release: 1.6.3

fix: show rename and delete buttons for passkeys without hovering over the row
fix: use user-agent for identifying known device signins
2025-12-11 07:32:57 +03:00 · 2025-07-20 22:35:35 -05:00 · 2025-07-20 19:09:06 -05:00 · 2025-07-20 19:02:17 -05:00 · 2025-07-14 23:36:36 -05:00 · 2025-07-14 13:15:33 -05:00
43 changed files with 1096 additions and 676 deletions
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -1,6 +1,7 @@
 name: "🐛 Bug Report"
 description: "Report something that is not working as expected"
 title: "🐛 Bug Report: "
+type: 'Bug'
 labels: [bug]
 body:
  - type: markdown
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -2,6 +2,7 @@ name: 🚀 Feature
 description: "Submit a proposal for a new feature"
 title: "🚀 Feature: "
 labels: [feature]
+type: 'Feature'
 body:
  - type: textarea
    id: feature-description
--- a/.github/ISSUE_TEMPLATE/language-request.yml
+++ b/.github/ISSUE_TEMPLATE/language-request.yml
@@ -2,6 +2,7 @@ name: "🌐 Language request"
 description: "You want to contribute to a language that isn't on Crowdin yet?"
 title: "🌐 Language Request: <language name in english>"
 labels: [language-request]
+type: 'Language Request'
 body:
  - type: input
    id: language-name-native
--- a/.version
+++ b/.version
@@ -1 +1 @@
-1.6.1
+1.6.3
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,18 @@
+## [](https://github.com/pocket-id/pocket-id/compare/v1.6.2...v) (2025-07-21)
+
+### Bug Fixes
+
+* allow passkey names up to 50 characters ([b03e91b](https://github.com/pocket-id/pocket-id/commit/b03e91b6530c2393ad20ac49aa2cb2b4962651b2))
+* ensure user inputs are normalized ([#724](https://github.com/pocket-id/pocket-id/issues/724)) ([7b4ccd1](https://github.com/pocket-id/pocket-id/commit/7b4ccd1f306f4882c52fe30133fcda114ef0d18b))
+* show rename and delete buttons for passkeys without hovering over the row ([2952b15](https://github.com/pocket-id/pocket-id/commit/2952b1575542ecd0062fe740e2d6a3caad05190d))
+* use object-contain for images on oidc-client list ([d3bc179](https://github.com/pocket-id/pocket-id/commit/d3bc1797b65ec8bc9201c55d06f3612093f3a873))
+* use user-agent for identifying known device signins ([ef1d599](https://github.com/pocket-id/pocket-id/commit/ef1d5996624fc534190f80a26f2c48bbad206f49))
+## [](https://github.com/pocket-id/pocket-id/compare/v1.6.1...v) (2025-07-09)
+
+### Bug Fixes
+
+* ensure confirmation dialog shows on top of other components ([f103a54](https://github.com/pocket-id/pocket-id/commit/f103a547904070c5b192e519c8b5a8fed9d80e96))
+* login failures on Postgres when IP is null ([#737](https://github.com/pocket-id/pocket-id/issues/737)) ([e1de593](https://github.com/pocket-id/pocket-id/commit/e1de593dcd30b7b04da3b003455134992b702595))
 ## [](https://github.com/pocket-id/pocket-id/compare/v1.5.0...v) (2025-07-06)


--- a/backend/go.mod
+++ b/backend/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/emersion/go-smtp v0.21.3
 	github.com/fxamacker/cbor/v2 v2.7.0
 	github.com/gin-gonic/gin v1.10.0
+	github.com/glebarez/go-sqlite v1.21.2
 	github.com/glebarez/sqlite v1.11.0
 	github.com/go-co-op/gocron/v2 v2.15.0
 	github.com/go-ldap/ldap/v3 v3.4.10
@@ -35,8 +36,9 @@ require (
 	go.opentelemetry.io/otel/sdk v1.35.0
 	go.opentelemetry.io/otel/sdk/metric v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
-	golang.org/x/crypto v0.37.0
+	golang.org/x/crypto v0.39.0
 	golang.org/x/image v0.24.0
+	golang.org/x/text v0.26.0
 	golang.org/x/time v0.9.0
 	gorm.io/driver/postgres v1.5.11
 	gorm.io/gorm v1.25.12
@@ -57,7 +59,6 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/gin-contrib/sse v1.0.0 // indirect
-	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -125,16 +126,15 @@ require (
 	golang.org/x/arch v0.14.0 // indirect
 	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 // indirect
 	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sync v0.15.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/grpc v1.71.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.65.6 // indirect
+	modernc.org/libc v1.65.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
-	modernc.org/memory v1.10.0 // indirect
-	modernc.org/sqlite v1.37.0 // indirect
+	modernc.org/memory v1.11.0 // indirect
+	modernc.org/sqlite v1.38.0 // indirect
 )
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -319,8 +319,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
 golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -331,8 +331,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -353,8 +353,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -387,8 +387,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -423,22 +423,22 @@ modernc.org/cc/v4 v4.26.1 h1:+X5NtzVBn0KgsBCBe+xkDC7twLb/jNVj9FPgiwSQO3s=
 modernc.org/cc/v4 v4.26.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
 modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
-modernc.org/fileutil v1.3.1 h1:8vq5fe7jdtEvoCf3Zf9Nm0Q05sH6kGx0Op2CPx1wTC8=
-modernc.org/fileutil v1.3.1/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/fileutil v1.3.3 h1:3qaU+7f7xxTUmvU1pJTZiDLAIoJVdUSSauJNHg9yXoA=
+modernc.org/fileutil v1.3.3/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
-modernc.org/libc v1.65.6 h1:OhJUhmuJ6MVZdqL5qmnd0/my46DKGFhSX4WOR7ijfyE=
-modernc.org/libc v1.65.6/go.mod h1:MOiGAM9lrMBT9L8xT1nO41qYl5eg9gCp9/kWhz5L7WA=
+modernc.org/libc v1.65.10 h1:ZwEk8+jhW7qBjHIT+wd0d9VjitRyQef9BnzlzGwMODc=
+modernc.org/libc v1.65.10/go.mod h1:StFvYpx7i/mXtBAfVOjaU0PWZOvIRoZSgXhrwXzr8Po=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
-modernc.org/memory v1.10.0 h1:fzumd51yQ1DxcOxSO+S6X7+QTuVU+n8/Aj7swYjFfC4=
-modernc.org/memory v1.10.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
+modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
+modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
 modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.37.0 h1:s1TMe7T3Q3ovQiK2Ouz4Jwh7dw4ZDqbebSDTlSJdfjI=
-modernc.org/sqlite v1.37.0/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM=
+modernc.org/sqlite v1.38.0 h1:+4OrfPQ8pxHKuWG4md1JpR/EYAh3Md7TdejuuzE7EUI=
+modernc.org/sqlite v1.38.0/go.mod h1:1Bj+yES4SVvBZ4cBOpVZ6QgesMCKpJZDq0nxYzOpmNE=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
--- a/backend/internal/bootstrap/db_bootstrap.go
+++ b/backend/internal/bootstrap/db_bootstrap.go
@@ -20,6 +20,7 @@ import (
 	"gorm.io/gorm/logger"

 	"github.com/pocket-id/pocket-id/backend/internal/common"
+	sqliteutil "github.com/pocket-id/pocket-id/backend/internal/utils/sqlite"
 	"github.com/pocket-id/pocket-id/backend/resources"
 )

@@ -88,6 +89,7 @@ func connectDatabase() (db *gorm.DB, err error) {
 		if !strings.HasPrefix(common.EnvConfig.DbConnectionString, "file:") {
 			return nil, errors.New("invalid value for env var 'DB_CONNECTION_STRING': does not begin with 'file:'")
 		}
+		sqliteutil.RegisterSqliteFunctions()
 		connString, err := parseSqliteConnectionString(common.EnvConfig.DbConnectionString)
 		if err != nil {
 			return nil, err
--- a/backend/internal/controller/api_key_controller.go
+++ b/backend/internal/controller/api_key_controller.go
@@ -82,7 +82,7 @@ func (c *ApiKeyController) createApiKeyHandler(ctx *gin.Context) {
 	userID := ctx.GetString("userID")

 	var input dto.ApiKeyCreateDto
-	if err := ctx.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(ctx, &input); err != nil {
 		_ = ctx.Error(err)
 		return
 	}
--- a/backend/internal/controller/app_config_controller.go
+++ b/backend/internal/controller/app_config_controller.go
@@ -109,7 +109,7 @@ func (acc *AppConfigController) listAllAppConfigHandler(c *gin.Context) {
 // @Router /api/application-configuration [put]
 func (acc *AppConfigController) updateAppConfigHandler(c *gin.Context) {
 	var input dto.AppConfigUpdateDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
--- a/backend/internal/controller/custom_claim_controller.go
+++ b/backend/internal/controller/custom_claim_controller.go
@@ -59,7 +59,7 @@ func (ccc *CustomClaimController) getSuggestionsHandler(c *gin.Context) {
 func (ccc *CustomClaimController) UpdateCustomClaimsForUserHandler(c *gin.Context) {
 	var input []dto.CustomClaimCreateDto

-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
@@ -93,7 +93,7 @@ func (ccc *CustomClaimController) UpdateCustomClaimsForUserHandler(c *gin.Contex
 func (ccc *CustomClaimController) UpdateCustomClaimsForUserGroupHandler(c *gin.Context) {
 	var input []dto.CustomClaimCreateDto

-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
--- a/backend/internal/controller/user_controller.go
+++ b/backend/internal/controller/user_controller.go
@@ -193,7 +193,7 @@ func (uc *UserController) deleteUserHandler(c *gin.Context) {
 // @Router /api/users [post]
 func (uc *UserController) createUserHandler(c *gin.Context) {
 	var input dto.UserCreateDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
@@ -378,7 +378,7 @@ func (uc *UserController) createAdminOneTimeAccessTokenHandler(c *gin.Context) {
 // @Router /api/one-time-access-email [post]
 func (uc *UserController) RequestOneTimeAccessEmailAsUnauthenticatedUserHandler(c *gin.Context) {
 	var input dto.OneTimeAccessEmailAsUnauthenticatedUserDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
@@ -457,7 +457,7 @@ func (uc *UserController) exchangeOneTimeAccessTokenHandler(c *gin.Context) {
 // @Router /api/signup/setup [post]
 func (uc *UserController) signUpInitialAdmin(c *gin.Context) {
 	var input dto.SignUpDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
@@ -606,7 +606,7 @@ func (uc *UserController) deleteSignupTokenHandler(c *gin.Context) {
 // @Router /api/signup [post]
 func (uc *UserController) signupHandler(c *gin.Context) {
 	var input dto.SignUpDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
@@ -635,7 +635,7 @@ func (uc *UserController) signupHandler(c *gin.Context) {
 // updateUser is an internal helper method, not exposed as an API endpoint
 func (uc *UserController) updateUser(c *gin.Context, updateOwnUser bool) {
 	var input dto.UserCreateDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
--- a/backend/internal/controller/user_group_controller.go
+++ b/backend/internal/controller/user_group_controller.go
@@ -120,7 +120,7 @@ func (ugc *UserGroupController) get(c *gin.Context) {
 // @Router /api/user-groups [post]
 func (ugc *UserGroupController) create(c *gin.Context) {
 	var input dto.UserGroupCreateDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
@@ -152,7 +152,7 @@ func (ugc *UserGroupController) create(c *gin.Context) {
 // @Router /api/user-groups/{id} [put]
 func (ugc *UserGroupController) update(c *gin.Context) {
 	var input dto.UserGroupCreateDto
-	if err := c.ShouldBindJSON(&input); err != nil {
+	if err := dto.ShouldBindWithNormalizedJSON(c, &input); err != nil {
 		_ = c.Error(err)
 		return
 	}
--- a/backend/internal/dto/api_key_dto.go
+++ b/backend/internal/dto/api_key_dto.go
@@ -5,8 +5,8 @@ import (
 )

 type ApiKeyCreateDto struct {
-	Name        string            `json:"name" binding:"required,min=3,max=50"`
-	Description string            `json:"description"`
+	Name        string            `json:"name" binding:"required,min=3,max=50" unorm:"nfc"`
+	Description string            `json:"description" unorm:"nfc"`
 	ExpiresAt   datatype.DateTime `json:"expiresAt" binding:"required"`
 }

--- a/backend/internal/dto/app_config_dto.go
+++ b/backend/internal/dto/app_config_dto.go
@@ -12,7 +12,7 @@ type AppConfigVariableDto struct {
 }

 type AppConfigUpdateDto struct {
-	AppName                                    string `json:"appName" binding:"required,min=1,max=30"`
+	AppName                                    string `json:"appName" binding:"required,min=1,max=30" unorm:"nfc"`
 	SessionDuration                            string `json:"sessionDuration" binding:"required"`
 	EmailsVerified                             string `json:"emailsVerified" binding:"required"`
 	DisableAnimations                          string `json:"disableAnimations" binding:"required"`
--- a/backend/internal/dto/custom_claim_dto.go
+++ b/backend/internal/dto/custom_claim_dto.go
@@ -6,6 +6,6 @@ type CustomClaimDto struct {
 }

 type CustomClaimCreateDto struct {
-	Key   string `json:"key" binding:"required"`
-	Value string `json:"value" binding:"required"`
+	Key   string `json:"key" binding:"required" unorm:"nfc"`
+	Value string `json:"value" binding:"required" unorm:"nfc"`
 }
--- a/backend/internal/dto/dto_normalize.go
+++ b/backend/internal/dto/dto_normalize.go
@@ -0,0 +1,94 @@
+package dto
+
+import (
+	"net/http"
+	"reflect"
+
+	"github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin/binding"
+	"golang.org/x/text/unicode/norm"
+)
+
+// Normalize iterates through an object and performs Unicode normalization on all string fields with the `unorm` tag.
+func Normalize(obj any) {
+	v := reflect.ValueOf(obj)
+	if v.Kind() != reflect.Ptr || v.IsNil() {
+		return
+	}
+	v = v.Elem()
+
+	// Handle case where obj is a slice of models
+	if v.Kind() == reflect.Slice {
+		for i := 0; i < v.Len(); i++ {
+			elem := v.Index(i)
+			if elem.Kind() == reflect.Ptr && !elem.IsNil() && elem.Elem().Kind() == reflect.Struct {
+				Normalize(elem.Interface())
+			} else if elem.Kind() == reflect.Struct && elem.CanAddr() {
+				Normalize(elem.Addr().Interface())
+			}
+		}
+		return
+	}
+
+	if v.Kind() != reflect.Struct {
+		return
+	}
+
+	// Iterate through all fields looking for those with the "unorm" tag
+	t := v.Type()
+loop:
+	for i := range t.NumField() {
+		field := t.Field(i)
+
+		unormTag := field.Tag.Get("unorm")
+		if unormTag == "" {
+			continue
+		}
+
+		fv := v.Field(i)
+		if !fv.CanSet() || fv.Kind() != reflect.String {
+			continue
+		}
+
+		var form norm.Form
+		switch unormTag {
+		case "nfc":
+			form = norm.NFC
+		case "nfkc":
+			form = norm.NFKC
+		case "nfd":
+			form = norm.NFD
+		case "nfkd":
+			form = norm.NFKD
+		default:
+			continue loop
+		}
+
+		val := fv.String()
+		val = form.String(val)
+		fv.SetString(val)
+	}
+}
+
+func ShouldBindWithNormalizedJSON(ctx *gin.Context, obj any) error {
+	return ctx.ShouldBindWith(obj, binding.JSON)
+}
+
+type NormalizerJSONBinding struct{}
+
+func (NormalizerJSONBinding) Name() string {
+	return "json"
+}
+
+func (NormalizerJSONBinding) Bind(req *http.Request, obj any) error {
+	// Use the default JSON binder
+	err := binding.JSON.Bind(req, obj)
+	if err != nil {
+		return err
+	}
+
+	// Perform normalization
+	Normalize(obj)
+
+	return nil
+}
--- a/backend/internal/dto/dto_normalize_test.go
+++ b/backend/internal/dto/dto_normalize_test.go
@@ -0,0 +1,84 @@
+package dto
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/text/unicode/norm"
+)
+
+type testDto struct {
+	Name        string `unorm:"nfc"`
+	Description string `unorm:"nfd"`
+	Other       string
+	BadForm     string `unorm:"bad"`
+}
+
+func TestNormalize(t *testing.T) {
+	input := testDto{
+		// Is in NFC form already
+		Name: norm.NFC.String("Café"),
+		// NFC form will be normalized to NFD
+		Description: norm.NFC.String("vërø"),
+		// Should be unchanged
+		Other: "NöTag",
+		// Should be unchanged
+		BadForm: "BåD",
+	}
+
+	Normalize(&input)
+
+	assert.Equal(t, norm.NFC.String("Café"), input.Name)
+	assert.Equal(t, norm.NFD.String("vërø"), input.Description)
+	assert.Equal(t, "NöTag", input.Other)
+	assert.Equal(t, "BåD", input.BadForm)
+}
+
+func TestNormalizeSlice(t *testing.T) {
+	obj1 := testDto{
+		Name:        norm.NFC.String("Café1"),
+		Description: norm.NFC.String("vërø1"),
+		Other:       "NöTag1",
+		BadForm:     "BåD1",
+	}
+	obj2 := testDto{
+		Name:        norm.NFD.String("Résumé2"),
+		Description: norm.NFD.String("accéléré2"),
+		Other:       "NöTag2",
+		BadForm:     "BåD2",
+	}
+
+	t.Run("slice of structs", func(t *testing.T) {
+		slice := []testDto{obj1, obj2}
+		Normalize(&slice)
+
+		// Verify first element
+		assert.Equal(t, norm.NFC.String("Café1"), slice[0].Name)
+		assert.Equal(t, norm.NFD.String("vërø1"), slice[0].Description)
+		assert.Equal(t, "NöTag1", slice[0].Other)
+		assert.Equal(t, "BåD1", slice[0].BadForm)
+
+		// Verify second element
+		assert.Equal(t, norm.NFC.String("Résumé2"), slice[1].Name)
+		assert.Equal(t, norm.NFD.String("accéléré2"), slice[1].Description)
+		assert.Equal(t, "NöTag2", slice[1].Other)
+		assert.Equal(t, "BåD2", slice[1].BadForm)
+	})
+
+	t.Run("slice of pointers to structs", func(t *testing.T) {
+		slice := []*testDto{&obj1, &obj2}
+		Normalize(&slice)
+
+		// Verify first element
+		assert.Equal(t, norm.NFC.String("Café1"), slice[0].Name)
+		assert.Equal(t, norm.NFD.String("vërø1"), slice[0].Description)
+		assert.Equal(t, "NöTag1", slice[0].Other)
+		assert.Equal(t, "BåD1", slice[0].BadForm)
+
+		// Verify second element
+		assert.Equal(t, norm.NFC.String("Résumé2"), slice[1].Name)
+		assert.Equal(t, norm.NFD.String("accéléré2"), slice[1].Description)
+		assert.Equal(t, "NöTag2", slice[1].Other)
+		assert.Equal(t, "BåD2", slice[1].BadForm)
+	})
+}
--- a/backend/internal/dto/oidc_dto.go
+++ b/backend/internal/dto/oidc_dto.go
@@ -26,7 +26,7 @@ type OidcClientWithAllowedGroupsCountDto struct {
 }

 type OidcClientCreateDto struct {
-	Name               string                   `json:"name" binding:"required,max=50"`
+	Name               string                   `json:"name" binding:"required,max=50" unorm:"nfc"`
 	CallbackURLs       []string                 `json:"callbackURLs"`
 	LogoutCallbackURLs []string                 `json:"logoutCallbackURLs"`
 	IsPublic           bool                     `json:"isPublic"`
--- a/backend/internal/dto/user_dto.go
+++ b/backend/internal/dto/user_dto.go
@@ -1,6 +1,8 @@
 package dto

-import "time"
+import (
+	"time"
+)

 type UserDto struct {
 	ID           string           `json:"id"`
@@ -17,10 +19,10 @@ type UserDto struct {
 }

 type UserCreateDto struct {
-	Username  string  `json:"username" binding:"required,username,min=2,max=50"`
-	Email     string  `json:"email" binding:"required,email"`
-	FirstName string  `json:"firstName" binding:"required,min=1,max=50"`
-	LastName  string  `json:"lastName" binding:"max=50"`
+	Username  string  `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
+	Email     string  `json:"email" binding:"required,email" unorm:"nfc"`
+	FirstName string  `json:"firstName" binding:"required,min=1,max=50" unorm:"nfc"`
+	LastName  string  `json:"lastName" binding:"max=50" unorm:"nfc"`
 	IsAdmin   bool    `json:"isAdmin"`
 	Locale    *string `json:"locale"`
 	Disabled  bool    `json:"disabled"`
@@ -33,7 +35,7 @@ type OneTimeAccessTokenCreateDto struct {
 }

 type OneTimeAccessEmailAsUnauthenticatedUserDto struct {
-	Email        string `json:"email" binding:"required,email"`
+	Email        string `json:"email" binding:"required,email" unorm:"nfc"`
 	RedirectPath string `json:"redirectPath"`
 }

@@ -46,9 +48,9 @@ type UserUpdateUserGroupDto struct {
 }

 type SignUpDto struct {
-	Username  string `json:"username" binding:"required,username,min=2,max=50"`
-	Email     string `json:"email" binding:"required,email"`
-	FirstName string `json:"firstName" binding:"required,min=1,max=50"`
-	LastName  string `json:"lastName" binding:"max=50"`
+	Username  string `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
+	Email     string `json:"email" binding:"required,email" unorm:"nfc"`
+	FirstName string `json:"firstName" binding:"required,min=1,max=50" unorm:"nfc"`
+	LastName  string `json:"lastName" binding:"max=50" unorm:"nfc"`
 	Token     string `json:"token"`
 }
--- a/backend/internal/dto/user_group_dto.go
+++ b/backend/internal/dto/user_group_dto.go
@@ -34,8 +34,8 @@ type UserGroupDtoWithUserCount struct {
 }

 type UserGroupCreateDto struct {
-	FriendlyName string `json:"friendlyName" binding:"required,min=2,max=50"`
-	Name         string `json:"name" binding:"required,min=2,max=255"`
+	FriendlyName string `json:"friendlyName" binding:"required,min=2,max=50" unorm:"nfc"`
+	Name         string `json:"name" binding:"required,min=2,max=255" unorm:"nfc"`
 	LdapID       string `json:"-"`
 }

--- a/backend/internal/dto/webauthn_dto.go
+++ b/backend/internal/dto/webauthn_dto.go
@@ -19,5 +19,5 @@ type WebauthnCredentialDto struct {
 }

 type WebauthnCredentialUpdateDto struct {
-	Name string `json:"name" binding:"required,min=1,max=30"`
+	Name string `json:"name" binding:"required,min=1,max=50"`
 }
--- a/backend/internal/middleware/rate_limit.go
+++ b/backend/internal/middleware/rate_limit.go
@@ -29,7 +29,7 @@ func (m *RateLimitMiddleware) Add(limit rate.Limit, burst int) gin.HandlerFunc {

 		// Skip rate limiting for localhost and test environment
 		// If the client ip is localhost the request comes from the frontend
-		if ip == "127.0.0.1" || ip == "::1" || common.EnvConfig.AppEnv == "test" {
+		if ip == "" || ip == "127.0.0.1" || ip == "::1" || common.EnvConfig.AppEnv == "test" {
 			c.Next()
 			return
 		}
--- a/backend/internal/service/audit_log_service.go
+++ b/backend/internal/service/audit_log_service.go
@@ -70,12 +70,17 @@ func (s *AuditLogService) CreateNewSignInWithEmail(ctx context.Context, ipAddres

 	// Count the number of times the user has logged in from the same device
 	var count int64
-	err := tx.
+	stmt := tx.
 		WithContext(ctx).
 		Model(&model.AuditLog{}).
-		Where("user_id = ? AND ip_address = ? AND user_agent = ?", userID, ipAddress, userAgent).
-		Count(&count).
-		Error
+		Where("user_id = ? AND user_agent = ?", userID, userAgent)
+	if ipAddress == "" {
+		// An empty IP address is stored as NULL in the database
+		stmt = stmt.Where("ip_address IS NULL")
+	} else {
+		stmt = stmt.Where("ip_address = ?", ipAddress)
+	}
+	err := stmt.Count(&count).Error
 	if err != nil {
 		log.Printf("Failed to count audit logs: %v", err)
 		return createdAuditLog
--- a/backend/internal/service/ldap_service.go
+++ b/backend/internal/service/ldap_service.go
@@ -15,13 +15,14 @@ import (
 	"time"
 	"unicode/utf8"

-	"github.com/google/uuid"
-
 	"github.com/go-ldap/ldap/v3"
+	"github.com/google/uuid"
+	"golang.org/x/text/unicode/norm"
+	"gorm.io/gorm"
+
 	"github.com/pocket-id/pocket-id/backend/internal/common"
 	"github.com/pocket-id/pocket-id/backend/internal/dto"
 	"github.com/pocket-id/pocket-id/backend/internal/model"
-	"gorm.io/gorm"
 )

 type LdapService struct {
@@ -181,7 +182,7 @@ func (s *LdapService) SyncGroups(ctx context.Context, tx *gorm.DB, client *ldap.
 			var databaseUser model.User
 			err = tx.
 				WithContext(ctx).
-				Where("username = ? AND ldap_id IS NOT NULL", username).
+				Where("username = ? AND ldap_id IS NOT NULL", norm.NFC.String(username)).
 				First(&databaseUser).
 				Error
 			if errors.Is(err, gorm.ErrRecordNotFound) {
@@ -199,6 +200,7 @@ func (s *LdapService) SyncGroups(ctx context.Context, tx *gorm.DB, client *ldap.
 			FriendlyName: value.GetAttributeValue(dbConfig.LdapAttributeGroupName.Value),
 			LdapID:       ldapId,
 		}
+		dto.Normalize(syncGroup)

 		if databaseGroup.ID == "" {
 			newGroup, err := s.groupService.createInternal(ctx, syncGroup, tx)
@@ -309,7 +311,6 @@ func (s *LdapService) SyncUsers(ctx context.Context, tx *gorm.DB, client *ldap.C

 		// If a user is found (even if disabled), enable them since they're now back in LDAP
 		if databaseUser.ID != "" && databaseUser.Disabled {
-			// Use the transaction instead of the direct context
 			err = tx.
 				WithContext(ctx).
 				Model(&model.User{}).
@@ -318,7 +319,7 @@ func (s *LdapService) SyncUsers(ctx context.Context, tx *gorm.DB, client *ldap.C
 				Error

 			if err != nil {
-				log.Printf("Failed to enable user %s: %v", databaseUser.Username, err)
+				return fmt.Errorf("failed to enable user %s: %w", databaseUser.Username, err)
 			}
 		}

@@ -344,6 +345,7 @@ func (s *LdapService) SyncUsers(ctx context.Context, tx *gorm.DB, client *ldap.C
 			IsAdmin:   isAdmin,
 			LdapID:    ldapId,
 		}
+		dto.Normalize(newUser)

 		if databaseUser.ID == "" {
 			_, err = s.userService.createUserInternal(ctx, newUser, true, tx)
@@ -476,7 +478,7 @@ func getDNProperty(property string, str string) string {
 // LDAP servers may return binary UUIDs (16 bytes) or other non-UTF-8 data.
 func convertLdapIdToString(ldapId string) string {
 	if utf8.ValidString(ldapId) {
-		return ldapId
+		return norm.NFC.String(ldapId)
 	}

 	// Try to parse as binary UUID (16 bytes)
--- a/backend/internal/service/user_service.go
+++ b/backend/internal/service/user_service.go
@@ -469,9 +469,7 @@ func (s *UserService) ExchangeOneTimeAccessToken(ctx context.Context, token stri
 		return model.User{}, "", err
 	}

-	if ipAddress != "" && userAgent != "" {
-		s.auditLogService.Create(ctx, model.AuditLogEventOneTimeAccessTokenSignIn, ipAddress, userAgent, oneTimeAccessToken.User.ID, model.AuditLogData{}, tx)
-	}
+	s.auditLogService.Create(ctx, model.AuditLogEventOneTimeAccessTokenSignIn, ipAddress, userAgent, oneTimeAccessToken.User.ID, model.AuditLogData{}, tx)

 	err = tx.Commit().Error
 	if err != nil {
--- a/backend/internal/utils/sqlite/sqlite_util.go
+++ b/backend/internal/utils/sqlite/sqlite_util.go
@@ -0,0 +1,51 @@
+package sqlite
+
+import (
+	"database/sql/driver"
+	"errors"
+	"fmt"
+	"strings"
+
+	sqlitelib "github.com/glebarez/go-sqlite"
+	"golang.org/x/text/unicode/norm"
+)
+
+func RegisterSqliteFunctions() {
+	// Register the `normalize(text, form)` function, which performs Unicode normalization on the text
+	// This is currently only used in migration functions
+	sqlitelib.MustRegisterDeterministicScalarFunction("normalize", 2, func(ctx *sqlitelib.FunctionContext, args []driver.Value) (driver.Value, error) {
+		if len(args) != 2 {
+			return nil, errors.New("normalize requires 2 arguments")
+		}
+
+		arg0, ok := args[0].(string)
+		if !ok {
+			return nil, fmt.Errorf("first argument for normalize is not a string: %T", args[0])
+		}
+
+		arg1, ok := args[1].(string)
+		if !ok {
+			return nil, fmt.Errorf("second argument for normalize is not a string: %T", args[1])
+		}
+
+		var form norm.Form
+		switch strings.ToLower(arg1) {
+		case "nfc":
+			form = norm.NFC
+		case "nfd":
+			form = norm.NFD
+		case "nfkc":
+			form = norm.NFKC
+		case "nfkd":
+			form = norm.NFKD
+		default:
+			return nil, fmt.Errorf("unsupported form: %s", arg1)
+		}
+
+		if len(arg0) == 0 {
+			return arg0, nil
+		}
+
+		return form.String(arg0), nil
+	})
+}
--- a/backend/internal/utils/testing/database.go
+++ b/backend/internal/utils/testing/database.go
@@ -17,9 +17,14 @@ import (
 	"gorm.io/gorm/logger"

 	"github.com/pocket-id/pocket-id/backend/internal/utils"
+	sqliteutil "github.com/pocket-id/pocket-id/backend/internal/utils/sqlite"
 	"github.com/pocket-id/pocket-id/backend/resources"
 )

+func init() {
+	sqliteutil.RegisterSqliteFunctions()
+}
+
 // NewDatabaseForTest returns a new instance of GORM connected to an in-memory SQLite database.
 // Each database connection is unique for the test.
 // All migrations are automatically performed.
--- a/backend/resources/aaguids.json
+++ b/backend/resources/aaguids.json
--- a/backend/resources/migrations/postgres/20250705000000_normalize.down.sql
+++ b/backend/resources/migrations/postgres/20250705000000_normalize.down.sql
@@ -0,0 +1 @@
+-- No-op
--- a/backend/resources/migrations/postgres/20250705000000_normalize.up.sql
+++ b/backend/resources/migrations/postgres/20250705000000_normalize.up.sql
@@ -0,0 +1,25 @@
+-- Normalize (form NFC) all existing values in the database
+UPDATE api_keys SET
+    name = normalize(name, 'nfc'),
+    description = normalize(description, 'nfc');
+
+UPDATE app_config_variables SET
+    "value" = normalize("value", 'nfc')
+WHERE "key" = 'appName';
+
+UPDATE custom_claims SET
+    "key" = normalize("key", 'nfc'),
+    "value" = normalize("value", 'nfc');
+
+UPDATE oidc_clients SET
+    name = normalize(name, 'nfc');
+
+UPDATE users SET
+    username = normalize(username, 'nfc'),
+    email = normalize(email, 'nfc'),
+    first_name = normalize(first_name, 'nfc'),
+    last_name = normalize(last_name, 'nfc');
+
+UPDATE user_groups SET
+    friendly_name = normalize(friendly_name, 'nfc'),
+    "name" = normalize("name", 'nfc');
--- a/backend/resources/migrations/sqlite/20250705000000_normalize.down.sql
+++ b/backend/resources/migrations/sqlite/20250705000000_normalize.down.sql
@@ -0,0 +1 @@
+-- No-op
--- a/backend/resources/migrations/sqlite/20250705000000_normalize.up.sql
+++ b/backend/resources/migrations/sqlite/20250705000000_normalize.up.sql
@@ -0,0 +1,25 @@
+-- Normalize (form NFC) all existing values in the database
+UPDATE api_keys SET
+    name = normalize(name, 'nfc'),
+    description = normalize(description, 'nfc');
+
+UPDATE app_config_variables SET
+    "value" = normalize("value", 'nfc')
+WHERE "key" = 'appName';
+
+UPDATE custom_claims SET
+    "key" = normalize("key", 'nfc'),
+    "value" = normalize("value", 'nfc');
+
+UPDATE oidc_clients SET
+    name = normalize(name, 'nfc');
+
+UPDATE users SET
+    username = normalize(username, 'nfc'),
+    email = normalize(email, 'nfc'),
+    first_name = normalize(first_name, 'nfc'),
+    last_name = normalize(last_name, 'nfc');
+
+UPDATE user_groups SET
+    friendly_name = normalize(friendly_name, 'nfc'),
+    "name" = normalize("name", 'nfc');
--- a/frontend/messages/es.json
+++ b/frontend/messages/es.json
@@ -289,7 +289,7 @@
 	"logout_url": "URL de cierre de sesión",
 	"certificate_url": "URL del certificado",
 	"enabled": "Habilitado",
-	"disabled": "Discapacitado",
+	"disabled": "Deshabilitado",
 	"oidc_client_updated_successfully": "Cliente OIDC actualizado correctamente",
 	"create_new_client_secret": "Crear nuevo secreto de cliente",
 	"are_you_sure_you_want_to_create_a_new_client_secret": "¿Estás seguro de que deseas crear un nuevo secreto de cliente? El antiguo quedará invalidado.",
@@ -328,13 +328,13 @@
 	"disable_animations": "Desactivar animaciones",
 	"turn_off_ui_animations": "Desactiva las animaciones en toda la interfaz de usuario.",
 	"user_disabled": "Cuenta desactivada",
-	"disabled_users_cannot_log_in_or_use_services": "Los usuarios con discapacidad no pueden iniciar sesión ni utilizar los servicios.",
+	"disabled_users_cannot_log_in_or_use_services": "Los usuarios desactivados no pueden iniciar sesión ni utilizar los servicios.",
 	"user_disabled_successfully": "El usuario ha sido desactivado correctamente.",
 	"user_enabled_successfully": "El usuario se ha habilitado correctamente.",
 	"status": "Estado",
 	"disable_firstname_lastname": "Desactivar {firstName} {lastName}",
 	"are_you_sure_you_want_to_disable_this_user": "¿Estás seguro de que deseas desactivar este usuario? No podrá iniciar sesión ni acceder a ningún servicio.",
-	"ldap_soft_delete_users": "Impide que los usuarios deshabilitados accedan a LDAP.",
+	"ldap_soft_delete_users": "Mantén los usuarios deshabilitados de LDAP.",
 	"ldap_soft_delete_users_description": "Cuando está habilitada, los usuarios eliminados de LDAP se desactivarán en lugar de eliminarse del sistema.",
 	"login_code_email_success": "El código de inicio de sesión se ha enviado al usuario.",
 	"send_email": "Enviar correo electrónico",
--- a/frontend/messages/ru.json
+++ b/frontend/messages/ru.json
@@ -37,7 +37,7 @@
 	"generate_code": "Сгенерировать код",
 	"name": "Имя",
 	"browser_unsupported": "Браузер не поддерживается",
-	"this_browser_does_not_support_passkeys": "Этот браузер не поддерживает passkey. Пожалуйста, воспользуйтесь альтернативным способом входа.",
+	"this_browser_does_not_support_passkeys": "Этот браузер не поддерживает ключи доступа. Пожалуйста, воспользуйтесь альтернативным способом входа.",
 	"an_unknown_error_occurred": "Произошла неизвестная ошибка",
 	"authentication_process_was_aborted": "Процесс аутентификации был прерван",
 	"error_occurred_with_authenticator": "С аутентификатором произошла ошибка",
@@ -107,11 +107,11 @@
 	"passkey_missing": "Passkey отсутствует",
 	"please_provide_a_passkey_to_prevent_losing_access_to_your_account": "Пожалуйста, добавьте passkey, чтобы избежать утери доступа к вашей учетной записи.",
 	"single_passkey_configured": "Настроен один passkey",
-	"it_is_recommended_to_add_more_than_one_passkey": "Рекомендуется добавить более одного passkey во избежание потери доступа к вашей учетной записи.",
+	"it_is_recommended_to_add_more_than_one_passkey": "Рекомендуется добавить более одного ключа доступа во избежание потери доступа к вашей учетной записи.",
 	"account_details": "Детали учетной записи",
-	"passkeys": "Passkeys",
-	"manage_your_passkeys_that_you_can_use_to_authenticate_yourself": "Управляйте passkeys, которые вы можете использовать для аутентификации себя.",
-	"add_passkey": "Добавить Passkey",
+	"passkeys": "Ключи доступа",
+	"manage_your_passkeys_that_you_can_use_to_authenticate_yourself": "Управляйте ключами доступа, которые вы можете использовать для аутентификации.",
+	"add_passkey": "Добавить ключ",
 	"create_a_one_time_login_code_to_sign_in_from_a_different_device_without_a_passkey": "Создайте одноразовый код входа, чтобы войти с другого устройства без passkey.",
 	"create": "Создать",
 	"first_name": "Имя",
@@ -178,7 +178,7 @@
 	"email_login_notification": "Уведомление о логине по электронной почте",
 	"send_an_email_to_the_user_when_they_log_in_from_a_new_device": "Отправлять пользователю письмо при входе с нового устройства.",
 	"emai_login_code_requested_by_user": "Код входа по электронной почте, запрошенный пользователем",
-	"allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "Позволяет пользователям обходить вход через passkey, запросив код входа, отправляемый на их электронную почту. Это значительно снижает безопасность так как любой человек, имеющий доступ к электронной почте пользователя, может получить доступ.",
+	"allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "Позволяет пользователям обходить вход через ключи доступа, запросив код входа, отправляемый на их электронную почту. Это значительно снижает безопасность, так как любой человек, имеющий доступ к электронной почте пользователя, может получить доступ.",
 	"email_login_code_from_admin": "Код входа по электронной почте от администратора",
 	"allows_an_admin_to_send_a_login_code_to_the_user": "Позволяет администратору отправлять код входа пользователю по электронной почте.",
 	"send_test_email": "Отправить тестовое письмо",
@@ -244,7 +244,7 @@
 	"user_details_firstname_lastname": "Данные пользователя {firstName} {lastName}",
 	"manage_which_groups_this_user_belongs_to": "Управление группами, к которым принадлежит этот пользователь.",
 	"custom_claims": "Пользовательские claims",
-	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user": "Пользовательские claims — это пары ключ-значение, которые могут использоваться для хранения дополнительной информации о пользователе. Эти пары будут включены в ID Token при запросе scope 'profile'.",
+	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user": "Пользовательские claims — это пары ключ-значение, которые могут использоваться для хранения дополнительной информации о пользователе. Эти пары будут включены в ID Token при запросе scope \"profile\".",
 	"user_group_created_successfully": "Группа пользователей успешно создана",
 	"create_user_group": "Создать группу пользователей",
 	"create_a_new_group_that_can_be_assigned_to_users": "Создайте новую группу, которая может быть назначена пользователям.",
@@ -252,7 +252,7 @@
 	"manage_user_groups": "Управление группами пользователей",
 	"friendly_name": "Удобное имя",
 	"name_that_will_be_displayed_in_the_ui": "Название, которое будет отображаться в интерфейсе",
-	"name_that_will_be_in_the_groups_claim": "Название, которое будет в 'groups' claim",
+	"name_that_will_be_in_the_groups_claim": "Название, которое будет в claim \"groups\"",
 	"delete_name": "Удалить {name}",
 	"are_you_sure_you_want_to_delete_this_user_group": "Вы уверены, что хотите удалить эту группу пользователей?",
 	"user_group_deleted_successfully": "Группа пользователей успешно удалена",
@@ -261,7 +261,7 @@
 	"users_updated_successfully": "Пользователи успешно обновлены",
 	"user_group_details_name": "Группа пользователей {name}",
 	"assign_users_to_this_group": "Назначить пользователей этой группе.",
-	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user_prioritized": "Пользовательские claims — это пары ключ-значение, которые могут использоваться для хранения дополнительной информации о пользователе. Эти пары будут включены в ID Token при запросе scope 'profile'. Пользовательские claims, определенные для пользователя, в случае конфликта будут приоритизированы.",
+	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user_prioritized": "Пользовательские claims — это пары ключ-значение, которые могут использоваться для хранения дополнительной информации о пользователе. Эти пары будут включены в ID Token при запросе scope \"profile\". Пользовательские claims, определенные для пользователя, в случае конфликта будут приоритизированы.",
 	"oidc_client_created_successfully": "OIDC клиент успешно создан",
 	"create_oidc_client": "Создать OIDC клиент",
 	"add_a_new_oidc_client_to_appname": "Добавить новый OIDC клиент в {appName}.",
@@ -289,7 +289,7 @@
 	"logout_url": "Logout URL",
 	"certificate_url": "Certificate URL",
 	"enabled": "Включен",
-	"disabled": "Выключен",
+	"disabled": "Отключено",
 	"oidc_client_updated_successfully": "OIDC клиент успешно обновлен",
 	"create_new_client_secret": "Создать новый клиентский секрет",
 	"are_you_sure_you_want_to_create_a_new_client_secret": "Вы уверены, что хотите создать новый клиентский секрет? Старый будет аннулирован.",
@@ -312,8 +312,8 @@
 	"reset": "Сбросить",
 	"reset_to_default": "Сбросить по умолчанию",
 	"profile_picture_has_been_reset": "Изображение профиля было сброшено. Обновление может занять несколько минут.",
-	"select_the_language_you_want_to_use": "Выбери язык, на котором хочешь работать. Имей в виду, что часть текста может быть переведена автоматически и может содержать неточности.",
-	"contribute_to_translation": "Если ты нашел ошибку, приглашаем тебя помочь с переводом на <link href='https://crowdin.com/project/pocket-id'>Crowdin</link>.",
+	"select_the_language_you_want_to_use": "Выберите язык, который вы хотите использовать. Обратите внимание на то, что часть текста может быть переведена автоматически и содержать неточности.",
+	"contribute_to_translation": "Если вы нашли ошибку, приглашаем вас помочь с переводом на <link href='https://crowdin.com/project/pocket-id'>Crowdin</link>.",
 	"personal": "Персональный",
 	"global": "Глобальный",
 	"all_users": "Все пользователи",
--- a/frontend/messages/zh-TW.json
+++ b/frontend/messages/zh-TW.json
@@ -65,7 +65,7 @@
 	"do_you_want_to_sign_out_of_pocketid_with_the_account": "您確定要使用帳號 <b>{username}</b> 登出 {appName} 嗎？",
 	"sign_in_to_appname": "登入 {appName}",
 	"please_try_to_sign_in_again": "請嘗試重新登入。",
-	"authenticate_with_passkey_to_access_account": "使用您的密碼進行身份驗證，以存取您的帳戶。",
+	"authenticate_with_passkey_to_access_account": "使用您的密碼金鑰進行身份驗證以存取您的帳號。",
 	"authenticate": "驗證",
 	"please_try_again": "請再試一次。",
 	"continue": "繼續",
@@ -93,7 +93,7 @@
 	"settings": "設定",
 	"update_pocket_id": "更新 Pocket ID",
 	"powered_by": "技術支援",
-	"see_your_account_activities_from_the_last_3_months": "查看您過去 3 個月的帳戶活動。",
+	"see_your_account_activities_from_the_last_3_months": "查看您過去 3 個月的帳號活動。",
 	"time": "時間",
 	"event": "事件",
 	"approximate_location": "概略位置",
@@ -103,12 +103,12 @@
 	"unknown": "未知",
 	"account_details_updated_successfully": "帳號資訊更新成功",
 	"profile_picture_updated_successfully": "個人資料圖片更新成功。 這可能會花幾分鐘更新。",
-	"account_settings": "帳戶設定",
+	"account_settings": "帳號設定",
 	"passkey_missing": "沒有密碼金鑰",
-	"please_provide_a_passkey_to_prevent_losing_access_to_your_account": "請新增密碼金鑰以避免日後無法存取您的帳戶。",
+	"please_provide_a_passkey_to_prevent_losing_access_to_your_account": "請新增密碼金鑰以避免日後無法存取您的帳號。",
 	"single_passkey_configured": "已設定一組密碼金鑰",
-	"it_is_recommended_to_add_more_than_one_passkey": "建議您新增多組密碼金鑰，以避免日後無法存取帳戶。",
-	"account_details": "帳戶詳細資料",
+	"it_is_recommended_to_add_more_than_one_passkey": "建議您新增多組密碼金鑰，以避免日後無法存取帳號。",
+	"account_details": "帳號詳細資料",
 	"passkeys": "密碼金鑰",
 	"manage_your_passkeys_that_you_can_use_to_authenticate_yourself": "管理可用於驗證身分的密碼金鑰。",
 	"add_passkey": "新增密碼金鑰",
@@ -178,7 +178,7 @@
 	"email_login_notification": "電子郵件登入通知",
 	"send_an_email_to_the_user_when_they_log_in_from_a_new_device": "使用者從新裝置登入時寄送電子郵件通知。",
 	"emai_login_code_requested_by_user": "使用者請求電子郵件登入代碼",
-	"allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "允許使用者透過要求將登入代碼傳送到他們的電子郵件，繞過密碼匙。這會大幅降低安全性，因為任何可以存取使用者電子郵件的人都可以進入。",
+	"allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "允許使用者透過要求將登入代碼傳送到他們的電子郵件以繞過密碼金鑰。這會大幅降低安全性，因為任何可以存取使用者電子郵件的人都可以獲得存取權限。",
 	"email_login_code_from_admin": "來自管理員的使用者登入代碼",
 	"allows_an_admin_to_send_a_login_code_to_the_user": "允許管理員透過電子郵件向使用者發送登入代碼。",
 	"send_test_email": "發送測試郵件",
@@ -186,7 +186,7 @@
 	"application_name": "應用程式名稱",
 	"session_duration": "登入階段有效時長",
 	"the_duration_of_a_session_in_minutes_before_the_user_has_to_sign_in_again": "使用者需重新登入前的階段時長（以分鐘為單位）。",
-	"enable_self_account_editing": "允許使用者自行編輯帳戶資訊",
+	"enable_self_account_editing": "允許使用者自行編輯帳號資訊",
 	"whether_the_users_should_be_able_to_edit_their_own_account_details": "是否允許使用者編輯自己的帳號資料。",
 	"emails_verified": "已驗證的電子郵件",
 	"whether_the_users_email_should_be_marked_as_verified_for_the_oidc_clients": "是否應將使用者的電子郵件標記為已驗證，以供 OIDC 客戶端使用。",
@@ -308,7 +308,7 @@
 	"background_image": "背景圖片",
 	"language": "語言",
 	"reset_profile_picture_question": "重設個人資料圖片？",
-	"this_will_remove_the_uploaded_image_and_reset_the_profile_picture_to_default": "這將會移除上傳的圖片，並將個人資料圖片重設為預設值。要繼續嗎？",
+	"this_will_remove_the_uploaded_image_and_reset_the_profile_picture_to_default": "這將會移除上傳的圖片，並將個人資料圖片重設為預設值。您確定要繼續嗎？",
 	"reset": "重設",
 	"reset_to_default": "重設至預設值",
 	"profile_picture_has_been_reset": "個人資料圖片已經重設。 這可能會花幾分鐘更新。",
@@ -326,8 +326,8 @@
 	"client_authorization": "客戶端授權",
 	"new_client_authorization": "新客戶端授權",
 	"disable_animations": "停用動畫",
-	"turn_off_ui_animations": "關閉整個使用者介面的動畫。",
-	"user_disabled": "帳戶已停用",
+	"turn_off_ui_animations": "關閉整個 UI 的動畫。",
+	"user_disabled": "帳號已停用",
 	"disabled_users_cannot_log_in_or_use_services": "已停用的使用者不能登入或使用服務。",
 	"user_disabled_successfully": "使用者已成功停用。",
 	"user_enabled_successfully": "使用者已成功啟用。",
@@ -348,7 +348,7 @@
 	"enter_code_displayed_in_previous_step": "請輸入上一步顯示的代碼。",
 	"authorize": "授權",
 	"federated_client_credentials": "聯邦身分",
-	"federated_client_credentials_description": "使用聯邦身分，您可以透過由第三方授權機構簽發的 JWT 權杖來驗證 OIDC 客戶端。",
+	"federated_client_credentials_description": "使用聯邦身分，您可以透過由第三方授權機構簽發的 JWT 令牌來驗證 OIDC 客戶端。",
 	"add_federated_client_credential": "增加聯邦身分",
 	"add_another_federated_client_credential": "新增另一組聯邦身分",
 	"oidc_allowed_group_count": "允許的群組數量",
@@ -361,7 +361,7 @@
 	"access_token": "存取令牌",
 	"userinfo": "使用者資訊",
 	"id_token_payload": "ID 令牌有效負載",
-	"access_token_payload": "存取權杖有效負載",
+	"access_token_payload": "存取令牌有效負載",
 	"userinfo_endpoint_response": "使用者資訊端點回應",
 	"copy": "複製",
 	"no_preview_data_available": "無預覽資料",
@@ -370,54 +370,54 @@
 	"preview_for_user": "預覽 {name} ({email})",
 	"preview_the_oidc_data_that_would_be_sent_for_this_user": "預覽將為此使用者傳送的 OIDC 資料",
 	"show": "顯示",
-	"select_an_option": "選擇選項",
+	"select_an_option": "選擇一個選項",
 	"select_user": "選擇使用者",
 	"error": "錯誤",
-	"select_an_accent_color_to_customize_the_appearance_of_pocket_id": "選擇重點顏色，自訂 Pocket ID 的外觀。",
-	"accent_color": "重點顏色",
-	"custom_accent_color": "自訂顏色",
-	"custom_accent_color_description": "使用有效的 CSS 顏色格式 (例如：hex、rgb、hsl) 輸入自訂顏色。",
+	"select_an_accent_color_to_customize_the_appearance_of_pocket_id": "選擇強調色以自訂 Pocket ID 的外觀。",
+	"accent_color": "強調色",
+	"custom_accent_color": "自訂強調色",
+	"custom_accent_color_description": "使用有效的 CSS 顏色格式（例如：hex、rgb、hsl）輸入自訂顏色。",
 	"color_value": "顏色值",
-	"apply": "申請",
-	"signup_token": "註冊代碼",
-	"create_a_signup_token_to_allow_new_user_registration": "建立註冊標記，允許新使用者註冊。",
-	"usage_limit": "使用限制",
-	"number_of_times_token_can_be_used": "註冊標記可使用的次數。",
+	"apply": "套用",
+	"signup_token": "註冊令牌",
+	"create_a_signup_token_to_allow_new_user_registration": "建立註冊令牌，允許新使用者註冊。",
+	"usage_limit": "使用次數限制",
+	"number_of_times_token_can_be_used": "註冊令牌可使用的次數。",
 	"expires": "到期",
 	"signup": "註冊",
-	"signup_requires_valid_token": "建立帳戶需要有效的註冊標記",
+	"signup_requires_valid_token": "建立帳號需要有效的註冊令牌",
 	"validating_signup_token": "驗證註冊標記",
 	"go_to_login": "前往登入",
 	"signup_to_appname": "註冊 {appName}",
-	"create_your_account_to_get_started": "建立您的帳戶即可開始使用。",
-	"initial_account_creation_description": "請先建立您的帳戶。您稍後可以設定密碼。",
-	"setup_your_passkey": "設定您的密碼",
-	"create_a_passkey_to_securely_access_your_account": "建立密碼以安全存取您的帳戶。這將是您登入的主要方式。",
+	"create_your_account_to_get_started": "建立您的帳號即可開始使用。",
+	"initial_account_creation_description": "請先建立您的帳號以開始。您稍後可以設定密碼金鑰。",
+	"setup_your_passkey": "設定您的密碼金鑰",
+	"create_a_passkey_to_securely_access_your_account": "建立密碼金鑰以安全存取您的帳號。這將是您登入的主要方式。",
 	"skip_for_now": "暫時跳過",
-	"account_created": "建立帳戶",
+	"account_created": "帳號已建立",
 	"enable_user_signups": "啟用使用者註冊",
 	"enable_user_signups_description": "是否要啟用使用者註冊功能。",
 	"user_signups_are_disabled": "使用者註冊目前已停用",
-	"create_signup_token": "建立註冊代用幣",
-	"view_active_signup_tokens": "檢視有效的註冊代碼",
-	"manage_signup_tokens": "管理註冊代碼",
-	"view_and_manage_active_signup_tokens": "檢視並管理有效的註冊代用幣。",
-	"signup_token_deleted_successfully": "註冊標記已成功刪除。",
+	"create_signup_token": "建立註冊令牌",
+	"view_active_signup_tokens": "檢視有效的註冊令牌",
+	"manage_signup_tokens": "管理註冊令牌",
+	"view_and_manage_active_signup_tokens": "檢視並管理有效的註冊令牌。",
+	"signup_token_deleted_successfully": "註冊令牌已成功刪除。",
 	"expired": "已過期",
 	"used_up": "已用完",
 	"active": "活躍",
 	"usage": "使用方式",
-	"created": "創建",
-	"token": "代幣",
+	"created": "已建立",
+	"token": "令牌",
 	"loading": "載入中",
 	"delete_signup_token": "刪除註冊令牌",
-	"are_you_sure_you_want_to_delete_this_signup_token": "您確定要刪除這個註冊標記嗎？此動作無法撤銷。",
-	"signup_disabled_description": "使用者註冊完全停用。只有管理員可以建立新的使用者帳號。",
-	"signup_with_token": "使用代碼註冊",
-	"signup_with_token_description": "使用者只能使用管理員建立的有效登入標記註冊。",
+	"are_you_sure_you_want_to_delete_this_signup_token": "您確定要刪除這個註冊令牌嗎？此動作無法撤銷。",
+	"signup_disabled_description": "使用者註冊已完全停用。只有管理員可以建立新的使用者帳號。",
+	"signup_with_token": "使用註冊令牌註冊",
+	"signup_with_token_description": "使用者只能使用管理員建立的有效登入令牌註冊。",
 	"signup_open": "開放報名",
-	"signup_open_description": "任何人都可以不受限制地建立新帳戶。",
+	"signup_open_description": "任何人都可以不受限制地建立新帳號。",
 	"of": "的",
-	"skip_passkey_setup": "跳過密碼設定",
-	"skip_passkey_setup_description": "我們強烈建議您設定通行鑰匙，因為如果沒有通行鑰匙，當會話到期時，您就會被鎖住。"
+	"skip_passkey_setup": "跳過密碼金鑰設定",
+	"skip_passkey_setup_description": "我們強烈建議您設定密碼金鑰，因為如果沒有密碼金鑰，當工作階段到期時，您就會被鎖住。"
 }
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pocket-id-frontend",
-  "version": "1.6.1",
+  "version": "1.6.3",
  "private": true,
  "type": "module",
  "scripts": {
@@ -14,8 +14,8 @@
  },
  "dependencies": {
    "@simplewebauthn/browser": "^13.1.0",
-    "@tailwindcss/vite": "^4.1.7",
-    "axios": "^1.8.2",
+    "@tailwindcss/vite": "^4.1.11",
+    "axios": "^1.10.0",
    "clsx": "^2.1.1",
    "jose": "^5.9.6",
    "qrcode": "^1.5.4",
@@ -24,37 +24,37 @@
    "zod": "^3.25.55"
  },
  "devDependencies": {
-    "@inlang/paraglide-js": "^2.0.13",
-    "@inlang/plugin-m-function-matcher": "^2.0.10",
+    "@inlang/paraglide-js": "^2.2.0",
+    "@inlang/plugin-m-function-matcher": "^2.1.0",
    "@inlang/plugin-message-format": "^4.0.0",
    "@internationalized/date": "^3.8.2",
-    "@lucide/svelte": "^0.522.0",
-    "@playwright/test": "^1.50.0",
+    "@lucide/svelte": "^0.525.0",
+    "@playwright/test": "^1.54.1",
    "@sveltejs/adapter-static": "^3.0.8",
-    "@sveltejs/kit": "^2.20.7",
-    "@sveltejs/vite-plugin-svelte": "^5.0.3",
+    "@sveltejs/kit": "^2.23.0",
+    "@sveltejs/vite-plugin-svelte": "^6.0.0",
    "@types/eslint": "^9.6.1",
    "@types/node": "^22.10.10",
    "@types/qrcode": "^1.5.5",
-    "bits-ui": "^2.8.8",
-    "eslint": "^9.19.0",
-    "eslint-config-prettier": "^10.0.1",
-    "eslint-plugin-svelte": "^2.46.1",
+    "bits-ui": "^2.8.11",
+    "eslint": "^9.31.0",
+    "eslint-config-prettier": "^10.1.5",
+    "eslint-plugin-svelte": "^3.10.1",
    "formsnap": "^2.0.1",
-    "globals": "^15.14.0",
-    "mode-watcher": "^1.0.7",
-    "prettier": "^3.4.2",
-    "prettier-plugin-svelte": "^3.3.3",
-    "prettier-plugin-tailwindcss": "^0.6.11",
-    "svelte": "^5.31.1",
-    "svelte-check": "^4.1.4",
-    "svelte-sonner": "^1.0.1",
+    "globals": "^16.3.0",
+    "mode-watcher": "^1.1.0",
+    "prettier": "^3.6.2",
+    "prettier-plugin-svelte": "^3.4.0",
+    "prettier-plugin-tailwindcss": "^0.6.14",
+    "svelte": "^5.36.0",
+    "svelte-check": "^4.2.2",
+    "svelte-sonner": "^1.0.5",
    "tailwind-variants": "^1.0.0",
-    "tailwindcss": "^4.1.7",
+    "tailwindcss": "^4.1.11",
    "tslib": "^2.8.1",
    "tw-animate-css": "^1.3.0",
-    "typescript": "^5.7.3",
-    "typescript-eslint": "^8.21.0",
-    "vite": "^6.3.4"
+    "typescript": "^5.8.3",
+    "typescript-eslint": "^8.37.0",
+    "vite": "^7.0.4"
  }
 }
--- a/frontend/src/lib/components/confirm-dialog/confirm-dialog.svelte
+++ b/frontend/src/lib/components/confirm-dialog/confirm-dialog.svelte
@@ -5,7 +5,7 @@
 </script>

 <AlertDialog.Root bind:open={$confirmDialogStore.open}>
-	<AlertDialog.Content>
+	<AlertDialog.Content class="z-9999">
 		<AlertDialog.Header>
 			<AlertDialog.Title>{$confirmDialogStore.title}</AlertDialog.Title>
 			<AlertDialog.Description>
--- a/frontend/src/lib/components/glass-row-item.svelte
+++ b/frontend/src/lib/components/glass-row-item.svelte
@@ -40,7 +40,7 @@
 			</div>
 		</div>

-		<div class="flex items-center gap-2 opacity-0 transition-opacity group-hover:opacity-100">
+		<div class="flex items-center gap-2">
 			<Tooltip.Provider>
 				<Tooltip.Root>
 					<Tooltip.Trigger>
--- a/frontend/src/lib/components/signup/signup-token-list-modal.svelte
+++ b/frontend/src/lib/components/signup/signup-token-list-modal.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-	import { page } from '$app/stores';
+	import { page } from '$app/state';
 	import AdvancedTable from '$lib/components/advanced-table.svelte';
 	import { openConfirmDialog } from '$lib/components/confirm-dialog/';
 	import { Badge, type BadgeVariant } from '$lib/components/ui/badge';
@@ -88,7 +88,7 @@
 	}

 	function copySignupLink(token: SignupTokenDto) {
-		const signupLink = `${$page.url.origin}/st/${token.token}`;
+		const signupLink = `${page.url.origin}/st/${token.token}`;
 		navigator.clipboard
 			.writeText(signupLink)
 			.then(() => {
--- a/frontend/src/routes/settings/account/locale-picker.svelte
+++ b/frontend/src/routes/settings/account/locale-picker.svelte
@@ -21,7 +21,7 @@
 		'pt-BR': 'Português brasileiro',
 		ru: 'Русский',
 		'zh-CN': '简体中文',
-		'zh-TW': '繁體中文（臺灣)'
+		'zh-TW': '繁體中文（臺灣）'
 	};

 	async function updateLocale(locale: Locale) {
--- a/frontend/src/routes/settings/admin/oidc-clients/oidc-client-list.svelte
+++ b/frontend/src/routes/settings/admin/oidc-clients/oidc-client-list.svelte
@@ -59,7 +59,7 @@
 		<Table.Cell class="w-8 font-medium">
 			{#if item.hasLogo}
 				<ImageBox
-					class="min-h-8 min-w-8"
+					class="min-h-8 min-w-8 object-contain"
 					src={cachedOidcClientLogo.getUrl(item.id)}
 					alt={m.name_logo({ name: item.name })}
 				/>
Author	SHA1	Message	Date
Kyle Mendell	68fc9c0659	release: 1.6.3	2025-07-20 22:35:35 -05:00
Kyle Mendell	2952b15755	fix: show rename and delete buttons for passkeys without hovering over the row	2025-07-20 19:09:06 -05:00
Kyle Mendell	ef1d599662	fix: use user-agent for identifying known device signins	2025-07-20 19:02:17 -05:00
Kyle Mendell	4e49d3932a	chore: upgrade dependencies (#752 )	2025-07-14 23:36:36 -05:00
Elias Schneider	86d3c08494	chore(translations): update translations via Crowdin (#750 )	2025-07-14 13:15:33 -05:00
Alessandro (Ale) Segala	7b4ccd1f30	fix: ensure user inputs are normalized (#724 ) Co-authored-by: Elias Schneider <login@eliasschneider.com>	2025-07-13 16:15:57 +00:00
Kyle Mendell	f145903eb0	chore: use correct svelte 5 syntax for signup token modal	2025-07-11 22:53:01 -05:00
Kyle Mendell	d3bc1797b6	fix: use object-contain for images on oidc-client list	2025-07-11 22:46:40 -05:00
Kyle Mendell	db94f81937	chore: use issue types for new issues	2025-07-11 22:25:11 -05:00
Kyle Mendell	b03e91b653	fix: allow passkey names up to 50 characters	2025-07-11 22:10:59 -05:00
Kyle Mendell	505bdcb8ba	release: 1.6.2	2025-07-09 16:56:34 -05:00
Kyle Mendell	f103a54790	fix: ensure confirmation dialog shows on top of other components	2025-07-09 16:50:01 -05:00
Alessandro (Ale) Segala	e1de593dcd	fix: login failures on Postgres when IP is null (#737 )	2025-07-09 08:45:07 -05:00
Elias Schneider	45f42772b1	chore(translations): update translations via Crowdin (#730 )	2025-07-07 20:06:52 -05:00
XLion	98152640b1	chore(translations): Fix inconsistent punctuation marks for the language name of zh-TW (#731 )	2025-07-07 12:54:45 +00:00
github-actions[bot]	04e235e805	chore: update AAGUIDs (#729 ) Co-authored-by: stonith404 <58886915+stonith404@users.noreply.github.com>	2025-07-06 21:04:32 -05:00
@@ -1 +1 @@
 .6.1
 .6.3