactorType type,
+  ) async {
    final dialog = createProgressDialog(context, context.l10n.pleaseWait);
    await dialog.show();
    try {
@@ -725,13 +775,16 @@ class UserService {
        _config.getHttpEndpoint() + "/users/two-factor/recover",
        queryParameters: {
          "sessionID": sessionID,
+          "twoFactorType": twoFactorTypeToString(type),
        },
      );
      if (response.statusCode == 200) {
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
              return TwoFactorRecoveryPage(
+                type,
                sessionID,
                response.data["encryptedSecret"],
                response.data["secretDecryptionNonce"],
@@ -742,9 +795,11 @@ class UserService {
        );
      }
    } on DioError catch (e) {
+      await dialog.hide();
      _logger.severe(e);
      if (e.response != null && e.response!.statusCode == 404) {
        showToast(context, context.l10n.sessionExpired);
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
@@ -754,6 +809,7 @@ class UserService {
          (route) => route.isFirst,
        );
      } else {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.oops,
@@ -761,7 +817,9 @@ class UserService {
        );
      }
    } catch (e) {
+      await dialog.hide();
      _logger.severe(e);
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -774,6 +832,7 @@ class UserService {

  Future<void> removeTwoFactor(
    BuildContext context,
+    TwoFactorType type,
    String sessionID,
    String recoveryKey,
    String encryptedSecret,
@@ -813,6 +872,7 @@ class UserService {
        data: {
          "sessionID": sessionID,
          "secret": secret,
+          "twoFactorType": twoFactorTypeToString(type),
        },
      );
      if (response.statusCode == 200) {
@@ -821,6 +881,7 @@ class UserService {
          context.l10n.twofactorAuthenticationSuccessfullyReset,
        );
        await _saveConfiguration(response);
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
@@ -831,9 +892,11 @@ class UserService {
        );
      }
    } on DioError catch (e) {
+      await dialog.hide();
      _logger.severe(e);
      if (e.response != null && e.response!.statusCode == 404) {
        showToast(context, "Session expired");
+        // ignore: unawaited_futures
        Navigator.of(context).pushAndRemoveUntil(
          MaterialPageRoute(
            builder: (BuildContext context) {
@@ -843,6 +906,7 @@ class UserService {
          (route) => route.isFirst,
        );
      } else {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.oops,
@@ -850,7 +914,9 @@ class UserService {
        );
      }
    } catch (e) {
+      await dialog.hide();
      _logger.severe(e);
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -861,16 +927,19 @@ class UserService {
    }
  }

-  Future<void> _saveConfiguration(Response response) async {
-    await Configuration.instance.setUserID(response.data["id"]);
-    if (response.data["encryptedToken"] != null) {
+  Future<void> _saveConfiguration(dynamic response) async {
+    final responseData = response is Map ? response : response.data as Map?;
+    if (responseData == null) return;
+
+    await Configuration.instance.setUserID(responseData["id"]);
+    if (responseData["encryptedToken"] != null) {
      await Configuration.instance
-          .setEncryptedToken(response.data["encryptedToken"]);
+          .setEncryptedToken(responseData["encryptedToken"]);
      await Configuration.instance.setKeyAttributes(
-        KeyAttributes.fromMap(response.data["keyAttributes"]),
+        KeyAttributes.fromMap(responseData["keyAttributes"]),
      );
    } else {
-      await Configuration.instance.setToken(response.data["token"]);
+      await Configuration.instance.setToken(responseData["token"]);
    }
  }

@@ -890,7 +959,7 @@ class UserService {
          "isEnabled": isEnabled,
        },
      );
-      _preferences.setBool(kIsEmailMFAEnabled, isEnabled);
+      await _preferences.setBool(kIsEmailMFAEnabled, isEnabled);
    } catch (e) {
      _logger.severe("Failed to update email mfa", e);
      rethrow;
--- a/auth/lib/store/offline_authenticator_db.dart
+++ b/auth/lib/store/offline_authenticator_db.dart
@@ -15,7 +15,8 @@ class OfflineAuthenticatorDB {
  static const entityTable = 'entities';

  OfflineAuthenticatorDB._privateConstructor();
-  static final OfflineAuthenticatorDB instance = OfflineAuthenticatorDB._privateConstructor();
+  static final OfflineAuthenticatorDB instance =
+      OfflineAuthenticatorDB._privateConstructor();

  static Future<Database>? _dbFuture;

@@ -26,7 +27,7 @@ class OfflineAuthenticatorDB {

  Future<Database> _initDatabase() async {
    final Directory documentsDirectory =
-    await getApplicationDocumentsDirectory();
+        await getApplicationDocumentsDirectory();
    final String path = join(documentsDirectory.path, _databaseName);
    debugPrint(path);
    return await openDatabase(
@@ -70,10 +71,10 @@ class OfflineAuthenticatorDB {
  }

  Future<int> updateEntry(
-      int generatedID,
-      String encData,
-      String header,
-      ) async {
+    int generatedID,
+    String encData,
+    String header,
+  ) async {
    final db = await instance.database;
    final int timeInMicroSeconds = DateTime.now().microsecondsSinceEpoch;
    int affectedRows = await db.update(
--- a/auth/lib/store/user_store.dart
+++ b/auth/lib/store/user_store.dart
@@ -7,10 +7,6 @@ class UserStore {
  late SharedPreferences _preferences;

  static final UserStore instance = UserStore._privateConstructor();
-  static const endpoint = String.fromEnvironment(
-    "endpoint",
-    defaultValue: "https://api.ente.io",
-  );

  Future<void> init() async {
    _preferences = await SharedPreferences.getInstance();
--- a/auth/lib/ui/account/delete_account_page.dart
+++ b/auth/lib/ui/account/delete_account_page.dart
@@ -236,7 +236,7 @@ class DeleteAccountPage extends StatelessWidget {
        ),
      ],
    );
-
+    // ignore: unawaited_futures
    showDialog(
      context: context,
      builder: (BuildContext context) {
--- a/auth/lib/ui/account/login_page.dart
+++ b/auth/lib/ui/account/login_page.dart
@@ -61,7 +61,7 @@ class _LoginPageState extends State<LoginPage> {
        isFormValid: _emailIsValid,
        buttonText: context.l10n.logInLabel,
        onPressedFunction: () async {
-          UserService.instance.setEmail(_email!);
+          await UserService.instance.setEmail(_email!);
          Configuration.instance.resetVolatilePassword();
          SrpAttributes? attr;
          bool isEmailVerificationEnabled = true;
@@ -74,6 +74,7 @@ class _LoginPageState extends State<LoginPage> {
            }
          }
          if (attr != null && !isEmailVerificationEnabled) {
+            // ignore: unawaited_futures
            Navigator.of(context).push(
              MaterialPageRoute(
                builder: (BuildContext context) {
--- a/auth/lib/ui/account/logout_dialog.dart
+++ b/auth/lib/ui/account/logout_dialog.dart
@@ -23,6 +23,7 @@ Future<void> autoLogoutAlert(BuildContext context) async {
          int pendingSyncCount =
              await AuthenticatorDB.instance.getNeedSyncCount();
          if (pendingSyncCount > 0) {
+            // ignore: unawaited_futures
            showChoiceActionSheet(
              context,
              title: l10n.pendingSyncs,
--- a/auth/lib/ui/account/password_entry_page.dart
+++ b/auth/lib/ui/account/password_entry_page.dart
@@ -399,6 +399,7 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
    } catch (e, s) {
      _logger.severe(e, s);
      await dialog.hide();
+      // ignore: unawaited_futures
      showGenericErrorDialog(context: context);
    }
  }
@@ -446,6 +447,7 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
          await UserService.instance.setAttributes(result);
          await dialog.hide();
          Configuration.instance.resetVolatilePassword();
+          // ignore: unawaited_futures
          Navigator.of(context).pushAndRemoveUntil(
            MaterialPageRoute(
              builder: (BuildContext context) {
@@ -457,10 +459,11 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
        } catch (e, s) {
          _logger.severe(e, s);
          await dialog.hide();
+          // ignore: unawaited_futures
          showGenericErrorDialog(context: context);
        }
      }
-
+      // ignore: unawaited_futures
      routeToPage(
        context,
        RecoveryKeyPage(
@@ -476,12 +479,14 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
      _logger.severe(e);
      await dialog.hide();
      if (e is UnsupportedError) {
+        // ignore: unawaited_futures
        showErrorDialog(
          context,
          context.l10n.insecureDevice,
          context.l10n.sorryWeCouldNotGenerateSecureKeysOnThisDevicennplease,
        );
      } else {
+        // ignore: unawaited_futures
        showGenericErrorDialog(context: context);
      }
    }
--- a/auth/lib/ui/account/password_reentry_page.dart
+++ b/auth/lib/ui/account/password_reentry_page.dart
@@ -116,6 +116,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
        firstButtonLabel: context.l10n.useRecoveryKey,
      );
      if (dialogChoice!.action == ButtonAction.first) {
+        // ignore: unawaited_futures
        Navigator.of(context).push(
          MaterialPageRoute(
            builder: (BuildContext context) {
--- a/auth/lib/ui/account/recovery_page.dart
+++ b/auth/lib/ui/account/recovery_page.dart
@@ -54,6 +54,7 @@ class _RecoveryPageState extends State<RecoveryPage> {
            await Configuration.instance.recover(_recoveryKey.text.trim());
            await dialog.hide();
            showToast(context, "Recovery successful!");
+            // ignore: unawaited_futures
            Navigator.of(context).pushReplacement(
              MaterialPageRoute(
                builder: (BuildContext context) {
@@ -72,6 +73,7 @@ class _RecoveryPageState extends State<RecoveryPage> {
            if (e is AssertionError) {
              errMessage = '$errMessage : ${e.message}';
            }
+            // ignore: unawaited_futures
            showErrorDialog(context, "Incorrect recovery key", errMessage);
          }
        },
--- a/auth/lib/ui/account/request_pwd_verification_page.dart
+++ b/auth/lib/ui/account/request_pwd_verification_page.dart
@@ -78,7 +78,7 @@ class _RequestPasswordVerificationPageState
        onPressedFunction: () async {
          FocusScope.of(context).unfocus();
          final dialog = createProgressDialog(context, context.l10n.pleaseWait);
-          dialog.show();
+          await dialog.show();
          try {
            final attributes = Configuration.instance.getKeyAttributes()!;
            final Uint8List keyEncryptionKey = await CryptoUtil.deriveKey(
@@ -92,17 +92,18 @@ class _RequestPasswordVerificationPageState
              keyEncryptionKey,
              Sodium.base642bin(attributes.keyDecryptionNonce),
            );
-            dialog.show();
+            await dialog.show();
            // pop
            await widget.onPasswordVerified(keyEncryptionKey);
-            dialog.hide();
+            await dialog.hide();
            Navigator.of(context).pop(true);
          } catch (e, s) {
            _logger.severe("Error while verifying password", e, s);
-            dialog.hide();
+            await dialog.hide();
            if (widget.onPasswordError != null) {
              widget.onPasswordError!();
            } else {
+              // ignore: unawaited_futures
              showErrorDialog(
                context,
                context.l10n.incorrectPasswordTitle,
--- a/auth/lib/ui/account/sessions_page.dart
+++ b/auth/lib/ui/account/sessions_page.dart
@@ -121,6 +121,7 @@ class _SessionsPageState extends State<SessionsPage> {
    } catch (e) {
      await dialog.hide();
      _logger.severe('failed to terminate');
+      // ignore: unawaited_futures
      showErrorDialog(
        context,
        context.l10n.oops,
@@ -184,7 +185,7 @@ class _SessionsPageState extends State<SessionsPage> {
            if (isLoggingOutFromThisDevice) {
              await UserService.instance.logout(context);
            } else {
-              _terminateSession(session);
+              await _terminateSession(session);
            }
          },
        ),
--- a/auth/lib/ui/account/verify_recovery_page.dart
+++ b/auth/lib/ui/account/verify_recovery_page.dart
@@ -92,6 +92,7 @@ class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
      String recoveryKey;
      try {
        recoveryKey = Sodium.bin2hex(Configuration.instance.getRecoveryKey());
+        // ignore: unawaited_futures
        routeToPage(
          context,
          RecoveryKeyPage(
@@ -104,6 +105,7 @@ class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
          ),
        );
      } catch (e) {
+        // ignore: unawaited_futures
        showGenericErrorDialog(context: context);
        return;
      }
--- a/auth/lib/ui/code_widget.dart
+++ b/auth/lib/ui/code_widget.dart
@@ -356,6 +356,7 @@ class _CodeWidgetState extends State<CodeWidget> {
    await FlutterClipboard.copy(content);
    showToast(context, confirmationMessage);
    if (Platform.isAndroid && shouldMinimizeOnCopy) {
+      // ignore: unawaited_futures
      MoveToBackground.moveTaskToBack();
    }
  }
@@ -385,7 +386,7 @@ class _CodeWidgetState extends State<CodeWidget> {
      ),
    );
    if (code != null) {
-      CodeStore.instance.addCode(code);
+      await CodeStore.instance.addCode(code);
    }
  }

--- a/auth/lib/ui/common/progress_dialog.dart
+++ b/auth/lib/ui/common/progress_dialog.dart
@@ -146,6 +146,7 @@ class ProgressDialog {
    try {
      if (!_isShowing) {
        _dialog = _Body();
+        // ignore: unawaited_futures
        showDialog<dynamic>(
          context: _context!,
          barrierDismissible: _barrierDismissible,
--- a/auth/lib/ui/home_page.dart
+++ b/auth/lib/ui/home_page.dart
@@ -120,7 +120,7 @@ class _HomePageState extends State<HomePage> {
      ),
    );
    if (code != null) {
-      CodeStore.instance.addCode(code);
+      await CodeStore.instance.addCode(code);
      // Focus the new code by searching
      if (_codes.length > 2) {
        _focusNewCode(code);
@@ -137,7 +137,7 @@ class _HomePageState extends State<HomePage> {
      ),
    );
    if (code != null) {
-      CodeStore.instance.addCode(code);
+      await CodeStore.instance.addCode(code);
    }
  }

@@ -151,6 +151,7 @@ class _HomePageState extends State<HomePage> {
          return false;
        }
        if (Platform.isAndroid) {
+          // ignore: unawaited_futures
          MoveToBackground.moveTaskToBack();
          return false;
        } else {
--- a/auth/lib/ui/passkey_page.dart
+++ b/auth/lib/ui/passkey_page.dart
@@ -0,0 +1,151 @@
+import 'dart:convert';
+
+import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/account/two_factor.dart';
+import 'package:ente_auth/services/user_service.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+import 'package:uni_links/uni_links.dart';
+import 'package:url_launcher/url_launcher_string.dart';
+
+class PasskeyPage extends StatefulWidget {
+  final String sessionID;
+
+  const PasskeyPage(
+    this.sessionID, {
+    Key? key,
+  }) : super(key: key);
+
+  @override
+  State<PasskeyPage> createState() => _PasskeyPageState();
+}
+
+class _PasskeyPageState extends State<PasskeyPage> {
+  final Logger _logger = Logger("PasskeyPage");
+
+  @override
+  void initState() {
+    launchPasskey();
+    _initDeepLinks();
+    super.initState();
+  }
+
+  @override
+  void dispose() {
+    super.dispose();
+  }
+
+  Future<void> launchPasskey() async {
+    await launchUrlString(
+      "https://accounts.ente.io/passkeys/flow?"
+      "passkeySessionID=${widget.sessionID}"
+      "&redirect=enteauth://passkey",
+      mode: LaunchMode.externalApplication,
+    );
+  }
+
+  Future<void> _handleDeeplink(String? link) async {
+    if (!context.mounted ||
+        Configuration.instance.hasConfiguredAccount() ||
+        link == null) {
+      _logger.warning(
+        'ignored deeplink: contextMounted ${context.mounted} hasConfiguredAccount ${Configuration.instance.hasConfiguredAccount()}',
+      );
+      return;
+    }
+    try {
+      if (mounted && link.toLowerCase().startsWith("enteauth://passkey")) {
+        final String? uri = Uri.parse(link).queryParameters['response'];
+        String base64String = uri!.toString();
+        while (base64String.length % 4 != 0) {
+          base64String += '=';
+        }
+        final res = utf8.decode(base64.decode(base64String));
+        final json = jsonDecode(res) as Map<String, dynamic>;
+        await UserService.instance.onPassKeyVerified(context, json);
+      } else {
+        _logger.info('ignored deeplink: $link mounted $mounted');
+      }
+    } catch (e, s) {
+      _logger.severe('passKey: failed to handle deeplink', e, s);
+      showGenericErrorDialog(context: context).ignore();
+    }
+  }
+
+  Future<bool> _initDeepLinks() async {
+    // Attach a listener to the stream
+    linkStream.listen(
+      _handleDeeplink,
+      onError: (err) {
+        _logger.severe(err);
+      },
+    );
+    return false;
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    final l10n = context.l10n;
+    return Scaffold(
+      appBar: AppBar(
+        title: Text(
+          l10n.passkeyAuthTitle,
+        ),
+      ),
+      body: _getBody(),
+    );
+  }
+
+  Widget _getBody() {
+    return Center(
+      child: Padding(
+        padding: const EdgeInsets.symmetric(horizontal: 32),
+        child: Column(
+          mainAxisAlignment: MainAxisAlignment.center,
+          children: [
+            Text(
+              context.l10n.waitingForVerification,
+              style: const TextStyle(
+                height: 1.4,
+                fontSize: 16,
+              ),
+            ),
+            const SizedBox(height: 16),
+            ButtonWidget(
+              buttonType: ButtonType.primary,
+              labelText: context.l10n.verifyPasskey,
+              onTap: () => launchPasskey(),
+            ),
+            const Padding(padding: EdgeInsets.all(30)),
+            GestureDetector(
+              behavior: HitTestBehavior.opaque,
+              onTap: () {
+                UserService.instance.recoverTwoFactor(
+                  context,
+                  widget.sessionID,
+                  TwoFactorType.passkey,
+                );
+              },
+              child: Container(
+                padding: const EdgeInsets.all(10),
+                child: Center(
+                  child: Text(
+                    context.l10n.recoverAccount,
+                    style: const TextStyle(
+                      decoration: TextDecoration.underline,
+                      fontSize: 12,
+                    ),
+                  ),
+                ),
+              ),
+            ),
+          ],
+        ),
+      ),
+    );
+  }
+}
--- a/auth/lib/ui/settings/about_section_widget.dart
+++ b/auth/lib/ui/settings/about_section_widget.dart
@@ -36,6 +36,7 @@ class AboutSectionWidget extends StatelessWidget {
          trailingIcon: Icons.chevron_right_outlined,
          trailingIconIsMuted: true,
          onTap: () async {
+            // ignore: unawaited_futures
            launchUrl(Uri.parse("https://github.com/ente-io/ente"));
          },
        ),
@@ -68,6 +69,7 @@ class AboutSectionWidget extends StatelessWidget {
                          await UpdateService.instance.shouldUpdate();
                      await dialog.hide();
                      if (shouldUpdate) {
+                        // ignore: unawaited_futures
                        showDialog(
                          context: context,
                          builder: (BuildContext context) {
@@ -115,6 +117,7 @@ class AboutMenuItemWidget extends StatelessWidget {
      trailingIcon: Icons.chevron_right_outlined,
      trailingIconIsMuted: true,
      onTap: () async {
+        // ignore: unawaited_futures
        Navigator.of(context).push(
          MaterialPageRoute(
            builder: (BuildContext context) {
--- a/auth/lib/ui/settings/account_section_widget.dart
+++ b/auth/lib/ui/settings/account_section_widget.dart
@@ -1,5 +1,4 @@
-
-
+import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/services/user_service.dart';
@@ -7,6 +6,7 @@ import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/account/change_email_dialog.dart';
 import 'package:ente_auth/ui/account/delete_account_page.dart';
 import 'package:ente_auth/ui/account/password_entry_page.dart';
+import 'package:ente_auth/ui/account/recovery_key_page.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
 import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
 import 'package:ente_auth/ui/components/menu_item_widget.dart';
@@ -14,6 +14,7 @@ import 'package:ente_auth/ui/settings/common_settings.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';

 class AccountSectionWidget extends StatelessWidget {
  AccountSectionWidget({Key? key}) : super(key: key);
@@ -47,6 +48,7 @@ class AccountSectionWidget extends StatelessWidget {
            l10n.authToChangeYourEmail,
          );
          if (hasAuthenticated) {
+            // ignore: unawaited_futures
            showDialog(
              context: context,
              builder: (BuildContext context) {
@@ -73,6 +75,7 @@ class AccountSectionWidget extends StatelessWidget {
            l10n.authToChangeYourPassword,
          );
          if (hasAuthenticated) {
+            // ignore: unawaited_futures
            Navigator.of(context).push(
              MaterialPageRoute(
                builder: (BuildContext context) {
@@ -86,6 +89,43 @@ class AccountSectionWidget extends StatelessWidget {
        },
      ),
      sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: l10n.recoveryKey,
+        ),
+        pressedColor: getEnteColorScheme(context).fillFaint,
+        trailingIcon: Icons.chevron_right_outlined,
+        trailingIconIsMuted: true,
+        onTap: () async {
+          final hasAuthenticated = await LocalAuthenticationService.instance
+              .requestLocalAuthentication(
+            context,
+            l10n.authToViewYourRecoveryKey,
+          );
+          if (hasAuthenticated) {
+            String recoveryKey;
+            try {
+              recoveryKey =
+                  Sodium.bin2hex(Configuration.instance.getRecoveryKey());
+            } catch (e) {
+              // ignore: unawaited_futures
+              showGenericErrorDialog(context: context);
+              return;
+            }
+            // ignore: unawaited_futures
+            routeToPage(
+              context,
+              RecoveryKeyPage(
+                recoveryKey,
+                l10n.ok,
+                showAppBar: true,
+                onDone: () {},
+              ),
+            );
+          }
+        },
+      ),
+      sectionOptionSpacing,
      MenuItemWidget(
        captionedTextWidget: CaptionedTextWidget(
          title: context.l10n.logout,
@@ -106,6 +146,7 @@ class AccountSectionWidget extends StatelessWidget {
        trailingIcon: Icons.chevron_right_outlined,
        trailingIconIsMuted: true,
        onTap: () async {
+          // ignore: unawaited_futures
          routeToPage(context, const DeleteAccountPage());
        },
      ),
@@ -115,6 +156,7 @@ class AccountSectionWidget extends StatelessWidget {
      children: children,
    );
  }
+
  void _onLogoutTapped(BuildContext context) {
    showChoiceActionSheet(
      context,
--- a/auth/lib/ui/settings/app_update_dialog.dart
+++ b/auth/lib/ui/settings/app_update_dialog.dart
@@ -1,14 +1,7 @@
-import 'dart:io';
-
-import 'package:ente_auth/core/configuration.dart';
-import 'package:ente_auth/core/network.dart';
-import 'package:ente_auth/ente_theme_data.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/update_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:flutter/material.dart';
-import 'package:logging/logging.dart';
-import 'package:open_filex/open_filex.dart';
 import 'package:url_launcher/url_launcher_string.dart';

 class AppUpdateDialog extends StatefulWidget {
@@ -114,115 +107,3 @@ class _AppUpdateDialogState extends State<AppUpdateDialog> {
    );
  }
 }
-
-class ApkDownloaderDialog extends StatefulWidget {
-  final LatestVersionInfo? versionInfo;
-
-  const ApkDownloaderDialog(this.versionInfo, {Key? key}) : super(key: key);
-
-  @override
-  State<ApkDownloaderDialog> createState() => _ApkDownloaderDialogState();
-}
-
-class _ApkDownloaderDialogState extends State<ApkDownloaderDialog> {
-  String? _saveUrl;
-  double? _downloadProgress;
-
-  @override
-  void initState() {
-    super.initState();
-    _saveUrl = Configuration.instance.getTempDirectory() +
-        "ente-" +
-        widget.versionInfo!.name! +
-        ".apk";
-    _downloadApk();
-  }
-
-  @override
-  Widget build(BuildContext context) {
-    return WillPopScope(
-      onWillPop: () async => false,
-      child: AlertDialog(
-        title: const Text(
-          "Downloading...",
-          style: TextStyle(
-            fontSize: 16,
-          ),
-          textAlign: TextAlign.center,
-        ),
-        content: LinearProgressIndicator(
-          value: _downloadProgress,
-          valueColor: AlwaysStoppedAnimation<Color>(
-            Theme.of(context).colorScheme.alternativeColor,
-          ),
-        ),
-      ),
-    );
-  }
-
-  Future<void> _downloadApk() async {
-    try {
-      if (!File(_saveUrl!).existsSync()) {
-        await Network.instance.getDio().download(
-          widget.versionInfo!.url!,
-          _saveUrl,
-          onReceiveProgress: (count, _) {
-            setState(() {
-              _downloadProgress = count / widget.versionInfo!.size!;
-            });
-          },
-        );
-      }
-      Navigator.of(context, rootNavigator: true).pop('dialog');
-      OpenFilex.open(_saveUrl);
-    } catch (e) {
-      Logger("ApkDownloader").severe(e);
-      final AlertDialog alert = AlertDialog(
-        title: const Text("Sorry"),
-        content: const Text("The download could not be completed"),
-        actions: [
-          TextButton(
-            child: const Text(
-              "Ignore",
-              style: TextStyle(
-                color: Colors.white,
-              ),
-            ),
-            onPressed: () {
-              Navigator.of(context, rootNavigator: true).pop('dialog');
-              Navigator.of(context, rootNavigator: true).pop('dialog');
-            },
-          ),
-          TextButton(
-            child: Text(
-              "Retry",
-              style: TextStyle(
-                color: Theme.of(context).colorScheme.alternativeColor,
-              ),
-            ),
-            onPressed: () {
-              Navigator.of(context, rootNavigator: true).pop('dialog');
-              Navigator.of(context, rootNavigator: true).pop('dialog');
-              showDialog(
-                context: context,
-                builder: (BuildContext context) {
-                  return ApkDownloaderDialog(widget.versionInfo);
-                },
-                barrierDismissible: false,
-              );
-            },
-          ),
-        ],
-      );
-
-      showDialog(
-        context: context,
-        builder: (BuildContext context) {
-          return alert;
-        },
-        barrierColor: Colors.black87,
-      );
-      return;
-    }
-  }
-}
--- a/auth/lib/ui/settings/danger_section_widget.dart
+++ b/auth/lib/ui/settings/danger_section_widget.dart
@@ -46,6 +46,7 @@ class DangerSectionWidget extends StatelessWidget {
          trailingIcon: Icons.chevron_right_outlined,
          trailingIconIsMuted: true,
          onTap: () async {
+            // ignore: unawaited_futures
            routeToPage(context, const DeleteAccountPage());
          },
        ),
--- a/auth/lib/ui/settings/data/data_section_widget.dart
+++ b/auth/lib/ui/settings/data/data_section_widget.dart
@@ -1,4 +1,3 @@
-
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
@@ -36,6 +35,7 @@ class DataSectionWidget extends StatelessWidget {
        trailingIcon: Icons.chevron_right_outlined,
        trailingIconIsMuted: true,
        onTap: () async {
+          // ignore: unawaited_futures
          routeToPage(context, ImportCodePage());
        },
      ),
--- a/auth/lib/ui/settings/data/export_widget.dart
+++ b/auth/lib/ui/settings/data/export_widget.dart
@@ -98,7 +98,7 @@ Future<void> _requestForEncryptionPassword(
            ),
          );
          // get json value of data
-          _exportCodes(context, jsonEncode(data.toJson()));
+          await _exportCodes(context, jsonEncode(data.toJson()));
        } catch (e, s) {
          Logger("ExportWidget").severe(e, s);
          showToast(context, "Error while exporting codes.");
--- a/auth/lib/ui/settings/data/import/google_auth_import.dart
+++ b/auth/lib/ui/settings/data/import/google_auth_import.dart
@@ -56,6 +56,7 @@ Future<void> showGoogleAuthInstruction(BuildContext context) async {
        await CodeStore.instance.addCode(code, shouldSync: false);
      }
      unawaited(AuthenticatorService.instance.onlineSync());
+      // ignore: unawaited_futures
      importSuccessDialog(context, codes.length);
    }
  }
--- a/auth/lib/ui/settings/data/import/import_service.dart
+++ b/auth/lib/ui/settings/data/import/import_service.dart
@@ -19,29 +19,29 @@ class ImportService {
  Future<void> initiateImport(BuildContext context, ImportType type) async {
    switch (type) {
      case ImportType.plainText:
-        showImportInstructionDialog(context);
+        await showImportInstructionDialog(context);
        break;
      case ImportType.encrypted:
-        showEncryptedImportInstruction(context);
+        await showEncryptedImportInstruction(context);
        break;
      case ImportType.ravio:
-        showRaivoImportInstruction(context);
+        await showRaivoImportInstruction(context);
        break;
      case ImportType.googleAuthenticator:
-        showGoogleAuthInstruction(context);
+        await showGoogleAuthInstruction(context);
        // showToast(context, 'coming soon');
        break;
      case ImportType.aegis:
-        showAegisImportInstruction(context);
+        await showAegisImportInstruction(context);
        break;
      case ImportType.twoFas:
-        show2FasImportInstruction(context);
+        await show2FasImportInstruction(context);
        break;
      case ImportType.bitwarden:
-        showBitwardenImportInstruction(context);
+        await showBitwardenImportInstruction(context);
        break;
      case ImportType.lastpass:
-        showLastpassImportInstruction(context);
+        await showLastpassImportInstruction(context);
        break;
    }
  }
--- a/auth/lib/ui/settings/data/import_page.dart
+++ b/auth/lib/ui/settings/data/import_page.dart
@@ -105,7 +105,7 @@ class ImportCodePage extends StatelessWidget {
                              index != importOptions.length - 1,
                          isTopBorderRadiusRemoved: index != 0,
                          onTap: () async {
-                            ImportService().initiateImport(context, type);
+                            await ImportService().initiateImport(context, type);
                            // routeToPage(context, ImportCodePage());
                            // _showImportInstructionDialog(context);
                          },
--- a/auth/lib/ui/settings/developer_settings_page.dart
+++ b/auth/lib/ui/settings/developer_settings_page.dart
@@ -0,0 +1,90 @@
+import 'package:dio/dio.dart';
+import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/ui/common/gradient_button.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+
+class DeveloperSettingsPage extends StatefulWidget {
+  const DeveloperSettingsPage({super.key});
+
+  @override
+  _DeveloperSettingsPageState createState() => _DeveloperSettingsPageState();
+}
+
+class _DeveloperSettingsPageState extends State<DeveloperSettingsPage> {
+  final _logger = Logger('DeveloperSettingsPage');
+  final _urlController = TextEditingController();
+
+  @override
+  void dispose() {
+    _urlController.dispose();
+    super.dispose();
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    _logger.info(
+      "Current endpoint is: " + Configuration.instance.getHttpEndpoint(),
+    );
+    return Scaffold(
+      appBar: AppBar(
+        title: Text(context.l10n.developerSettings),
+      ),
+      body: Padding(
+        padding: const EdgeInsets.all(16.0),
+        child: Column(
+          children: [
+            TextField(
+              controller: _urlController,
+              decoration: InputDecoration(
+                labelText: context.l10n.serverEndpoint,
+                hintText: Configuration.instance.getHttpEndpoint(),
+              ),
+              autofocus: true,
+            ),
+            const SizedBox(height: 40),
+            GradientButton(
+              onTap: () async {
+                String url = _urlController.text;
+                _logger.info("Entered endpoint: " + url);
+                try {
+                  final uri = Uri.parse(url);
+                  if ((uri.scheme == "http" || uri.scheme == "https")) {
+                    await _ping(url);
+                    await Configuration.instance.setHttpEndpoint(url);
+                    showToast(context, context.l10n.endpointUpdatedMessage);
+                    Navigator.of(context).pop();
+                  } else {
+                    throw const FormatException();
+                  }
+                } catch (e) {
+                  // ignore: unawaited_futures
+                  showErrorDialog(
+                    context,
+                    context.l10n.invalidEndpoint,
+                    context.l10n.invalidEndpointMessage,
+                  );
+                }
+              },
+              text: context.l10n.saveAction,
+            ),
+          ],
+        ),
+      ),
+    );
+  }
+
+  Future<void> _ping(String endpoint) async {
+    try {
+      final response = await Dio().get(endpoint + '/ping');
+      if (response.data['message'] != 'pong') {
+        throw Exception('Invalid response');
+      }
+    } catch (e) {
+      throw Exception('Error occurred: $e');
+    }
+  }
+}
--- a/auth/lib/ui/settings/developer_settings_widget.dart
+++ b/auth/lib/ui/settings/developer_settings_widget.dart
@@ -0,0 +1,27 @@
+import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/core/constants.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:flutter/material.dart';
+
+class DeveloperSettingsWidget extends StatelessWidget {
+  const DeveloperSettingsWidget({super.key});
+
+  @override
+  Widget build(BuildContext context) {
+    final endpoint = Configuration.instance.getHttpEndpoint();
+    if (endpoint != kDefaultProductionEndpoint) {
+      final endpointURI = Uri.parse(endpoint);
+      return Padding(
+        padding: const EdgeInsets.only(bottom: 20),
+        child: Text(
+          context.l10n.customEndpoint(
+            endpointURI.host + ":" + endpointURI.port.toString(),
+          ),
+          style: Theme.of(context).textTheme.bodySmall,
+        ),
+      );
+    } else {
+      return const SizedBox.shrink();
+    }
+  }
+}
--- a/auth/lib/ui/settings/general_section_widget.dart
+++ b/auth/lib/ui/settings/general_section_widget.dart
@@ -48,6 +48,7 @@ class _AdvancedSectionWidgetState extends State<AdvancedSectionWidget> {
          trailingIconIsMuted: true,
          onTap: () async {
            final locale = await getLocale();
+            // ignore: unawaited_futures
            routeToPage(
              context,
              LanguageSelectorPage(
--- a/auth/lib/ui/settings/security_section_widget.dart
+++ b/auth/lib/ui/settings/security_section_widget.dart
@@ -4,10 +4,11 @@ import 'dart:typed_data';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/user_details.dart';
+import 'package:ente_auth/services/auth_feature_flag.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
+import 'package:ente_auth/services/passkey_service.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
-import 'package:ente_auth/ui/account/recovery_key_page.dart';
 import 'package:ente_auth/ui/account/request_pwd_verification_page.dart';
 import 'package:ente_auth/ui/account/sessions_page.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
@@ -20,7 +21,7 @@ import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
 import 'package:ente_auth/utils/toast_util.dart';
 import 'package:flutter/material.dart';
-import 'package:flutter_sodium/flutter_sodium.dart';
+import 'package:logging/logging.dart';

 class SecuritySectionWidget extends StatefulWidget {
  const SecuritySectionWidget({Key? key}) : super(key: key);
@@ -32,6 +33,7 @@ class SecuritySectionWidget extends StatefulWidget {
 class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
  final _config = Configuration.instance;
  late bool _hasLoggedIn;
+  final Logger _logger = Logger('SecuritySectionWidget');

  @override
  void initState() {
@@ -63,42 +65,21 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
        // We don't know if the user can disable MFA yet, so we fetch the info
        UserService.instance.getUserDetailsV2().ignore();
      }
+      final bool isInternalUser =
+          FeatureFlagService.instance.isInternalUserOrDebugBuild();
      children.addAll([
-        sectionOptionSpacing,
-        MenuItemWidget(
-          captionedTextWidget: CaptionedTextWidget(
-            title: l10n.recoveryKey,
+        if (isInternalUser) sectionOptionSpacing,
+        if (isInternalUser)
+          MenuItemWidget(
+            captionedTextWidget: CaptionedTextWidget(
+              title: l10n.passkey,
+            ),
+            pressedColor: getEnteColorScheme(context).fillFaint,
+            trailingIcon: Icons.chevron_right_outlined,
+            trailingIconIsMuted: true,
+            onTap: () async => await onPasskeyClick(context),
          ),
-          pressedColor: getEnteColorScheme(context).fillFaint,
-          trailingIcon: Icons.chevron_right_outlined,
-          trailingIconIsMuted: true,
-          onTap: () async {
-            final hasAuthenticated = await LocalAuthenticationService.instance
-                .requestLocalAuthentication(
-              context,
-              l10n.authToViewYourRecoveryKey,
-            );
-            if (hasAuthenticated) {
-              String recoveryKey;
-              try {
-                recoveryKey =
-                    Sodium.bin2hex(Configuration.instance.getRecoveryKey());
-              } catch (e) {
-                showGenericErrorDialog(context: context);
-                return;
-              }
-              routeToPage(
-                context,
-                RecoveryKeyPage(
-                  recoveryKey,
-                  l10n.ok,
-                  showAppBar: true,
-                  onDone: () {},
-                ),
-              );
-            }
-          },
-        ),
+        sectionOptionSpacing,
        MenuItemWidget(
          captionedTextWidget: CaptionedTextWidget(
            title: l10n.emailVerificationToggle,
@@ -137,6 +118,7 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
              context.l10n.authToViewYourActiveSessions,
            );
            if (hasAuthenticated) {
+              // ignore: unawaited_futures
              Navigator.of(context).push(
                MaterialPageRoute(
                  builder: (BuildContext context) {
@@ -179,6 +161,31 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
    );
  }

+  Future<void> onPasskeyClick(BuildContext buildContext) async {
+    try {
+      final isPassKeyResetEnabled =
+          await PasskeyService.instance.isPasskeyRecoveryEnabled();
+      if (!isPassKeyResetEnabled) {
+        final Uint8List recoveryKey = Configuration.instance.getRecoveryKey();
+        final resetKey = CryptoUtil.generateKey();
+        final resetKeyBase64 = CryptoUtil.bin2base64(resetKey);
+        final encryptionResult = CryptoUtil.encryptSync(
+          resetKey,
+          recoveryKey,
+        );
+        await PasskeyService.instance.configurePasskeyRecovery(
+          resetKeyBase64,
+          CryptoUtil.bin2base64(encryptionResult.encryptedData!),
+          CryptoUtil.bin2base64(encryptionResult.nonce!),
+        );
+      }
+      PasskeyService.instance.openPasskeyPage(buildContext).ignore();
+    } catch (e, s) {
+      _logger.severe("failed to open passkey page", e, s);
+      await showGenericErrorDialog(context: context);
+    }
+  }
+
  Future<void> updateEmailMFA(bool enableEmailMFA) async {
    try {
      final UserDetails details =
--- a/auth/lib/ui/settings/social_section_widget.dart
+++ b/auth/lib/ui/settings/social_section_widget.dart
@@ -81,6 +81,7 @@ class SocialsMenuItemWidget extends StatelessWidget {
      trailingIcon: Icons.chevron_right_outlined,
      trailingIconIsMuted: true,
      onTap: () async {
+        // ignore: unawaited_futures
        launchUrlString(
          url,
          mode: launchInExternalApp
--- a/auth/lib/ui/settings/support_section_widget.dart
+++ b/auth/lib/ui/settings/support_section_widget.dart
@@ -42,6 +42,7 @@ class _SupportSectionWidgetState extends State<SupportSectionWidget> {
          trailingIcon: Icons.chevron_right_outlined,
          trailingIconIsMuted: true,
          onTap: () async {
+            // ignore: unawaited_futures
            showModalBottomSheet<void>(
              backgroundColor: Theme.of(context).colorScheme.background,
              barrierColor: Colors.black87,
@@ -61,6 +62,7 @@ class _SupportSectionWidgetState extends State<SupportSectionWidget> {
          trailingIcon: Icons.chevron_right_outlined,
          trailingIconIsMuted: true,
          onTap: () async {
+            // ignore: unawaited_futures
            launchUrlString(
              githubDiscussionsUrl,
              mode: LaunchMode.externalApplication,
--- a/auth/lib/ui/settings_page.dart
+++ b/auth/lib/ui/settings_page.dart
@@ -16,6 +16,7 @@ import 'package:ente_auth/ui/settings/account_section_widget.dart';
 import 'package:ente_auth/ui/settings/app_version_widget.dart';
 import 'package:ente_auth/ui/settings/data/data_section_widget.dart';
 import 'package:ente_auth/ui/settings/data/export_widget.dart';
+import 'package:ente_auth/ui/settings/developer_settings_widget.dart';
 import 'package:ente_auth/ui/settings/general_section_widget.dart';
 import 'package:ente_auth/ui/settings/security_section_widget.dart';
 import 'package:ente_auth/ui/settings/social_section_widget.dart';
@@ -149,6 +150,7 @@ class SettingsPage extends StatelessWidget {
      sectionSpacing,
      const AboutSectionWidget(),
      const AppVersionWidget(),
+      const DeveloperSettingsWidget(),
      const SupportDevWidget(),
      const Padding(
        padding: EdgeInsets.only(bottom: 60),
--- a/auth/lib/ui/tools/lock_screen.dart
+++ b/auth/lib/ui/tools/lock_screen.dart
@@ -56,6 +56,7 @@ class _LockScreenState extends State<LockScreen> with WidgetsBindingObserver {
                    text: context.l10n.unlock,
                    iconData: Icons.lock_open_outlined,
                    onTap: () async {
+                      // ignore: unawaited_futures
                      _showLockScreen(source: "tapUnlock");
                    },
                  ),
--- a/auth/lib/ui/two_factor_authentication_page.dart
+++ b/auth/lib/ui/two_factor_authentication_page.dart
@@ -1,4 +1,5 @@
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/account/two_factor.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/lifecycle_event_handler.dart';
 import 'package:flutter/material.dart';
@@ -119,7 +120,7 @@ class _TwoFactorAuthenticationPageState
          child: OutlinedButton(
            onPressed: _code.length == 6
                ? () async {
-                    _verifyTwoFactorCode(_code);
+                    await _verifyTwoFactorCode(_code);
                  }
                : null,
            child: Text(l10n.verify),
@@ -129,7 +130,11 @@ class _TwoFactorAuthenticationPageState
        GestureDetector(
          behavior: HitTestBehavior.opaque,
          onTap: () {
-            UserService.instance.recoverTwoFactor(context, widget.sessionID);
+            UserService.instance.recoverTwoFactor(
+              context,
+              widget.sessionID,
+              TwoFactorType.totp,
+            );
          },
          child: Container(
            padding: const EdgeInsets.all(10),
--- a/auth/lib/ui/two_factor_recovery_page.dart
+++ b/auth/lib/ui/two_factor_recovery_page.dart
@@ -1,6 +1,7 @@
 import 'dart:ui';

 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/account/two_factor.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:flutter/material.dart';
@@ -9,8 +10,10 @@ class TwoFactorRecoveryPage extends StatefulWidget {
  final String sessionID;
  final String encryptedSecret;
  final String secretDecryptionNonce;
+  final TwoFactorType type;

  const TwoFactorRecoveryPage(
+    this.type,
    this.sessionID,
    this.encryptedSecret,
    this.secretDecryptionNonce, {
@@ -72,6 +75,7 @@ class _TwoFactorRecoveryPageState extends State<TwoFactorRecoveryPage> {
                  ? () async {
                      await UserService.instance.removeTwoFactor(
                        context,
+                        widget.type,
                        widget.sessionID,
                        _recoveryKey.text,
                        widget.encryptedSecret,
--- a/auth/lib/utils/email_util.dart
+++ b/auth/lib/utils/email_util.dart
@@ -62,6 +62,7 @@ Future<void> sendLogs(
        ],
      ),
      onPressed: () async {
+        // ignore: unawaited_futures
        showDialog(
          context: context,
          builder: (BuildContext context) {
@@ -118,6 +119,7 @@ Future<void> sendLogs(
      ),
    ),
  );
+  // ignore: unawaited_futures
  showDialog(
    context: context,
    builder: (_) {
@@ -159,7 +161,7 @@ Future<String> getZippedLogsFile(BuildContext context) async {
      tempPath + "/logs-${Configuration.instance.getUserID() ?? 0}.zip";
  final encoder = ZipFileEncoder();
  encoder.create(zipFilePath);
-  encoder.addDirectory(logsDirectory);
+  await encoder.addDirectory(logsDirectory);
  encoder.close();
  await dialog.hide();
  return zipFilePath;
--- a/auth/lib/utils/toast_util.dart
+++ b/auth/lib/utils/toast_util.dart
@@ -2,14 +2,14 @@ import 'package:ente_auth/ente_theme_data.dart';
 import 'package:flutter/material.dart';
 import 'package:fluttertoast/fluttertoast.dart';

-Future showToast(
+void showToast(
  BuildContext context,
  String message, {
  toastLength = Toast.LENGTH_LONG,
  iOSDismissOnTap = true,
 }) async {
  await Fluttertoast.cancel();
-  return Fluttertoast.showToast(
+  await Fluttertoast.showToast(
    msg: message,
    toastLength: toastLength,
    gravity: ToastGravity.BOTTOM,
@@ -20,6 +20,6 @@ Future showToast(
  );
 }

-Future<void> showShortToast(context, String message) {
-  return showToast(context, message, toastLength: Toast.LENGTH_SHORT);
+void showShortToast(context, String message) {
+  showToast(context, message, toastLength: Toast.LENGTH_SHORT);
 }
--- a/auth/macos/Runner.xcodeproj/project.pbxproj
+++ b/auth/macos/Runner.xcodeproj/project.pbxproj
@@ -203,7 +203,7 @@
 			isa = PBXProject;
 			attributes = {
 				LastSwiftUpdateCheck = 0920;
-				LastUpgradeCheck = 1300;
+				LastUpgradeCheck = 1430;
 				ORGANIZATIONNAME = "";
 				TargetAttributes = {
 					33CC10EC2044A3C60003C045 = {
--- a/auth/macos/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme
+++ b/auth/macos/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1300"
+   LastUpgradeVersion = "1430"
   version = "1.3">
   <BuildAction
      parallelizeBuildables = "YES"
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-darwin-amd64
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-darwin-amd64
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-darwin-arm64
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-darwin-arm64
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-linux-386
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-linux-386
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-linux-amd64
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-linux-amd64
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-linux-arm
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-linux-arm
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-linux-arm64
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-linux-arm64
--- a/auth/migration-guides/decrypt/bin/ente-decrypt-windows-386.exe
+++ b/auth/migration-guides/decrypt/bin/ente-decrypt-windows-386.exe
--- a/Show More
+++ b/Show More