From cfa1754ab5940904ad0a48aec14a0593854fc4b9 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Wed, 8 Feb 2023 13:32:40 +0100
Subject: [PATCH 01/12] Fix warnings in akismet service

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/service/akismet.ex | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/service/akismet.ex b/lib/service/akismet.ex
index 8fb009e8e..0b1b4dc9f 100644
--- a/lib/service/akismet.ex
+++ b/lib/service/akismet.ex
@@ -192,7 +192,7 @@ defmodule Mobilizon.Service.Akismet do
       {email, ip} ->
         {preferred_username, email, ip}
 
-      err ->
+      _ ->
         {:error, :invalid_actor}
     end
   end
@@ -205,7 +205,7 @@ defmodule Mobilizon.Service.Akismet do
     {nil, preferred_username, "127.0.0.1"}
   end
 
-  defp actor_details(err) do
+  defp actor_details(_) do
     {:error, :invalid_actor}
   end
 

From 39768693c5976d885ef2affbe08b97fc5d264a21 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 16 Feb 2023 14:50:12 +0100
Subject: [PATCH 02/12] Only show report as spam/ham buttons if antispam
 feature is enabled

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/views/Moderation/ReportView.vue | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/js/src/views/Moderation/ReportView.vue b/js/src/views/Moderation/ReportView.vue
index b44bbb6e2..221d88824 100644
--- a/js/src/views/Moderation/ReportView.vue
+++ b/js/src/views/Moderation/ReportView.vue
@@ -46,6 +46,7 @@
         >{{ t("Close") }}</o-button
       >
       <o-button
+        v-if="antispamEnabled"
         outlined
         @click="reportToAntispam(true)"
         variant="text"
@@ -53,6 +54,7 @@
         >{{ t("Report as spam") }}</o-button
       >
       <o-button
+        v-if="antispamEnabled"
         outlined
         @click="reportToAntispam(false)"
         variant="text"

From 2ee329ff7b20357de4134632a3a8bb16cbf5621a Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Wed, 15 Feb 2023 19:31:23 +0100
Subject: [PATCH 03/12] Introduce application tokens

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .sobelow-skips                                |  18 +-
 js/src/components/Settings/SettingsMenu.vue   |   4 +
 js/src/graphql/application.ts                 |  55 ++++
 js/src/i18n/en_US.json                        |   6 +-
 js/src/i18n/fr_FR.json                        |   6 +-
 js/src/router/settings.ts                     |  13 +
 js/src/router/user.ts                         |  12 +
 js/src/types/application.model.ts             |  15 +
 js/src/types/current-user.model.ts            |   2 +
 js/src/views/OAuth/AuthorizeView.vue          | 191 +++++++++++++
 js/src/views/Settings/AppsView.vue            | 138 ++++++++++
 lib/graphql/resolvers/application.ex          |  92 +++++++
 lib/graphql/schema.ex                         |   3 +
 lib/graphql/schema/auth_application.ex        |  61 +++++
 lib/graphql/schema/user.ex                    |   7 +-
 lib/mobilizon/applications.ex                 | 258 ++++++++++++++++++
 lib/mobilizon/applications/application.ex     |  32 +++
 .../applications/application_token.ex         |  26 ++
 lib/service/auth/applications.ex              | 130 +++++++++
 lib/service/auth/authenticator.ex             |  21 +-
 lib/web/auth/context.ex                       |  50 +++-
 lib/web/auth/guardian.ex                      |  30 +-
 lib/web/channels/graphql_socket.ex            |  34 ++-
 lib/web/controllers/application_controller.ex | 130 +++++++++
 lib/web/controllers/page_controller.ex        |   3 +
 lib/web/router.ex                             |   5 +
 .../20230208101626_create_applications.exs    |  20 ++
 ...230215125801_create_application_tokens.exs |  14 +
 test/mobilizon/applications_test.exs          | 146 ++++++++++
 .../support/fixtures/applications_fixtures.ex |  43 +++
 30 files changed, 1533 insertions(+), 32 deletions(-)
 create mode 100644 js/src/graphql/application.ts
 create mode 100644 js/src/types/application.model.ts
 create mode 100644 js/src/views/OAuth/AuthorizeView.vue
 create mode 100644 js/src/views/Settings/AppsView.vue
 create mode 100644 lib/graphql/resolvers/application.ex
 create mode 100644 lib/graphql/schema/auth_application.ex
 create mode 100644 lib/mobilizon/applications.ex
 create mode 100644 lib/mobilizon/applications/application.ex
 create mode 100644 lib/mobilizon/applications/application_token.ex
 create mode 100644 lib/service/auth/applications.ex
 create mode 100644 lib/web/controllers/application_controller.ex
 create mode 100644 priv/repo/migrations/20230208101626_create_applications.exs
 create mode 100644 priv/repo/migrations/20230215125801_create_application_tokens.exs
 create mode 100644 test/mobilizon/applications_test.exs
 create mode 100644 test/support/fixtures/applications_fixtures.ex

diff --git a/.sobelow-skips b/.sobelow-skips
index 3eabeecae..91f6f52c7 100644
--- a/.sobelow-skips
+++ b/.sobelow-skips
@@ -13,4 +13,20 @@ B9AF8A342CD7FF39E10CC10A408C28E1
 C042E87389F7BDCFF4E076E95731AE69
 C42BFAEF7100F57BED75998B217C857A
 D11958E86F1B6D37EF656B63405CA8A4
-F16F054F2628609A726B9FF2F089D484
\ No newline at end of file
+F16F054F2628609A726B9FF2F089D484
+26E816A7B054CB0347A2C6451F03B92B
+2B76BDDB2BB4D36D69FAE793EBD63894
+301A837DE24C6AEE1DA812DF9E5486C1
+395A2740CB468F93F6EBE6E90EE08291
+4013C9866943B9381D9F9F97027F88A9
+4C796DD588A4B1C98E86BBCD0349949A
+51289D8D7BDB59CB6473E0DED0591ED7
+5A70DC86895DB3610C605EA9F31ED300
+705C17F9C852F546D886B20DB2C4D0D1
+75D2074B6F771BA8C032008EC18CABDF
+7B1C6E35A374C38FF5F07DBF23B3EAE2
+955ACF52ADD8FCAA450FB8138CB1FD1A
+A092A563729E1F2C1C8D5D809A31F754
+BFA12FDEDEAD7DEAB6D44DF6FDFBD5E1
+D9A08930F140F9BA494BB90B3F812C87
+FE1EEB91EA633570F703B251AE2D4D4E
\ No newline at end of file
diff --git a/js/src/components/Settings/SettingsMenu.vue b/js/src/components/Settings/SettingsMenu.vue
index 90e3ecbb9..6064f762b 100644
--- a/js/src/components/Settings/SettingsMenu.vue
+++ b/js/src/components/Settings/SettingsMenu.vue
@@ -17,6 +17,10 @@
           :title="t('Notifications')"
           :to="{ name: RouteName.NOTIFICATIONS }"
         />
+        <SettingMenuItem
+          :title="t('Apps')"
+          :to="{ name: RouteName.AUTHORIZED_APPS }"
+        />
       </SettingMenuSection>
       <SettingMenuSection
         :title="t('Profiles')"
diff --git a/js/src/graphql/application.ts b/js/src/graphql/application.ts
new file mode 100644
index 000000000..11e9849b9
--- /dev/null
+++ b/js/src/graphql/application.ts
@@ -0,0 +1,55 @@
+import gql from "graphql-tag";
+
+export const AUTH_APPLICATION = gql`
+  query AuthApplication($clientId: String!) {
+    authApplication(clientId: $clientId) {
+      clientId
+      name
+      website
+    }
+  }
+`;
+
+export const AUTORIZE_APPLICATION = gql`
+  mutation AuthorizeApplication(
+    $applicationClientId: String!
+    $redirectURI: String!
+    $state: String
+    $scope: String
+  ) {
+    authorizeApplication(
+      clientId: $applicationClientId
+      redirectURI: $redirectURI
+      state: $state
+      scope: $scope
+    ) {
+      code
+      state
+    }
+  }
+`;
+
+export const AUTH_AUTHORIZED_APPLICATIONS = gql`
+  query AuthAuthorizedApplications {
+    loggedUser {
+      id
+      authAuthorizedApplications {
+        id
+        application {
+          name
+          website
+        }
+        lastUsedAt
+        insertedAt
+      }
+    }
+  }
+`;
+
+export const REVOKED_AUTHORIZED_APPLICATION = gql`
+  mutation RevokeApplicationToken($appTokenId: String!) {
+    revokeApplicationToken(appTokenId: $appTokenId) {
+      id
+    }
+  }
+`;
diff --git a/js/src/i18n/en_US.json b/js/src/i18n/en_US.json
index 9418cffaa..d14808ad9 100644
--- a/js/src/i18n/en_US.json
+++ b/js/src/i18n/en_US.json
@@ -1453,5 +1453,9 @@
   "Report as ham": "Report as ham",
   "Report as undetected spam": "Report as undetected spam",
   "The report contents (eventual comments and event) and the reported profile details will be transmitted to Akismet.": "The report contents (eventual comments and event) and the reported profile details will be transmitted to Akismet.",
-  "Submit to Akismet": "Submit to Akismet"
+  "Submit to Akismet": "Submit to Akismet",
+  "Autorize this application to access your account?": "Autorize this application to access your account?",
+  "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust.": "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust.",
+  "Authorize application": "Authorize application",
+  "Authorize": "Authorize"
 }
\ No newline at end of file
diff --git a/js/src/i18n/fr_FR.json b/js/src/i18n/fr_FR.json
index f287be92e..90ad97cb1 100644
--- a/js/src/i18n/fr_FR.json
+++ b/js/src/i18n/fr_FR.json
@@ -1451,5 +1451,9 @@
   "{username} was invited to {group}": "{username} a été invité à {group}",
   "{user}'s follow request was accepted": "La demande de suivi de {user} a été acceptée",
   "{user}'s follow request was rejected": "La demande de suivi de {user} a été rejetée",
-  "© The OpenStreetMap Contributors": "© Les Contributeur⋅ices OpenStreetMap"
+  "© The OpenStreetMap Contributors": "© Les Contributeur⋅ices OpenStreetMap",
+  "Autorize this application to access your account?": "Autoriser cette application à accéder à votre compte ?",
+  "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust.": "Cette application sera capable d'accéder à toutes vos informations et poster du contenu en votre nom. Assurez-vous d'approuver uniquement des applications en lesquelles vous avez confiance.",
+  "Authorize application": "Autoriser l'application",
+  "Authorize": "Autoriser"
 }
diff --git a/js/src/router/settings.ts b/js/src/router/settings.ts
index 8e49755e2..acd5caaf2 100644
--- a/js/src/router/settings.ts
+++ b/js/src/router/settings.ts
@@ -27,6 +27,7 @@ export enum SettingsRouteName {
   CREATE_IDENTITY = "CreateIdentity",
   UPDATE_IDENTITY = "UpdateIdentity",
   IDENTITIES = "IDENTITIES",
+  AUTHORIZED_APPS = "AUTHORIZED_APPS",
 }
 
 export const settingsRoutes: RouteRecordRaw[] = [
@@ -84,6 +85,18 @@ export const settingsRoutes: RouteRecordRaw[] = [
           },
         },
       },
+      {
+        path: "authorized-apps",
+        name: SettingsRouteName.AUTHORIZED_APPS,
+        component: (): Promise<any> => import("@/views/Settings/AppsView.vue"),
+        props: true,
+        meta: {
+          requiredAuth: true,
+          announcer: {
+            message: (): string => t("Apps") as string,
+          },
+        },
+      },
       {
         path: "admin",
         name: SettingsRouteName.ADMIN,
diff --git a/js/src/router/user.ts b/js/src/router/user.ts
index 85a1dd96b..612c4cce6 100644
--- a/js/src/router/user.ts
+++ b/js/src/router/user.ts
@@ -13,6 +13,7 @@ export enum UserRouteName {
   EMAIL_VALIDATE = "EMAIL_VALIDATE",
   VALIDATE = "Validate",
   LOGIN = "Login",
+  OAUTH_AUTORIZE = "OAUTH_AUTORIZE",
 }
 
 export const userRoutes: RouteRecordRaw[] = [
@@ -108,4 +109,15 @@ export const userRoutes: RouteRecordRaw[] = [
       announcer: { message: (): string => t("Login") as string },
     },
   },
+  {
+    path: "/oauth/autorize_approve",
+    name: UserRouteName.OAUTH_AUTORIZE,
+    component: (): Promise<any> => import("@/views/OAuth/AuthorizeView.vue"),
+    meta: {
+      requiredAuth: true,
+      announcer: {
+        message: (): string => t("Authorize application") as string,
+      },
+    },
+  },
 ];
diff --git a/js/src/types/application.model.ts b/js/src/types/application.model.ts
new file mode 100644
index 000000000..c473a370d
--- /dev/null
+++ b/js/src/types/application.model.ts
@@ -0,0 +1,15 @@
+export interface IApplication {
+  name: string;
+  clientId: string;
+  clientSecret?: string;
+  redirectUris?: string;
+  scopes: string | null;
+  website: string | null;
+}
+
+export interface IApplicationToken {
+  id: string;
+  application: IApplication;
+  lastUsedAt: string;
+  insertedAt: string;
+}
diff --git a/js/src/types/current-user.model.ts b/js/src/types/current-user.model.ts
index 4c4e57cd9..33504ecf2 100644
--- a/js/src/types/current-user.model.ts
+++ b/js/src/types/current-user.model.ts
@@ -7,6 +7,7 @@ import { IFollowedGroupEvent } from "./followedGroupEvent.model";
 import { PictureInformation } from "./picture";
 import { IMember } from "./actor/member.model";
 import { IFeedToken } from "./feedtoken.model";
+import { IApplicationToken } from "./application.model";
 
 export interface ICurrentUser {
   id: string;
@@ -66,4 +67,5 @@ export interface IUser extends ICurrentUser {
   currentSignInAt: string;
   memberships: Paginate<IMember>;
   feedTokens: IFeedToken[];
+  authAuthorizedApplications: IApplicationToken[];
 }
diff --git a/js/src/views/OAuth/AuthorizeView.vue b/js/src/views/OAuth/AuthorizeView.vue
new file mode 100644
index 000000000..618ce49eb
--- /dev/null
+++ b/js/src/views/OAuth/AuthorizeView.vue
@@ -0,0 +1,191 @@
+<template>
+  <div class="container mx-auto w-96">
+    <div v-show="authApplicationLoading && !resultCode">
+      <o-skeleton active size="large" class="mt-6" />
+      <o-skeleton active width="80%" />
+      <div
+        class="rounded-lg bg-mbz-warning shadow-xl my-6 p-4 flex items-center gap-2"
+      >
+        <div>
+          <o-skeleton circle active width="42px" height="42px" />
+        </div>
+        <div class="w-full">
+          <o-skeleton active />
+          <o-skeleton active />
+          <o-skeleton active />
+        </div>
+      </div>
+      <div class="rounded-lg bg-white shadow-xl my-6">
+        <div class="p-4 pb-0">
+          <p class="text-3xl"><o-skeleton active size="large" /></p>
+          <o-skeleton active width="40%" />
+        </div>
+        <div class="flex gap-3 p-4">
+          <o-skeleton active />
+          <o-skeleton active />
+        </div>
+      </div>
+    </div>
+    <div
+      v-show="!authApplicationLoading && !authApplicationError && !resultCode"
+    >
+      <h1 class="text-3xl">
+        {{ t("Autorize this application to access your account?") }}
+      </h1>
+
+      <div
+        class="rounded-lg bg-mbz-warning shadow-xl my-6 p-4 flex items-center gap-2"
+      >
+        <AlertCircle :size="42" />
+        <p>
+          {{
+            t(
+              "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
+            )
+          }}
+        </p>
+      </div>
+
+      <div class="rounded-lg bg-white shadow-xl my-6">
+        <div class="p-4 pb-0">
+          <p class="text-3xl font-bold">{{ authApplication?.name }}</p>
+          <p>{{ authApplication?.website }}</p>
+        </div>
+        <div class="flex gap-3 p-4">
+          <o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
+          <o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
+            t("Decline")
+          }}</o-button>
+        </div>
+      </div>
+    </div>
+    <div v-show="authApplicationError">
+      <div
+        class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
+        v-if="authApplicationGraphError?.status_code === 404"
+      >
+        <AlertCircle :size="42" />
+        <div>
+          <p class="font-bold">
+            {{ t("Application not found") }}
+          </p>
+          <p>{{ t("The provided application was not found.") }}</p>
+        </div>
+      </div>
+      <o-button
+        variant="text"
+        tag="router-link"
+        :to="{ name: RouteName.HOME }"
+        >{{ t("Back to homepage") }}</o-button
+      >
+    </div>
+    <div
+      v-if="resultCode"
+      class="rounded-lg bg-white shadow-xl my-6 p-4 flex items-center gap-2"
+    >
+      <div>
+        <p class="font-bold">
+          {{ t("Your application code") }}
+        </p>
+        <p>
+          {{
+            t(
+              "You need to provide the following code to your application. It will only be valid for a few minutes."
+            )
+          }}
+        </p>
+        <p class="text-4xl">{{ resultCode }}</p>
+      </div>
+    </div>
+    <o-button variant="text" tag="router-link" :to="{ name: RouteName.HOME }">{{
+      t("Back to homepage")
+    }}</o-button>
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { useRouteQuery } from "vue-use-route-query";
+import { useHead } from "@vueuse/head";
+import { computed, ref } from "vue";
+import { useI18n } from "vue-i18n";
+import { useMutation, useQuery } from "@vue/apollo-composable";
+import { AUTH_APPLICATION, AUTORIZE_APPLICATION } from "@/graphql/application";
+import { IApplication } from "@/types/application.model";
+import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
+import type { AbsintheGraphQLError } from "@/types/errors.model";
+import RouteName from "@/router/name";
+
+const { t } = useI18n({ useScope: "global" });
+
+const clientId = useRouteQuery("client_id", null);
+const redirectURI = useRouteQuery("redirect_uri", null);
+const state = useRouteQuery("state", null);
+const scope = useRouteQuery("scope", null);
+
+const OUT_OF_BAND_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+const resultCode = ref<string | null>(null);
+
+const {
+  result: authApplicationResult,
+  loading: authApplicationLoading,
+  error: authApplicationError,
+} = useQuery<{ authApplication: IApplication }, { clientId: string }>(
+  AUTH_APPLICATION,
+  () => ({
+    clientId: clientId.value as string,
+  }),
+  () => ({
+    enabled: clientId.value !== null,
+  })
+);
+
+const authApplication = computed(
+  () => authApplicationResult.value?.authApplication
+);
+
+const authApplicationGraphError = computed(
+  () => authApplicationError.value?.graphQLErrors[0] as AbsintheGraphQLError
+);
+
+const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
+  useMutation<
+    { authorizeApplication: { code: string; state: string } },
+    {
+      applicationClientId: string;
+      redirectURI: string;
+      state?: string | null;
+      scope?: string | null;
+    }
+  >(AUTORIZE_APPLICATION);
+
+const authorize = () => {
+  authorizeMutation({
+    applicationClientId: clientId.value as string,
+    redirectURI: redirectURI.value as string,
+    state: state.value,
+    scope: scope.value,
+  });
+};
+
+onAuthorizeMutationDone(({ data }) => {
+  const code = data?.authorizeApplication?.code;
+  const returnedState = data?.authorizeApplication?.state ?? "";
+
+  if (!code) return;
+
+  if (redirectURI.value !== OUT_OF_BAND_REDIRECT_URI) {
+    const params = new URLSearchParams(
+      Object.entries({ code, state: returnedState })
+    );
+    window.location.assign(
+      new URL(`${redirectURI.value}?${params.toString()}`)
+    );
+    return;
+  }
+  resultCode.value = code;
+});
+
+useHead({
+  title: computed(() => t("Authorize application")),
+});
+</script>
diff --git a/js/src/views/Settings/AppsView.vue b/js/src/views/Settings/AppsView.vue
new file mode 100644
index 000000000..35ef4ccf2
--- /dev/null
+++ b/js/src/views/Settings/AppsView.vue
@@ -0,0 +1,138 @@
+<template>
+  <div v-if="loggedUser">
+    <breadcrumbs-nav
+      :links="[
+        {
+          name: RouteName.AUTHORIZED_APPS,
+          text: t('Apps'),
+        },
+        {
+          name: RouteName.ACCOUNT_SETTINGS_GENERAL,
+          text: t('General'),
+        },
+      ]"
+    />
+    <section>
+      <h2>{{ t("Apps") }}</h2>
+      <p>
+        {{
+          t(
+            "These apps can access your account through the API. If you see here apps that you don't recognize, that don't work as expected or that you don't use anymore, you can revoke their access."
+          )
+        }}
+      </p>
+      <div
+        class="flex justify-between items-center rounded-lg bg-white shadow-xl my-6"
+        v-for="authAuthorizedApplication in authAuthorizedApplications"
+        :key="authAuthorizedApplication.id"
+      >
+        <div class="p-4">
+          <p class="text-3xl font-bold">
+            {{ authAuthorizedApplication.application.name }}
+          </p>
+          <a
+            v-if="authAuthorizedApplication.application.website"
+            target="_blank"
+            :href="authAuthorizedApplication.application.website"
+            >{{
+              urlToHostname(authAuthorizedApplication.application.website)
+            }}</a
+          >
+          <p>
+            <span v-if="authAuthorizedApplication.lastUsedAt">{{
+              t("Last used on {last_used_date}", {
+                last_used_date: formatDateString(
+                  authAuthorizedApplication.lastUsedAt
+                ),
+              })
+            }}</span>
+            <span v-else>{{ t("Never used") }}</span> ⋅
+            {{
+              t("Authorized on {authorization_date}", {
+                authorization_date: formatDateString(
+                  authAuthorizedApplication.insertedAt
+                ),
+              })
+            }}
+          </p>
+        </div>
+        <div class="p-4">
+          <o-button
+            @click="() => revoke({ appTokenId: authAuthorizedApplication.id })"
+            variant="danger"
+            >{{ t("Revoke") }}</o-button
+          >
+        </div>
+      </div>
+    </section>
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { useLoggedUser } from "@/composition/apollo/user";
+import {
+  AUTH_AUTHORIZED_APPLICATIONS,
+  REVOKED_AUTHORIZED_APPLICATION,
+} from "@/graphql/application";
+import { useMutation, useQuery } from "@vue/apollo-composable";
+import { useHead } from "@vueuse/head";
+import { computed } from "vue";
+import { useI18n } from "vue-i18n";
+import RouteName from "../../router/name";
+import { IUser } from "@/types/current-user.model";
+import { formatDateString } from "@/filters/datetime";
+
+const { t } = useI18n({ useScope: "global" });
+
+const { loggedUser } = useLoggedUser();
+
+const { result: authAuthorizedApplicationsResult } = useQuery<{
+  loggedUser: Pick<IUser, "authAuthorizedApplications">;
+}>(AUTH_AUTHORIZED_APPLICATIONS);
+
+const authAuthorizedApplications = computed(
+  () =>
+    authAuthorizedApplicationsResult.value?.loggedUser
+      ?.authAuthorizedApplications
+);
+
+const urlToHostname = (url: string | undefined): string | null => {
+  if (!url) return null;
+  try {
+    return new URL(url).hostname;
+  } catch (e) {
+    return null;
+  }
+};
+
+const { mutate: revoke, onDone: onRevokedApplication } = useMutation<
+  { revokeApplicationToken: { id: string } },
+  { appTokenId: string }
+>(REVOKED_AUTHORIZED_APPLICATION, {
+  update: (cache, { data: returnedData }) => {
+    const data = cache.readQuery<{
+      loggedUser: Pick<IUser, "authAuthorizedApplications">;
+    }>({ query: AUTH_AUTHORIZED_APPLICATIONS });
+    if (!data) return;
+    if (!returnedData) return;
+    const authorizedApplications =
+      data.loggedUser.authAuthorizedApplications.filter(
+        (app) => app.id !== returnedData.revokeApplicationToken.id
+      );
+    cache.writeQuery({
+      query: AUTH_AUTHORIZED_APPLICATIONS,
+      data: {
+        ...data,
+        loggedUser: {
+          ...data.loggedUser,
+          authAuthorizedApplications: authorizedApplications,
+        },
+      },
+    });
+  },
+});
+
+useHead({
+  title: computed(() => t("Apps")),
+});
+</script>
diff --git a/lib/graphql/resolvers/application.ex b/lib/graphql/resolvers/application.ex
new file mode 100644
index 000000000..a546148d9
--- /dev/null
+++ b/lib/graphql/resolvers/application.ex
@@ -0,0 +1,92 @@
+defmodule Mobilizon.GraphQL.Resolvers.Application do
+  @moduledoc """
+  Handles the Application-related GraphQL calls.
+  """
+
+  alias Mobilizon.Applications, as: ApplicationManager
+  alias Mobilizon.Applications.{Application, ApplicationToken}
+  alias Mobilizon.Service.Auth.Applications
+  alias Mobilizon.Users.User
+  import Mobilizon.Web.Gettext, only: [dgettext: 2]
+
+  require Logger
+
+  @doc """
+  Create an application
+  """
+  @spec authorize(any(), map(), Absinthe.Resolution.t()) :: {:ok, map()} | {:error, String.t()}
+  def authorize(
+        _parent,
+        %{client_id: client_id, redirect_uri: redirect_uri, scope: scope, state: state},
+        %{context: %{current_user: %User{id: user_id}}}
+      ) do
+    case Applications.autorize(client_id, redirect_uri, scope, user_id) do
+      {:ok, code} ->
+        {:ok, %{code: code, state: state}}
+
+      {:error, :application_not_found} ->
+        {:error,
+         dgettext(
+           "errors",
+           "No application with this client_id was found"
+         )}
+
+      {:error, :redirect_uri_not_in_allowed} ->
+        {:error,
+         dgettext(
+           "errors",
+           "The given redirect_uri is not in the list of allowed redirect URIs"
+         )}
+    end
+  end
+
+  def authorize(_parent, _args, _context) do
+    {:error, dgettext("errors", "You need to be logged-in to autorize applications")}
+  end
+
+  @spec get_application(any(), map(), Absinthe.Resolution.t()) ::
+          {:ok, Application.t()} | {:error, :not_found | :unauthenticated}
+  def get_application(_parent, %{client_id: client_id}, %{context: %{current_user: %User{}}}) do
+    case ApplicationManager.get_application_by_client_id(client_id) do
+      %Application{} = application ->
+        {:ok, application}
+
+      nil ->
+        {:error, :not_found}
+    end
+  end
+
+  def get_application(_parent, _args, _resolution) do
+    {:error, :unauthenticated}
+  end
+
+  def get_user_applications(_parent, _args, %{context: %{current_user: %User{id: user_id}}}) do
+    {:ok, ApplicationManager.list_application_tokens_for_user_id(user_id)}
+  end
+
+  def get_user_applications(_parent, _args, _resolution) do
+    {:error, :unauthenticated}
+  end
+
+  def revoke_application_token(_parent, %{app_token_id: app_token_id}, %{
+        context: %{current_user: %User{id: user_id}}
+      }) do
+    case ApplicationManager.get_application_token(app_token_id) do
+      %ApplicationToken{user_id: ^user_id} = app_token ->
+        case Applications.revoke_application_token(app_token) do
+          {:ok, %{delete_app_token: app_token, delete_guardian_tokens: _delete_guardian_tokens}} ->
+            {:ok, %{id: app_token.id}}
+
+          {:error, _, _, _} ->
+            {:error, dgettext("errors", "Error while revoking token")}
+        end
+
+      _ ->
+        {:error, :not_found}
+    end
+  end
+
+  def revoke_application_token(_parent, _args, _resolution) do
+    {:error, :unauthenticated}
+  end
+end
diff --git a/lib/graphql/schema.ex b/lib/graphql/schema.ex
index 8306808d1..0756b5637 100644
--- a/lib/graphql/schema.ex
+++ b/lib/graphql/schema.ex
@@ -53,6 +53,7 @@ defmodule Mobilizon.GraphQL.Schema do
   import_types(Schema.Users.PushSubscription)
   import_types(Schema.Users.ActivitySetting)
   import_types(Schema.FollowedGroupActivityType)
+  import_types(Schema.AuthApplicationType)
 
   @desc "A struct containing the id of the deleted object"
   object :deleted_object do
@@ -161,6 +162,7 @@ defmodule Mobilizon.GraphQL.Schema do
     import_fields(:resource_queries)
     import_fields(:post_queries)
     import_fields(:statistics_queries)
+    import_fields(:auth_application_queries)
   end
 
   @desc """
@@ -187,6 +189,7 @@ defmodule Mobilizon.GraphQL.Schema do
     import_fields(:follower_mutations)
     import_fields(:push_mutations)
     import_fields(:activity_setting_mutations)
+    import_fields(:auth_application_mutations)
   end
 
   @desc """
diff --git a/lib/graphql/schema/auth_application.ex b/lib/graphql/schema/auth_application.ex
new file mode 100644
index 000000000..5cdda92a3
--- /dev/null
+++ b/lib/graphql/schema/auth_application.ex
@@ -0,0 +1,61 @@
+defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
+  @moduledoc """
+  Schema representation for an auth application
+  """
+  use Absinthe.Schema.Notation
+  alias Mobilizon.GraphQL.Resolvers.Application
+
+  @desc "An application"
+  object :auth_application do
+    field(:name, :string)
+    field(:client_id, :string)
+    field(:scopes, :string)
+    field(:website, :string)
+  end
+
+  @desc "An application"
+  object :auth_application_token do
+    field(:id, :id)
+    field(:inserted_at, :string)
+    field(:last_used_at, :string)
+    field(:application, :auth_application)
+  end
+
+  @desc "The informations returned after authorization"
+  object :application_code_and_state do
+    field(:code, :string)
+    field(:state, :string)
+  end
+
+  object :auth_application_queries do
+    @desc "Get an application"
+    field :auth_application, :auth_application do
+      arg(:client_id, non_null(:string), description: "The application's client_id")
+      resolve(&Application.get_application/3)
+    end
+  end
+
+  object :auth_application_mutations do
+    @desc "Authorize an application"
+    field :authorize_application, :application_code_and_state do
+      arg(:client_id, non_null(:string), description: "The application's client_id")
+
+      arg(:redirect_uri, non_null(:string),
+        description: "The URI to redirect to with the code and state"
+      )
+
+      arg(:scope, :string, description: "The scope for the authorization")
+
+      arg(:state, :string,
+        description: "A state parameter to check that the request wasn't altered"
+      )
+
+      resolve(&Application.authorize/3)
+    end
+
+    field :revoke_application_token, :deleted_object do
+      arg(:app_token_id, non_null(:string), description: "The application token's ID")
+      resolve(&Application.revoke_application_token/3)
+    end
+  end
+end
diff --git a/lib/graphql/schema/user.ex b/lib/graphql/schema/user.ex
index ce139cf97..f49301442 100644
--- a/lib/graphql/schema/user.ex
+++ b/lib/graphql/schema/user.ex
@@ -7,7 +7,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
   import Absinthe.Resolution.Helpers, only: [dataloader: 2]
 
   alias Mobilizon.Events
-  alias Mobilizon.GraphQL.Resolvers.{Media, User}
+  alias Mobilizon.GraphQL.Resolvers.{Application, Media, User}
   alias Mobilizon.GraphQL.Resolvers.Users.ActivitySettings
   alias Mobilizon.GraphQL.Schema
 
@@ -161,6 +161,11 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       resolve: &ActivitySettings.user_activity_settings/3,
       description: "The user's activity settings"
     )
+
+    field(:auth_authorized_applications, list_of(:auth_application_token),
+      resolve: &Application.get_user_applications/3,
+      description: "The user's authorized authentication apps"
+    )
   end
 
   @desc "The list of roles an user can have"
diff --git a/lib/mobilizon/applications.ex b/lib/mobilizon/applications.ex
new file mode 100644
index 000000000..b0df25395
--- /dev/null
+++ b/lib/mobilizon/applications.ex
@@ -0,0 +1,258 @@
+defmodule Mobilizon.Applications do
+  @moduledoc """
+  The Applications context.
+  """
+
+  import Ecto.Query, warn: false
+  alias Ecto.Multi
+  alias Mobilizon.Applications.Application
+  alias Mobilizon.Storage.Repo
+
+  @doc """
+  Returns the list of applications.
+
+  ## Examples
+
+      iex> list_applications()
+      [%Application{}, ...]
+
+  """
+  def list_applications do
+    Repo.all(Application)
+  end
+
+  @doc """
+  Gets a single application.
+
+  Raises `Ecto.NoResultsError` if the Application does not exist.
+
+  ## Examples
+
+      iex> get_application!(123)
+      %Application{}
+
+      iex> get_application!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_application!(id), do: Repo.get!(Application, id)
+
+  @doc """
+  Gets a single application.
+
+  Returns nil if the Application does not exist.
+
+  ## Examples
+
+      iex> get_application_by_client_id(123)
+      %Application{}
+
+      iex> get_application_by_client_id(456)
+      nil
+
+  """
+  def get_application_by_client_id(client_id), do: Repo.get_by(Application, client_id: client_id)
+
+  @doc """
+  Creates a application.
+
+  ## Examples
+
+      iex> create_application(%{field: value})
+      {:ok, %Application{}}
+
+      iex> create_application(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_application(attrs \\ %{}) do
+    %Application{}
+    |> Application.changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a application.
+
+  ## Examples
+
+      iex> update_application(application, %{field: new_value})
+      {:ok, %Application{}}
+
+      iex> update_application(application, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_application(%Application{} = application, attrs) do
+    application
+    |> Application.changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a application.
+
+  ## Examples
+
+      iex> delete_application(application)
+      {:ok, %Application{}}
+
+      iex> delete_application(application)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_application(%Application{} = application) do
+    Repo.delete(application)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking application changes.
+
+  ## Examples
+
+      iex> change_application(application)
+      %Ecto.Changeset{data: %Application{}}
+
+  """
+  def change_application(%Application{} = application, attrs \\ %{}) do
+    Application.changeset(application, attrs)
+  end
+
+  alias Mobilizon.Applications.ApplicationToken
+
+  @doc """
+  Returns the list of application_tokens.
+
+  ## Examples
+
+      iex> list_application_tokens()
+      [%ApplicationToken{}, ...]
+
+  """
+  def list_application_tokens do
+    Repo.all(ApplicationToken)
+  end
+
+  @doc """
+  Returns the list of application tokens for a given user_id
+  """
+  def list_application_tokens_for_user_id(user_id) do
+    ApplicationToken
+    |> where(user_id: ^user_id)
+    |> where([at], is_nil(at.authorization_code))
+    |> preload(:application)
+    |> Repo.all()
+  end
+
+  @doc """
+  Gets a single application_token.
+
+  Raises `Ecto.NoResultsError` if the Application token does not exist.
+
+  ## Examples
+
+      iex> get_application_token!(123)
+      %ApplicationToken{}
+
+      iex> get_application_token!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_application_token!(id), do: Repo.get!(ApplicationToken, id)
+
+  @doc """
+  Gets a single application_token.
+
+  ## Examples
+
+      iex> get_application_token(123)
+      %ApplicationToken{}
+
+      iex> get_application_token(456)
+      nil
+
+  """
+  def get_application_token(application_token_id),
+    do: Repo.get(ApplicationToken, application_token_id)
+
+  def get_application_token(app_id, user_id),
+    do: Repo.get_by(ApplicationToken, application_id: app_id, user_id: user_id)
+
+  def get_application_token_by_authorization_code(code),
+    do: Repo.get_by(ApplicationToken, authorization_code: code)
+
+  @doc """
+  Creates a application_token.
+
+  ## Examples
+
+      iex> create_application_token(%{field: value})
+      {:ok, %ApplicationToken{}}
+
+      iex> create_application_token(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_application_token(attrs \\ %{}) do
+    %ApplicationToken{}
+    |> ApplicationToken.changeset(attrs)
+    |> Repo.insert(on_conflict: :replace_all, conflict_target: [:user_id, :application_id])
+  end
+
+  @doc """
+  Updates a application_token.
+
+  ## Examples
+
+      iex> update_application_token(application_token, %{field: new_value})
+      {:ok, %ApplicationToken{}}
+
+      iex> update_application_token(application_token, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_application_token(%ApplicationToken{} = application_token, attrs) do
+    application_token
+    |> ApplicationToken.changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a application_token.
+
+  ## Examples
+
+      iex> delete_application_token(application_token)
+      {:ok, %ApplicationToken{}}
+
+      iex> delete_application_token(application_token)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_application_token(%ApplicationToken{} = application_token) do
+    Repo.delete(application_token)
+  end
+
+  def revoke_application_token(%ApplicationToken{id: app_token_id} = application_token) do
+    Multi.new()
+    |> Multi.delete_all(
+      :delete_guardian_tokens,
+      from(gt in "guardian_tokens", where: gt.sub == ^"AppToken:#{app_token_id}")
+    )
+    |> Multi.delete(:delete_app_token, application_token)
+    |> Repo.transaction()
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking application_token changes.
+
+  ## Examples
+
+      iex> change_application_token(application_token)
+      %Ecto.Changeset{data: %ApplicationToken{}}
+
+  """
+  def change_application_token(%ApplicationToken{} = application_token, attrs \\ %{}) do
+    ApplicationToken.changeset(application_token, attrs)
+  end
+end
diff --git a/lib/mobilizon/applications/application.ex b/lib/mobilizon/applications/application.ex
new file mode 100644
index 000000000..df155125d
--- /dev/null
+++ b/lib/mobilizon/applications/application.ex
@@ -0,0 +1,32 @@
+defmodule Mobilizon.Applications.Application do
+  @moduledoc """
+  Module representing an application
+  """
+
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  @required_attrs [:name, :client_id, :client_secret, :redirect_uris]
+  @optional_attrs [:scopes, :website, :owner_type, :owner_id]
+  @attrs @required_attrs ++ @optional_attrs
+
+  schema "applications" do
+    field(:name, :string)
+    field(:client_id, :string)
+    field(:client_secret, :string)
+    field(:redirect_uris, :string)
+    field(:scopes, :string)
+    field(:website, :string)
+    field(:owner_type, :string)
+    field(:owner_id, :integer)
+
+    timestamps()
+  end
+
+  @doc false
+  def changeset(application, attrs) do
+    application
+    |> cast(attrs, @attrs)
+    |> validate_required(@required_attrs)
+  end
+end
diff --git a/lib/mobilizon/applications/application_token.ex b/lib/mobilizon/applications/application_token.ex
new file mode 100644
index 000000000..90d94b42e
--- /dev/null
+++ b/lib/mobilizon/applications/application_token.ex
@@ -0,0 +1,26 @@
+defmodule Mobilizon.Applications.ApplicationToken do
+  @moduledoc """
+  Module representing an application token
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  schema "application_tokens" do
+    belongs_to(:user, Mobilizon.Users.User)
+    belongs_to(:application, Mobilizon.Applications.Application)
+    field(:authorization_code, :string)
+
+    timestamps()
+  end
+
+  @required_attrs [:user_id, :application_id]
+  @optional_attrs [:authorization_code]
+  @attrs @required_attrs ++ @optional_attrs
+
+  @doc false
+  def changeset(application_token, attrs) do
+    application_token
+    |> cast(attrs, @attrs)
+    |> validate_required(@required_attrs)
+  end
+end
diff --git a/lib/service/auth/applications.ex b/lib/service/auth/applications.ex
new file mode 100644
index 000000000..252f5c257
--- /dev/null
+++ b/lib/service/auth/applications.ex
@@ -0,0 +1,130 @@
+defmodule Mobilizon.Service.Auth.Applications do
+  @moduledoc """
+  Module to handle applications management
+  """
+  alias Mobilizon.Applications
+  alias Mobilizon.Applications.{Application, ApplicationToken}
+  alias Mobilizon.Service.Auth.Authenticator
+
+  @app_access_tokens_ttl {8, :hour}
+  @app_refresh_tokens_ttl {26, :week}
+
+  @type access_token_details :: %{
+          required(:access_token) => String.t(),
+          required(:expires_in) => pos_integer(),
+          required(:refresh_token) => String.t(),
+          required(:refresh_token_expires_in) => pos_integer(),
+          required(:scope) => nil,
+          required(:token_type) => String.t()
+        }
+
+  def create(name, redirect_uris, scopes, website) do
+    client_id = :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42)
+    client_secret = :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42)
+
+    Applications.create_application(%{
+      name: name,
+      redirect_uris: redirect_uris,
+      scopes: scopes,
+      website: website,
+      client_id: client_id,
+      client_secret: client_secret
+    })
+  end
+
+  @spec autorize(String.t(), String.t(), String.t(), integer()) ::
+          {:ok, String.t()}
+          | {:error, :application_not_found}
+          | {:error, :redirect_uri_not_in_allowed}
+  def autorize(client_id, redirect_uri, _scope, user_id) do
+    with %Application{redirect_uris: redirect_uris, id: app_id} <-
+           Applications.get_application_by_client_id(client_id),
+         {:redirect_uri, true} <-
+           {:redirect_uri, redirect_uri in String.split(redirect_uris, "\n")},
+         code <- :crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16),
+         {:ok, %ApplicationToken{}} <-
+           Applications.create_application_token(%{
+             user_id: user_id,
+             application_id: app_id,
+             authorization_code: code
+           }) do
+      {:ok, code}
+    else
+      nil ->
+        {:error, :application_not_found}
+
+      {:redirect_uri, _} ->
+        {:error, :redirect_uri_not_in_allowed}
+    end
+  end
+
+  @spec generate_access_token(String.t(), String.t(), String.t(), String.t()) ::
+          {:ok, access_token_details()}
+          | {:error,
+             :application_not_found
+             | :redirect_uri_not_in_allowed
+             | :provided_code_does_not_match
+             | :invalid_client_secret
+             | :app_token_not_found
+             | any()}
+  def generate_access_token(client_id, client_secret, code, redirect_uri) do
+    with {:application,
+          %Application{
+            id: application_id,
+            client_secret: app_client_secret,
+            scopes: scopes,
+            redirect_uris: redirect_uris
+          }} <-
+           {:application, Applications.get_application_by_client_id(client_id)},
+         {:redirect_uri, true} <-
+           {:redirect_uri, redirect_uri in String.split(redirect_uris, "\n")},
+         {:app_token, %ApplicationToken{} = app_token} <-
+           {:app_token, Applications.get_application_token_by_authorization_code(code)},
+         {:ok, %ApplicationToken{application_id: application_id_from_token} = app_token} <-
+           Applications.update_application_token(app_token, %{authorization_code: nil}),
+         {:same_app, true} <- {:same_app, application_id === application_id_from_token},
+         {:same_client_secret, true} <- {:same_client_secret, app_client_secret == client_secret},
+         {:ok, access_token} <-
+           Authenticator.generate_access_token(app_token, @app_access_tokens_ttl),
+         {:ok, refresh_token} <-
+           Authenticator.generate_refresh_token(app_token, @app_refresh_tokens_ttl) do
+      {:ok,
+       %{
+         access_token: access_token,
+         expires_in: ttl_to_seconds(@app_access_tokens_ttl),
+         refresh_token: refresh_token,
+         refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
+         scope: scopes,
+         token_type: "bearer"
+       }}
+    else
+      {:application, nil} ->
+        {:error, :application_not_found}
+
+      {:same_app, false} ->
+        {:error, :provided_code_does_not_match}
+
+      {:same_client_secret, _} ->
+        {:error, :invalid_client_secret}
+
+      {:redirect_uri, _} ->
+        {:error, :redirect_uri_not_in_allowed}
+
+      {:app_token, _} ->
+        {:error, :app_token_not_found}
+
+      {:error, err} ->
+        {:error, err}
+    end
+  end
+
+  def revoke_application_token(%ApplicationToken{} = app_token) do
+    Applications.revoke_application_token(app_token)
+  end
+
+  @spec ttl_to_seconds({pos_integer(), :second | :minute | :hour | :week}) :: pos_integer()
+  defp ttl_to_seconds({value, :second}), do: value
+  defp ttl_to_seconds({value, :minute}), do: value * 60
+  defp ttl_to_seconds({value, :hour}), do: value * 3600
+  defp ttl_to_seconds({value, :week}), do: value * 604_800
+end
diff --git a/lib/service/auth/authenticator.ex b/lib/service/auth/authenticator.ex
index ba39ca52a..fea00568d 100644
--- a/lib/service/auth/authenticator.ex
+++ b/lib/service/auth/authenticator.ex
@@ -17,6 +17,11 @@ defmodule Mobilizon.Service.Auth.Authenticator do
           required(:user) => User.t()
         }
 
+  @type ttl :: {
+          pos_integer(),
+          :second | :minute | :hour | :week
+        }
+
   def implementation do
     Mobilizon.Config.get(
       Mobilizon.Service.Auth.Authenticator,
@@ -55,7 +60,7 @@ defmodule Mobilizon.Service.Auth.Authenticator do
   @doc """
   Generates access token and refresh token for an user.
   """
-  @spec generate_tokens(User.t()) :: {:ok, tokens}
+  @spec generate_tokens(User.t() | ApplicationToken.t()) :: {:ok, tokens} | {:error, any()}
   def generate_tokens(user) do
     with {:ok, access_token} <- generate_access_token(user),
          {:ok, refresh_token} <- generate_refresh_token(user) do
@@ -66,10 +71,11 @@ defmodule Mobilizon.Service.Auth.Authenticator do
   @doc """
   Generates access token for an user.
   """
-  @spec generate_access_token(User.t()) :: {:ok, String.t()}
-  def generate_access_token(user) do
+  @spec generate_access_token(User.t() | ApplicationToken.t(), ttl() | nil) ::
+          {:ok, String.t()} | {:error, any()}
+  def generate_access_token(user, ttl \\ nil) do
     with {:ok, access_token, _claims} <-
-           Guardian.encode_and_sign(user, %{}, token_type: "access") do
+           Guardian.encode_and_sign(user, %{}, token_type: "access", ttl: ttl) do
       {:ok, access_token}
     end
   end
@@ -77,10 +83,11 @@ defmodule Mobilizon.Service.Auth.Authenticator do
   @doc """
   Generates refresh token for an user.
   """
-  @spec generate_refresh_token(User.t()) :: {:ok, String.t()}
-  def generate_refresh_token(user) do
+  @spec generate_refresh_token(User.t() | ApplicationToken.t(), ttl() | nil) ::
+          {:ok, String.t()} | {:error, any()}
+  def generate_refresh_token(user, ttl \\ nil) do
     with {:ok, refresh_token, _claims} <-
-           Guardian.encode_and_sign(user, %{}, token_type: "refresh") do
+           Guardian.encode_and_sign(user, %{}, token_type: "refresh", ttl: ttl) do
       {:ok, refresh_token}
     end
   end
diff --git a/lib/web/auth/context.ex b/lib/web/auth/context.ex
index 48bbe295a..50ad94d50 100644
--- a/lib/web/auth/context.ex
+++ b/lib/web/auth/context.ex
@@ -6,6 +6,8 @@ defmodule Mobilizon.Web.Auth.Context do
 
   import Plug.Conn
 
+  alias Mobilizon.Applications.Application, as: AuthApplication
+  alias Mobilizon.Applications.ApplicationToken
   alias Mobilizon.Users.User
 
   @spec init(Plug.opts()) :: Plug.opts()
@@ -28,18 +30,13 @@ defmodule Mobilizon.Web.Auth.Context do
 
     {conn, context} =
       case Guardian.Plug.current_resource(conn) do
-        %User{id: user_id, email: user_email} = user ->
-          if Application.get_env(:sentry, :dsn) != nil do
-            Sentry.Context.set_user_context(%{
-              id: user_id,
-              email: user_email,
-              ip_address: context.ip
-            })
-          end
+        %User{} = user ->
+          set_user_context({conn, context}, user)
 
-          context = Map.put(context, :current_user, user)
-          conn = assign(conn, :user_locale, user.locale)
-          {conn, context}
+        %ApplicationToken{user: %User{} = user} = app_token ->
+          conn
+          |> set_app_token_context(context, app_token)
+          |> set_user_context(user)
 
         nil ->
           {conn, context}
@@ -49,4 +46,35 @@ defmodule Mobilizon.Web.Auth.Context do
 
     put_private(conn, :absinthe, %{context: context})
   end
+
+  defp set_user_context({conn, context}, %User{id: user_id, email: user_email} = user) do
+    if Application.get_env(:sentry, :dsn) != nil do
+      Sentry.Context.set_user_context(%{
+        id: user_id,
+        email: user_email,
+        ip_address: context.ip
+      })
+    end
+
+    context = Map.put(context, :current_user, user)
+    conn = assign(conn, :user_locale, user.locale)
+    {conn, context}
+  end
+
+  defp set_app_token_context(
+         conn,
+         context,
+         %ApplicationToken{application: %AuthApplication{client_id: client_id} = app} = app_token
+       ) do
+    if Application.get_env(:sentry, :dsn) != nil do
+      Sentry.Context.set_user_context(%{
+        app_token_client_id: client_id
+      })
+    end
+
+    context =
+      context |> Map.put(:current_auth_app_token, app_token) |> Map.put(:current_auth_app, app)
+
+    {conn, context}
+  end
 end
diff --git a/lib/web/auth/guardian.ex b/lib/web/auth/guardian.ex
index 446fb5dc9..e2a4ea673 100644
--- a/lib/web/auth/guardian.ex
+++ b/lib/web/auth/guardian.ex
@@ -10,14 +10,19 @@ defmodule Mobilizon.Web.Auth.Guardian do
       user: [:base]
     }
 
-  alias Mobilizon.Users
+  alias Mobilizon.{Applications, Users}
+  alias Mobilizon.Applications.ApplicationToken
   alias Mobilizon.Users.User
 
   require Logger
 
   @spec subject_for_token(any(), any()) :: {:ok, String.t()} | {:error, :unknown_resource}
-  def subject_for_token(%User{} = user, _claims) do
-    {:ok, "User:" <> to_string(user.id)}
+  def subject_for_token(%User{id: user_id}, _claims) do
+    {:ok, "User:" <> to_string(user_id)}
+  end
+
+  def subject_for_token(%ApplicationToken{id: app_token_id}, _claims) do
+    {:ok, "AppToken:" <> to_string(app_token_id)}
   end
 
   def subject_for_token(_, _) do
@@ -42,6 +47,25 @@ defmodule Mobilizon.Web.Auth.Guardian do
     end
   end
 
+  def resource_from_claims(%{"sub" => "AppToken:" <> id_str}) do
+    Logger.debug(fn -> "Receiving claim for app token #{id_str}" end)
+
+    try do
+      case Integer.parse(id_str) do
+        {id, ""} ->
+          application_token = Applications.get_application_token!(id)
+          user = Users.get_user_with_actors!(application_token.user_id)
+          application = Applications.get_application!(application_token.application_id)
+          {:ok, application_token |> Map.put(:user, user) |> Map.put(:application, application)}
+
+        _ ->
+          {:error, :invalid_id}
+      end
+    rescue
+      Ecto.NoResultsError -> {:error, :no_result}
+    end
+  end
+
   def resource_from_claims(_) do
     {:error, :no_claims}
   end
diff --git a/lib/web/channels/graphql_socket.ex b/lib/web/channels/graphql_socket.ex
index 0bf0e7244..7677104c0 100644
--- a/lib/web/channels/graphql_socket.ex
+++ b/lib/web/channels/graphql_socket.ex
@@ -4,19 +4,16 @@ defmodule Mobilizon.Web.GraphQLSocket do
   use Absinthe.Phoenix.Socket,
     schema: Mobilizon.GraphQL.Schema
 
+  alias Mobilizon.Applications.Application, as: AuthApplication
+  alias Mobilizon.Applications.ApplicationToken
   alias Mobilizon.Users.User
 
   @spec connect(map, Phoenix.Socket.t()) :: {:ok, Phoenix.Socket.t()} | :error
   def connect(%{"token" => token}, socket) do
     with {:ok, authed_socket} <-
            Guardian.Phoenix.Socket.authenticate(socket, Mobilizon.Web.Auth.Guardian, token),
-         %User{} = user <- Guardian.Phoenix.Socket.current_resource(authed_socket) do
-      authed_socket =
-        Absinthe.Phoenix.Socket.put_options(socket,
-          context: %{
-            current_user: user
-          }
-        )
+         resource <- Guardian.Phoenix.Socket.current_resource(authed_socket) do
+      set_context(authed_socket, resource)
 
       {:ok, authed_socket}
     else
@@ -29,4 +26,27 @@ defmodule Mobilizon.Web.GraphQLSocket do
 
   @spec id(any) :: nil
   def id(_socket), do: nil
+
+  @spec set_context(Phoenix.Socket.t(), User.t() | ApplicationToken.t()) :: Phoenix.Socket.t()
+  defp set_context(socket, %User{} = user) do
+    Absinthe.Phoenix.Socket.put_options(socket,
+      context: %{
+        current_user: user
+      }
+    )
+  end
+
+  defp set_context(
+         socket,
+         %ApplicationToken{user: %User{} = user, application: %AuthApplication{} = app} =
+           app_token
+       ) do
+    Absinthe.Phoenix.Socket.put_options(socket,
+      context: %{
+        current_auth_app_token: app_token,
+        current_auth_app: app,
+        current_user: user
+      }
+    )
+  end
 end
diff --git a/lib/web/controllers/application_controller.ex b/lib/web/controllers/application_controller.ex
new file mode 100644
index 000000000..63e0bfb25
--- /dev/null
+++ b/lib/web/controllers/application_controller.ex
@@ -0,0 +1,130 @@
+defmodule Mobilizon.Web.ApplicationController do
+  use Mobilizon.Web, :controller
+
+  alias Mobilizon.Applications.Application
+  alias Mobilizon.Service.Auth.Applications
+  plug(:put_layout, false)
+  import Mobilizon.Web.Gettext, only: [dgettext: 2]
+
+  @out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
+
+  @doc """
+  Create an application
+  """
+  @spec create_application(Plug.Conn.t(), map()) :: Plug.Conn.t()
+  def create_application(conn, %{"name" => name, "redirect_uris" => redirect_uris} = args) do
+    case Applications.create(
+           name,
+           redirect_uris,
+           Map.get(args, "scopes"),
+           Map.get(args, "website")
+         ) do
+      {:ok, %Application{} = app} ->
+        json(
+          conn,
+          Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
+        )
+
+      {:error, _error} ->
+        send_resp(
+          conn,
+          500,
+          dgettext(
+            "errors",
+            "Impossible to create application."
+          )
+        )
+    end
+  end
+
+  def create_application(conn, _args) do
+    send_resp(
+      conn,
+      400,
+      dgettext(
+        "errors",
+        "Both name and redirect_uri parameters are required to create an application"
+      )
+    )
+  end
+
+  @doc """
+  Authorize
+  """
+  @spec authorize(Plug.Conn.t(), map()) :: Plug.Conn.t()
+  def authorize(
+        conn,
+        _args
+      ) do
+    conn = fetch_query_params(conn)
+
+    client_id = conn.query_params["client_id"]
+    redirect_uri = conn.query_params["redirect_uri"]
+    state = conn.query_params["state"]
+
+    if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) do
+      redirect(conn,
+        to:
+          Routes.page_path(conn, :authorize,
+            client_id: client_id,
+            redirect_uri: redirect_uri,
+            scope: conn.query_params["scope"],
+            state: state
+          )
+      )
+    else
+      send_resp(
+        conn,
+        400,
+        dgettext(
+          "errors",
+          "You need to specify client_id, redirect_uri and state to autorize an application"
+        )
+      )
+    end
+  end
+
+  @spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
+  def generate_access_token(conn, %{
+        "client_id" => client_id,
+        "client_secret" => client_secret,
+        "code" => code,
+        "redirect_uri" => redirect_uri
+      }) do
+    case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
+      {:ok, token} ->
+        if redirect_uri != @out_of_band_redirect_uri do
+          redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
+        else
+          json(conn, token)
+        end
+
+      {:error, :application_not_found} ->
+        send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))
+
+      {:error, :redirect_uri_not_in_allowed} ->
+        send_resp(conn, 400, dgettext("errors", "This redirect URI is not allowed"))
+
+      {:error, :invalid_or_expired} ->
+        send_resp(conn, 400, dgettext("errors", "The provided code is invalid or expired"))
+
+      {:error, :invalid_client_id} ->
+        send_resp(
+          conn,
+          400,
+          dgettext("errors", "The provided client_id does not match the provided code")
+        )
+
+      {:error, :invalid_client_secret} ->
+        send_resp(conn, 400, dgettext("errors", "The provided client_secret is invalid"))
+
+      {:error, :user_not_found} ->
+        send_resp(conn, 400, dgettext("errors", "The user for this code was not found"))
+    end
+  end
+
+  @spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
+  defp generate_redirect_with_query_params(redirect_uri, query_params) do
+    redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()
+  end
+end
diff --git a/lib/web/controllers/page_controller.ex b/lib/web/controllers/page_controller.ex
index 9afb1f779..5243eec68 100644
--- a/lib/web/controllers/page_controller.ex
+++ b/lib/web/controllers/page_controller.ex
@@ -121,6 +121,9 @@ defmodule Mobilizon.Web.PageController do
     end
   end
 
+  @spec authorize(Plug.Conn.t(), any) :: Plug.Conn.t()
+  def authorize(conn, _params), do: render(conn, :index)
+
   @spec handle_collection_route(Plug.Conn.t(), collections()) :: Plug.Conn.t()
   defp handle_collection_route(conn, collection) do
     case get_format(conn) do
diff --git a/lib/web/router.ex b/lib/web/router.ex
index 0ec8c53c2..c85314471 100644
--- a/lib/web/router.ex
+++ b/lib/web/router.ex
@@ -205,6 +205,11 @@ defmodule Mobilizon.Web.Router do
     # Also possible CSRF issue
     get("/auth/:provider/callback", AuthController, :callback)
     post("/auth/:provider/callback", AuthController, :callback)
+
+    post("/apps", ApplicationController, :create_application)
+    get("/oauth/authorize", ApplicationController, :authorize)
+    post("/oauth/token", ApplicationController, :generate_access_token)
+    get("/oauth/autorize_approve", PageController, :authorize)
   end
 
   scope "/proxy/", Mobilizon.Web do
diff --git a/priv/repo/migrations/20230208101626_create_applications.exs b/priv/repo/migrations/20230208101626_create_applications.exs
new file mode 100644
index 000000000..2e29a6d55
--- /dev/null
+++ b/priv/repo/migrations/20230208101626_create_applications.exs
@@ -0,0 +1,20 @@
+defmodule Mobilizon.Repo.Migrations.CreateApplications do
+  use Ecto.Migration
+
+  def change do
+    create table(:applications) do
+      add(:name, :string, null: false)
+      add(:client_id, :string, null: false)
+      add(:client_secret, :string, null: false)
+      add(:redirect_uris, :string, null: false)
+      add(:scopes, :string, null: true)
+      add(:website, :string, null: true)
+      add(:owner_type, :string, null: true)
+      add(:owner_id, :integer, null: true)
+
+      timestamps()
+    end
+
+    create(index(:applications, [:owner_id, :owner_type]))
+  end
+end
diff --git a/priv/repo/migrations/20230215125801_create_application_tokens.exs b/priv/repo/migrations/20230215125801_create_application_tokens.exs
new file mode 100644
index 000000000..a2da53e9a
--- /dev/null
+++ b/priv/repo/migrations/20230215125801_create_application_tokens.exs
@@ -0,0 +1,14 @@
+defmodule Mobilizon.Repo.Migrations.CreateApplicationTokens do
+  use Ecto.Migration
+
+  def change do
+    create table(:application_tokens) do
+      add(:user_id, references(:users, on_delete: :delete_all), null: false)
+      add(:application_id, references(:applications, on_delete: :delete_all), null: false)
+      add(:authorization_code, :string, null: true)
+      timestamps()
+    end
+
+    create(unique_index(:application_tokens, [:user_id, :application_id]))
+  end
+end
diff --git a/test/mobilizon/applications_test.exs b/test/mobilizon/applications_test.exs
new file mode 100644
index 000000000..b1553393e
--- /dev/null
+++ b/test/mobilizon/applications_test.exs
@@ -0,0 +1,146 @@
+defmodule Mobilizon.ApplicationsTest do
+  use Mobilizon.DataCase
+
+  alias Mobilizon.Applications
+
+  describe "applications" do
+    alias Mobilizon.Applications.Application
+
+    import Mobilizon.ApplicationsFixtures
+
+    @invalid_attrs %{name: nil}
+
+    test "list_applications/0 returns all applications" do
+      application = application_fixture()
+      assert Applications.list_applications() == [application]
+    end
+
+    test "get_application!/1 returns the application with given id" do
+      application = application_fixture()
+      assert Applications.get_application!(application.id) == application
+    end
+
+    test "create_application/1 with valid data creates a application" do
+      valid_attrs = %{
+        name: "some name",
+        client_id: "hello",
+        client_secret: "secret",
+        redirect_uris: "somewhere\nelse"
+      }
+
+      assert {:ok, %Application{} = application} = Applications.create_application(valid_attrs)
+      assert application.name == "some name"
+      assert application.client_id == "hello"
+      assert application.client_secret == "secret"
+      assert application.redirect_uris == "somewhere\nelse"
+    end
+
+    test "create_application/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = Applications.create_application(@invalid_attrs)
+    end
+
+    test "update_application/2 with valid data updates the application" do
+      application = application_fixture()
+      update_attrs = %{name: "some updated name"}
+
+      assert {:ok, %Application{} = application} =
+               Applications.update_application(application, update_attrs)
+
+      assert application.name == "some updated name"
+    end
+
+    test "update_application/2 with invalid data returns error changeset" do
+      application = application_fixture()
+
+      assert {:error, %Ecto.Changeset{}} =
+               Applications.update_application(application, @invalid_attrs)
+
+      assert application == Applications.get_application!(application.id)
+    end
+
+    test "delete_application/1 deletes the application" do
+      application = application_fixture()
+      assert {:ok, %Application{}} = Applications.delete_application(application)
+      assert_raise Ecto.NoResultsError, fn -> Applications.get_application!(application.id) end
+    end
+
+    test "change_application/1 returns a application changeset" do
+      application = application_fixture()
+      assert %Ecto.Changeset{} = Applications.change_application(application)
+    end
+  end
+
+  describe "application_tokens" do
+    alias Mobilizon.Applications.ApplicationToken
+
+    import Mobilizon.ApplicationsFixtures
+    import Mobilizon.Factory
+
+    @invalid_attrs %{user_id: nil}
+
+    test "list_application_tokens/0 returns all application_tokens" do
+      application_token = application_token_fixture()
+      assert Applications.list_application_tokens() == [application_token]
+    end
+
+    test "get_application_token!/1 returns the application_token with given id" do
+      application_token = application_token_fixture()
+      assert Applications.get_application_token!(application_token.id) == application_token
+    end
+
+    test "create_application_token/1 with valid data creates a application_token" do
+      user = insert(:user)
+      application = application_fixture()
+
+      valid_attrs = %{
+        user_id: user.id,
+        application_id: application.id,
+        authorization_code: "hey hello"
+      }
+
+      assert {:ok, %ApplicationToken{} = application_token} =
+               Applications.create_application_token(valid_attrs)
+
+      assert application_token.user_id == user.id
+      assert application_token.application_id == application.id
+      assert application_token.authorization_code == "hey hello"
+    end
+
+    test "create_application_token/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = Applications.create_application_token(@invalid_attrs)
+    end
+
+    test "update_application_token/2 with valid data updates the application_token" do
+      application_token = application_token_fixture()
+      update_attrs = %{authorization_code: nil}
+
+      assert {:ok, %ApplicationToken{} = application_token} =
+               Applications.update_application_token(application_token, update_attrs)
+
+      assert is_nil(application_token.authorization_code)
+    end
+
+    test "update_application_token/2 with invalid data returns error changeset" do
+      application_token = application_token_fixture()
+
+      assert {:error, %Ecto.Changeset{}} =
+               Applications.update_application_token(application_token, @invalid_attrs)
+
+      assert application_token == Applications.get_application_token!(application_token.id)
+    end
+
+    test "delete_application_token/1 deletes the application_token" do
+      application_token = application_token_fixture()
+      assert {:ok, %ApplicationToken{}} = Applications.delete_application_token(application_token)
+
+      assert_raise Ecto.NoResultsError, fn ->
+        Applications.get_application_token!(application_token.id)
+      end
+    end
+
+    test "change_application_token/1 returns a application_token changeset" do
+      application_token = application_token_fixture()
+      assert %Ecto.Changeset{} = Applications.change_application_token(application_token)
+    end
+  end
+end
diff --git a/test/support/fixtures/applications_fixtures.ex b/test/support/fixtures/applications_fixtures.ex
new file mode 100644
index 000000000..10f341098
--- /dev/null
+++ b/test/support/fixtures/applications_fixtures.ex
@@ -0,0 +1,43 @@
+defmodule Mobilizon.ApplicationsFixtures do
+  @moduledoc """
+  This module defines test helpers for creating
+  entities via the `Mobilizon.Applications` context.
+  """
+
+  import Mobilizon.Factory
+
+  @doc """
+  Generate a application.
+  """
+  def application_fixture(attrs \\ %{}) do
+    {:ok, application} =
+      attrs
+      |> Enum.into(%{
+        name: "some name",
+        client_id: "hello",
+        client_secret: "secret",
+        redirect_uris: "somewhere\nelse"
+      })
+      |> Mobilizon.Applications.create_application()
+
+    application
+  end
+
+  @doc """
+  Generate a application_token.
+  """
+  def application_token_fixture(attrs \\ %{}) do
+    user = insert(:user)
+
+    {:ok, application_token} =
+      attrs
+      |> Enum.into(%{
+        application_id: application_fixture().id,
+        user_id: user.id,
+        authorization_code: "some code"
+      })
+      |> Mobilizon.Applications.create_application_token()
+
+    application_token
+  end
+end

From b6875f6a4beba3174b8522f8ef79ac1f48470e52 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Tue, 21 Feb 2023 14:50:09 +0100
Subject: [PATCH 04/12] Introduce device flow

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .../components/OAuth/AuthorizeApplication.vue |  91 +++++++++++
 js/src/graphql/application.ts                 |  18 ++-
 js/src/router/user.ts                         |  13 ++
 js/src/views/OAuth/AuthorizeView.vue          |  40 +----
 js/src/views/OAuth/DeviceActivationView.vue   | 149 ++++++++++++++++++
 js/src/views/Settings/AppsView.vue            |  11 +-
 lib/graphql/resolvers/application.ex          |  31 +++-
 lib/graphql/schema/auth_application.ex        |  25 +++
 lib/mobilizon/applications.ex                 | 139 ++++++++++++++++
 .../application_device_activation.ex          |  32 ++++
 .../applications/application_token.ex         |  10 +-
 lib/service/auth/applications.ex              | 142 ++++++++++++++++-
 lib/web/controllers/application_controller.ex |  53 ++++++-
 lib/web/controllers/page_controller.ex        |   3 +
 lib/web/router.ex                             |  11 ++
 ...20230216151638_add_device_flow_support.exs |  10 ++
 ...3_create_application_device_activation.exs |  16 ++
 test/mobilizon/applications_test.exs          |  74 +++++++++
 .../support/fixtures/applications_fixtures.ex |  12 ++
 19 files changed, 833 insertions(+), 47 deletions(-)
 create mode 100644 js/src/components/OAuth/AuthorizeApplication.vue
 create mode 100644 js/src/views/OAuth/DeviceActivationView.vue
 create mode 100644 lib/mobilizon/applications/application_device_activation.ex
 create mode 100644 priv/repo/migrations/20230216151638_add_device_flow_support.exs
 create mode 100644 priv/repo/migrations/20230217084253_create_application_device_activation.exs

diff --git a/js/src/components/OAuth/AuthorizeApplication.vue b/js/src/components/OAuth/AuthorizeApplication.vue
new file mode 100644
index 000000000..913ef0441
--- /dev/null
+++ b/js/src/components/OAuth/AuthorizeApplication.vue
@@ -0,0 +1,91 @@
+<template>
+  <h1 class="text-3xl">
+    {{ t("Autorize this application to access your account?") }}
+  </h1>
+
+  <div
+    class="rounded-lg bg-mbz-warning dark:text-black shadow-xl my-6 p-4 flex items-center gap-2"
+  >
+    <AlertCircle :size="42" />
+    <p>
+      {{
+        t(
+          "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
+        )
+      }}
+    </p>
+  </div>
+
+  <div class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6">
+    <div class="p-4 pb-0">
+      <p class="text-3xl font-bold">{{ authApplication.name }}</p>
+      <p>{{ authApplication.website }}</p>
+    </div>
+    <div class="flex gap-3 p-4">
+      <o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
+      <o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
+        t("Decline")
+      }}</o-button>
+    </div>
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { useHead } from "@vueuse/head";
+import { computed } from "vue";
+import { useI18n } from "vue-i18n";
+import { useMutation } from "@vue/apollo-composable";
+import { AUTORIZE_APPLICATION } from "@/graphql/application";
+import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
+import RouteName from "@/router/name";
+import { IApplication } from "@/types/application.model";
+
+const { t } = useI18n({ useScope: "global" });
+
+const props = defineProps<{
+  authApplication: IApplication;
+  redirectURI?: string | null;
+  state?: string | null;
+  scope?: string | null;
+}>();
+
+const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
+  useMutation<
+    { authorizeApplication: { code: string; state: string } },
+    {
+      applicationClientId: string;
+      redirectURI: string;
+      state?: string | null;
+      scope?: string | null;
+    }
+  >(AUTORIZE_APPLICATION);
+
+const authorize = () => {
+  authorizeMutation({
+    applicationClientId: props.authApplication.clientId,
+    redirectURI: props.redirectURI as string,
+    state: props.state,
+    scope: props.scope,
+  });
+};
+
+onAuthorizeMutationDone(({ data }) => {
+  const code = data?.authorizeApplication?.code;
+  const returnedState = data?.authorizeApplication?.state ?? "";
+
+  if (!code) return;
+
+  if (props.redirectURI) {
+    const params = new URLSearchParams(
+      Object.entries({ code, state: returnedState })
+    );
+    window.location.assign(
+      new URL(`${props.redirectURI}?${params.toString()}`)
+    );
+  }
+});
+
+useHead({
+  title: computed(() => t("Authorize application")),
+});
+</script>
diff --git a/js/src/graphql/application.ts b/js/src/graphql/application.ts
index 11e9849b9..086a8579d 100644
--- a/js/src/graphql/application.ts
+++ b/js/src/graphql/application.ts
@@ -3,6 +3,7 @@ import gql from "graphql-tag";
 export const AUTH_APPLICATION = gql`
   query AuthApplication($clientId: String!) {
     authApplication(clientId: $clientId) {
+      id
       clientId
       name
       website
@@ -13,7 +14,7 @@ export const AUTH_APPLICATION = gql`
 export const AUTORIZE_APPLICATION = gql`
   mutation AuthorizeApplication(
     $applicationClientId: String!
-    $redirectURI: String!
+    $redirectURI: String
     $state: String
     $scope: String
   ) {
@@ -53,3 +54,18 @@ export const REVOKED_AUTHORIZED_APPLICATION = gql`
     }
   }
 `;
+
+export const DEVICE_ACTIVATION = gql`
+  mutation DeviceActivation($userCode: String!) {
+    deviceActivation(userCode: $userCode) {
+      id
+      application {
+        id
+        clientId
+        name
+        website
+      }
+      scope
+    }
+  }
+`;
diff --git a/js/src/router/user.ts b/js/src/router/user.ts
index 612c4cce6..cd80c2973 100644
--- a/js/src/router/user.ts
+++ b/js/src/router/user.ts
@@ -14,6 +14,7 @@ export enum UserRouteName {
   VALIDATE = "Validate",
   LOGIN = "Login",
   OAUTH_AUTORIZE = "OAUTH_AUTORIZE",
+  OAUTH_LOGIN_DEVICE = "OAUTH_LOGIN_DEVICE",
 }
 
 export const userRoutes: RouteRecordRaw[] = [
@@ -120,4 +121,16 @@ export const userRoutes: RouteRecordRaw[] = [
       },
     },
   },
+  {
+    path: "/login/device",
+    name: UserRouteName.OAUTH_LOGIN_DEVICE,
+    component: (): Promise<any> =>
+      import("@/views/OAuth/DeviceActivationView.vue"),
+    meta: {
+      requiredAuth: true,
+      announcer: {
+        message: (): string => t("Device activation") as string,
+      },
+    },
+  },
 ];
diff --git a/js/src/views/OAuth/AuthorizeView.vue b/js/src/views/OAuth/AuthorizeView.vue
index 618ce49eb..184c5fdca 100644
--- a/js/src/views/OAuth/AuthorizeView.vue
+++ b/js/src/views/OAuth/AuthorizeView.vue
@@ -26,39 +26,14 @@
         </div>
       </div>
     </div>
-    <div
+    <AuthorizeApplication
+      v-if="authApplication"
       v-show="!authApplicationLoading && !authApplicationError && !resultCode"
-    >
-      <h1 class="text-3xl">
-        {{ t("Autorize this application to access your account?") }}
-      </h1>
-
-      <div
-        class="rounded-lg bg-mbz-warning shadow-xl my-6 p-4 flex items-center gap-2"
-      >
-        <AlertCircle :size="42" />
-        <p>
-          {{
-            t(
-              "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
-            )
-          }}
-        </p>
-      </div>
-
-      <div class="rounded-lg bg-white shadow-xl my-6">
-        <div class="p-4 pb-0">
-          <p class="text-3xl font-bold">{{ authApplication?.name }}</p>
-          <p>{{ authApplication?.website }}</p>
-        </div>
-        <div class="flex gap-3 p-4">
-          <o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
-          <o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
-            t("Decline")
-          }}</o-button>
-        </div>
-      </div>
-    </div>
+      :auth-application="authApplication"
+      :redirectURI="redirectURI"
+      :state="state"
+      :scope="scope"
+    />
     <div v-show="authApplicationError">
       <div
         class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
@@ -114,6 +89,7 @@ import { IApplication } from "@/types/application.model";
 import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
 import type { AbsintheGraphQLError } from "@/types/errors.model";
 import RouteName from "@/router/name";
+import AuthorizeApplication from "@/components/OAuth/AuthorizeApplication.vue";
 
 const { t } = useI18n({ useScope: "global" });
 
diff --git a/js/src/views/OAuth/DeviceActivationView.vue b/js/src/views/OAuth/DeviceActivationView.vue
new file mode 100644
index 000000000..2e3663f40
--- /dev/null
+++ b/js/src/views/OAuth/DeviceActivationView.vue
@@ -0,0 +1,149 @@
+<template>
+  <div class="container mx-auto w-96">
+    <form
+      @submit.prevent="() => validateCode({ userCode: code })"
+      @paste="pasteCode"
+      class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6 p-4"
+      v-if="!application"
+    >
+      <h1 class="text-3xl text-center">
+        {{ t("Device activation") }}
+      </h1>
+      <p class="mb-4 text-center">
+        {{ t("Enter the code displayed on your device") }}
+      </p>
+
+      <div class="flex items-center justify-between mb-4 gap-2">
+        <div
+          v-for="i in Array(9).keys()"
+          :key="i"
+          :class="i === 4 ? 'w-6' : 'w-8'"
+        >
+          <span
+            :id="`user-code-${i}`"
+            v-if="i === 4"
+            class="block text-3xl text-center"
+            >-</span
+          >
+          <o-input
+            autocapitalize="characters"
+            @update:modelValue="(val: string) => inputs[i] = val.toUpperCase()"
+            :useHtml5Validation="true"
+            :id="`user-code-${i}`"
+            :ref="(el: Element) => userCodeInputs[i] = el"
+            :modelValue="inputs[i]"
+            v-else
+            size="large"
+            style="font-size: 22px; padding: 0.5rem 0.15rem 0.5rem 0.25rem"
+            required
+            maxlength="1"
+            pattern="[A-Z]{1}"
+            :autofocus="i === 0 ? true : undefined"
+          />
+        </div>
+      </div>
+
+      <div
+        class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
+        v-if="error"
+      >
+        <AlertCircle :size="42" />
+        <div>
+          <p>{{ error }}</p>
+        </div>
+      </div>
+
+      <div class="text-center">
+        <o-button native-type="submit">{{ t("Continue") }}</o-button>
+      </div>
+    </form>
+    <AuthorizeApplication v-if="application" :auth-application="application" />
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { DEVICE_ACTIVATION } from "@/graphql/application";
+import { useMutation } from "@vue/apollo-composable";
+import { useHead } from "@vueuse/head";
+import { computed, reactive, ref, watch } from "vue";
+import { useI18n } from "vue-i18n";
+import AuthorizeApplication from "@/components/OAuth/AuthorizeApplication.vue";
+import { IApplication } from "@/types/application.model";
+import { AbsintheGraphQLErrors } from "@/types/errors.model";
+import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
+
+const { t } = useI18n({ useScope: "global" });
+
+const {
+  mutate: validateCode,
+  onDone: onDeviceActivationDone,
+  onError: onDeviceActivationError,
+} = useMutation<{
+  deviceActivation: { application: IApplication; id: string; scope: string };
+}>(DEVICE_ACTIVATION);
+
+const inputs = reactive<string[]>([]);
+
+const application = ref<IApplication | null>(null);
+
+onDeviceActivationDone(({ data }) => {
+  const foundApplication = data?.deviceActivation?.application;
+  if (foundApplication) {
+    application.value = foundApplication;
+  }
+});
+
+const code = computed(() => {
+  return inputs.join("");
+});
+
+const userCodeInputs = reactive<Record<number, Element>>([]);
+
+watch(inputs, (localInputs) => {
+  localInputs.forEach((input, index) => {
+    if (input && index < 8) {
+      if (index === 3) {
+        index = 4;
+      }
+      (userCodeInputs[index + 1] as HTMLInputElement).focus();
+    }
+  });
+});
+
+const error = ref<string | null>(null);
+
+onDeviceActivationError(
+  ({ graphQLErrors }: { graphQLErrors: AbsintheGraphQLErrors }) => {
+    if (graphQLErrors[0].status_code === 404) {
+      error.value = t("The device code is incorrect or no longer valid.");
+    }
+    resetInputs();
+    (userCodeInputs[0] as HTMLInputElement).focus();
+    setTimeout(() => {
+      error.value = null;
+    }, 10000);
+  }
+);
+
+const resetInputs = () => {
+  inputs.splice(0);
+};
+
+const pasteCode = (e: ClipboardEvent) => {
+  let pastedCode = e.clipboardData?.getData("text").trim();
+  if (!pastedCode) return;
+  if (pastedCode.match(/^[A-Z]{4}-[A-Z]{4}$/)) {
+    pastedCode = pastedCode.slice(0, 4) + pastedCode.slice(5);
+  }
+  if (pastedCode.match(/^[A-Z]{8}$/)) {
+    pastedCode.split("").forEach((val, index) => {
+      const realIndex = index > 3 ? index + 1 : index;
+      inputs[realIndex] = val;
+    });
+  }
+};
+
+useHead({
+  title: computed(() => t("Device activation")),
+});
+</script>
diff --git a/js/src/views/Settings/AppsView.vue b/js/src/views/Settings/AppsView.vue
index 35ef4ccf2..21bf2c3d4 100644
--- a/js/src/views/Settings/AppsView.vue
+++ b/js/src/views/Settings/AppsView.vue
@@ -76,11 +76,12 @@ import {
 } from "@/graphql/application";
 import { useMutation, useQuery } from "@vue/apollo-composable";
 import { useHead } from "@vueuse/head";
-import { computed } from "vue";
+import { computed, inject } from "vue";
 import { useI18n } from "vue-i18n";
 import RouteName from "../../router/name";
 import { IUser } from "@/types/current-user.model";
 import { formatDateString } from "@/filters/datetime";
+import { Notifier } from "@/plugins/notifier";
 
 const { t } = useI18n({ useScope: "global" });
 
@@ -132,6 +133,14 @@ const { mutate: revoke, onDone: onRevokedApplication } = useMutation<
   },
 });
 
+const notifier = inject<Notifier>("notifier");
+
+onRevokedApplication(() => {
+  notifier?.success(
+    t("Application was revoked")
+  );
+})
+
 useHead({
   title: computed(() => t("Apps")),
 });
diff --git a/lib/graphql/resolvers/application.ex b/lib/graphql/resolvers/application.ex
index a546148d9..0b17a580f 100644
--- a/lib/graphql/resolvers/application.ex
+++ b/lib/graphql/resolvers/application.ex
@@ -4,7 +4,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
   """
 
   alias Mobilizon.Applications, as: ApplicationManager
-  alias Mobilizon.Applications.{Application, ApplicationToken}
+  alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
   alias Mobilizon.Service.Auth.Applications
   alias Mobilizon.Users.User
   import Mobilizon.Web.Gettext, only: [dgettext: 2]
@@ -89,4 +89,33 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
   def revoke_application_token(_parent, _args, _resolution) do
     {:error, :unauthenticated}
   end
+
+  def activate_device(_parent, %{user_code: user_code}, %{
+        context: %{current_user: %User{} = user}
+      }) do
+    with {:ok, %ApplicationDeviceActivation{} = app_device_activation} <-
+           Applications.activate_device(user_code, user) do
+      {:ok, app_device_activation |> Map.from_struct() |> Map.take([:application, :id, :scope])}
+    end
+  end
+
+  @spec authorize_device_application(any(), map(), Absinthe.Resolution.t()) ::
+          {:ok, map()} | {:error, String.t()}
+  def authorize_device_application(
+        _parent,
+        %{client_id: client_id, user_code: user_code},
+        %{context: %{current_user: %User{id: user_id}}}
+      ) do
+    case Applications.autorize_device_application(client_id, user_code, user_id) do
+      {:ok, %Application{} = app} ->
+        {:ok, app}
+
+      {:error, :application_not_found} ->
+        {:error,
+         dgettext(
+           "errors",
+           "No application with this client_id was found"
+         )}
+    end
+  end
 end
diff --git a/lib/graphql/schema/auth_application.ex b/lib/graphql/schema/auth_application.ex
index 5cdda92a3..37fba37a9 100644
--- a/lib/graphql/schema/auth_application.ex
+++ b/lib/graphql/schema/auth_application.ex
@@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
 
   @desc "An application"
   object :auth_application do
+    field(:id, :id)
     field(:name, :string)
     field(:client_id, :string)
     field(:scopes, :string)
@@ -27,6 +28,12 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
     field(:state, :string)
   end
 
+  object :application_device_activation do
+    field(:id, :id)
+    field(:application, :auth_application)
+    field(:scope, :string)
+  end
+
   object :auth_application_queries do
     @desc "Get an application"
     field :auth_application, :auth_application do
@@ -53,9 +60,27 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
       resolve(&Application.authorize/3)
     end
 
+    @desc "Revoke an authorized application"
     field :revoke_application_token, :deleted_object do
       arg(:app_token_id, non_null(:string), description: "The application token's ID")
       resolve(&Application.revoke_application_token/3)
     end
+
+    @desc "Activate an user device"
+    field :device_activation, :application_device_activation do
+      arg(:user_code, non_null(:string),
+        description: "The code provided by the application entered by the user"
+      )
+
+      resolve(&Application.activate_device/3)
+    end
+
+    @desc "Activate an user device"
+    field :authorize_device_application, :auth_application do
+      arg(:client_id, non_null(:string), description: "The application's client_id")
+      arg(:scope, :string, description: "The scope for the authorization")
+
+      resolve(&Application.authorize_device_application/3)
+    end
   end
 end
diff --git a/lib/mobilizon/applications.ex b/lib/mobilizon/applications.ex
index b0df25395..60425097c 100644
--- a/lib/mobilizon/applications.ex
+++ b/lib/mobilizon/applications.ex
@@ -4,10 +4,24 @@ defmodule Mobilizon.Applications do
   """
 
   import Ecto.Query, warn: false
+  import EctoEnum
   alias Ecto.Multi
   alias Mobilizon.Applications.Application
   alias Mobilizon.Storage.Repo
 
+  defenum(ApplicationDeviceActivationStatus, [
+    "success",
+    "pending",
+    "incorrect_device_code",
+    "access_denied"
+  ])
+
+  defenum(ApplicationTokenStatus, [
+    "success",
+    "pending",
+    "access_denied"
+  ])
+
   @doc """
   Returns the list of applications.
 
@@ -255,4 +269,129 @@ defmodule Mobilizon.Applications do
   def change_application_token(%ApplicationToken{} = application_token, attrs \\ %{}) do
     ApplicationToken.changeset(application_token, attrs)
   end
+
+  alias Mobilizon.Applications.ApplicationDeviceActivation
+
+  @doc """
+  Returns the list of application_device_activation.
+
+  ## Examples
+
+      iex> list_application_device_activation()
+      [%ApplicationDeviceActivation{}, ...]
+
+  """
+  def list_application_device_activation do
+    Repo.all(ApplicationDeviceActivation)
+  end
+
+  @doc """
+  Gets a single application_device_activation.
+
+  Raises `Ecto.NoResultsError` if the Application device activation does not exist.
+
+  ## Examples
+
+      iex> get_application_device_activation!(123)
+      %ApplicationDeviceActivation{}
+
+      iex> get_application_device_activation!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_application_device_activation!(id), do: Repo.get!(ApplicationDeviceActivation, id)
+
+  def get_application_device_activation(id), do: Repo.get(ApplicationDeviceActivation, id)
+
+  def get_application_device_activation_by_user_code(user_code),
+    do: Repo.get_by(ApplicationDeviceActivation, user_code: user_code)
+
+  def get_application_device_activation(client_id, device_code) do
+    ApplicationDeviceActivation
+    |> join(:left, [ada], a in assoc(ada, :application))
+    |> where([_, a], a.client_id == ^client_id)
+    |> where([ada], ada.device_code == ^device_code)
+    |> select([ada], ada)
+    |> Repo.one()
+  end
+
+  @doc """
+  Creates a application_device_activation.
+
+  ## Examples
+
+      iex> create_application_device_activation(%{field: value})
+      {:ok, %ApplicationDeviceActivation{}}
+
+      iex> create_application_device_activation(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_application_device_activation(attrs \\ %{}) do
+    %ApplicationDeviceActivation{}
+    |> ApplicationDeviceActivation.changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a application_device_activation.
+
+  ## Examples
+
+      iex> update_application_device_activation(application_device_activation, %{field: new_value})
+      {:ok, %ApplicationDeviceActivation{}}
+
+      iex> update_application_device_activation(application_device_activation, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_application_device_activation(
+        %ApplicationDeviceActivation{} = application_device_activation,
+        attrs
+      ) do
+    application_device_activation
+    |> ApplicationDeviceActivation.changeset(attrs)
+    |> Repo.update()
+    |> case do
+      {:ok, application_device_activation} ->
+        {:ok, Repo.preload(application_device_activation, :application)}
+
+      error ->
+        error
+    end
+  end
+
+  @doc """
+  Deletes a application_device_activation.
+
+  ## Examples
+
+      iex> delete_application_device_activation(application_device_activation)
+      {:ok, %ApplicationDeviceActivation{}}
+
+      iex> delete_application_device_activation(application_device_activation)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_application_device_activation(
+        %ApplicationDeviceActivation{} = application_device_activation
+      ) do
+    Repo.delete(application_device_activation)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking application_device_activation changes.
+
+  ## Examples
+
+      iex> change_application_device_activation(application_device_activation)
+      %Ecto.Changeset{data: %ApplicationDeviceActivation{}}
+
+  """
+  def change_application_device_activation(
+        %ApplicationDeviceActivation{} = application_device_activation,
+        attrs \\ %{}
+      ) do
+    ApplicationDeviceActivation.changeset(application_device_activation, attrs)
+  end
 end
diff --git a/lib/mobilizon/applications/application_device_activation.ex b/lib/mobilizon/applications/application_device_activation.ex
new file mode 100644
index 000000000..27f0de0ae
--- /dev/null
+++ b/lib/mobilizon/applications/application_device_activation.ex
@@ -0,0 +1,32 @@
+defmodule Mobilizon.Applications.ApplicationDeviceActivation do
+  @moduledoc """
+  Module representing a application device activation
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias Mobilizon.Applications.{Application, ApplicationDeviceActivationStatus}
+  alias Mobilizon.Users.User
+
+  schema "application_device_activation" do
+    field(:user_code, :string)
+    field(:device_code, :string)
+    field(:scope, :string)
+    field(:expires_in, :integer)
+    field(:status, ApplicationDeviceActivationStatus, default: :pending)
+    belongs_to(:user, User)
+    belongs_to(:application, Application)
+
+    timestamps()
+  end
+
+  @required_attrs [:user_code, :device_code, :expires_in, :application_id]
+  @optional_attrs [:status, :user_id]
+  @attrs @required_attrs ++ @optional_attrs
+
+  @doc false
+  def changeset(application_device_activation, attrs) do
+    application_device_activation
+    |> cast(attrs, @attrs)
+    |> validate_required(@required_attrs)
+  end
+end
diff --git a/lib/mobilizon/applications/application_token.ex b/lib/mobilizon/applications/application_token.ex
index 90d94b42e..bcf3575c3 100644
--- a/lib/mobilizon/applications/application_token.ex
+++ b/lib/mobilizon/applications/application_token.ex
@@ -4,16 +4,20 @@ defmodule Mobilizon.Applications.ApplicationToken do
   """
   use Ecto.Schema
   import Ecto.Changeset
+  alias Mobilizon.Applications.{Application, ApplicationTokenStatus}
+  alias Mobilizon.Users.User
 
   schema "application_tokens" do
-    belongs_to(:user, Mobilizon.Users.User)
-    belongs_to(:application, Mobilizon.Applications.Application)
+    belongs_to(:user, User)
+    belongs_to(:application, Application)
     field(:authorization_code, :string)
+    field(:status, ApplicationTokenStatus)
+    field(:scope, :string)
 
     timestamps()
   end
 
-  @required_attrs [:user_id, :application_id]
+  @required_attrs [:user_id, :application_id, :scope]
   @optional_attrs [:authorization_code]
   @attrs @required_attrs ++ @optional_attrs
 
diff --git a/lib/service/auth/applications.ex b/lib/service/auth/applications.ex
index 252f5c257..c77538f19 100644
--- a/lib/service/auth/applications.ex
+++ b/lib/service/auth/applications.ex
@@ -3,8 +3,10 @@ defmodule Mobilizon.Service.Auth.Applications do
   Module to handle applications management
   """
   alias Mobilizon.Applications
-  alias Mobilizon.Applications.{Application, ApplicationToken}
+  alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
   alias Mobilizon.Service.Auth.Authenticator
+  alias Mobilizon.Users.User
+  alias Mobilizon.Web.Router.Helpers, as: Routes
 
   @app_access_tokens_ttl {8, :hour}
   @app_refresh_tokens_ttl {26, :week}
@@ -58,6 +60,15 @@ defmodule Mobilizon.Service.Auth.Applications do
     end
   end
 
+  def autorize_device_application(client_id, user_code) do
+    case Applications.get_application_device_activation(client_id, user_code) do
+      %ApplicationDeviceActivation{status: :confirmed} = app_device_activation ->
+        Applications.update_application_device_activation(app_device_activation, %{
+          status: :success
+        })
+    end
+  end
+
   @spec generate_access_token(String.t(), String.t(), String.t(), String.t()) ::
           {:ok, access_token_details()}
           | {:error,
@@ -118,6 +129,126 @@ defmodule Mobilizon.Service.Auth.Applications do
     end
   end
 
+  def generate_access_token(client_id, device_code) do
+    case Applications.get_application_device_activation(client_id, device_code) do
+      %ApplicationDeviceActivation{status: :success, scope: scope, user_id: user_id} =
+          app_device_activation ->
+        if device_activation_expired?(app_device_activation) do
+          {:error, :expired}
+        else
+          %Application{id: app_id} = Applications.get_application_by_client_id(client_id)
+
+          {:ok, %ApplicationToken{} = app_token} =
+            Applications.create_application_token(%{
+              user_id: user_id,
+              application_id: app_id,
+              authorization_code: nil,
+              scope: scope
+            })
+
+          {:ok, access_token} =
+            Authenticator.generate_access_token(app_token, @app_access_tokens_ttl)
+
+          {:ok, refresh_token} =
+            Authenticator.generate_refresh_token(app_token, @app_refresh_tokens_ttl)
+
+          {:ok,
+           %{
+             access_token: access_token,
+             expires_in: ttl_to_seconds(@app_access_tokens_ttl),
+             refresh_token: refresh_token,
+             refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
+             scope: scope,
+             token_type: "bearer"
+           }}
+        end
+
+      %ApplicationDeviceActivation{status: :incorrect_device_code} ->
+        {:error, :incorrect_device_code}
+
+      %ApplicationDeviceActivation{status: :access_denied} ->
+        {:error, :access_denied}
+
+      err ->
+        require Logger
+        Logger.error(inspect(err))
+        {:error, :incorrect_device_code}
+    end
+  end
+
+  @chars "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |> String.split("", trim: true)
+
+  defp string_of_length(length) do
+    1..length
+    |> Enum.reduce([], fn _i, acc ->
+      [Enum.random(@chars) | acc]
+    end)
+    |> Enum.join("")
+  end
+
+  @expires_in 900
+  @interval 5
+
+  @spec register_device_code(String.t(), String.t() | nil) ::
+          {:ok, ApplicationDeviceActivation.t()}
+          | {:error, Ecto.Changeset.t()}
+  def register_device_code(client_id, scope) do
+    %Application{} = application = Applications.get_application_by_client_id(client_id)
+    device_code = string_of_length(40)
+    user_code = string_of_length(8)
+    verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
+    expires_in = @expires_in
+    interval = @interval
+
+    case Applications.create_application_device_activation(%{
+           device_code: device_code,
+           user_code: user_code,
+           expires_in: expires_in,
+           application_id: application.id,
+           scope: scope
+         }) do
+      {:ok, %ApplicationDeviceActivation{} = application_device_activation} ->
+        {:ok,
+         application_device_activation
+         |> Map.from_struct()
+         |> Map.take([:device_code, :user_code, :expires_in])
+         |> Map.update!(:user_code, &user_code_displayed/1)
+         |> Map.merge(%{
+           interval: interval,
+           verification_uri: verification_uri
+         })}
+
+      {:error, %Ecto.Changeset{} = err} ->
+        {:error, err}
+    end
+  end
+
+  @spec activate_device(String.t(), User.t()) ::
+          {:ok, ApplicationDeviceActivation.t()}
+          | {:error, Ecto.Changeset.t()}
+          | {:error, :not_found}
+          | {:error, :expired}
+  def activate_device(user_code, user) do
+    case Applications.get_application_device_activation_by_user_code(user_code) do
+      %ApplicationDeviceActivation{} = app_device_activation ->
+        if device_activation_expired?(app_device_activation) do
+          {:error, :expired}
+        else
+          Applications.update_application_device_activation(app_device_activation, %{
+            status: :confirmed,
+            user_id: user.id
+          })
+        end
+
+      _ ->
+        {:error, :not_found}
+    end
+  end
+
+  defp user_code_displayed(user_code) do
+    String.slice(user_code, 0..3) <> "-" <> String.slice(user_code, 4..7)
+  end
+
   def revoke_application_token(%ApplicationToken{} = app_token) do
     Applications.revoke_application_token(app_token)
   end
@@ -127,4 +258,13 @@ defmodule Mobilizon.Service.Auth.Applications do
   defp ttl_to_seconds({value, :minute}), do: value * 60
   defp ttl_to_seconds({value, :hour}), do: value * 3600
   defp ttl_to_seconds({value, :week}), do: value * 604_800
+
+  @spec device_activation_expired?(ApplicationDeviceActivation.t()) :: boolean()
+  defp device_activation_expired?(%ApplicationDeviceActivation{
+         inserted_at: inserted_at,
+         expires_in: expires_in
+       }) do
+    NaiveDateTime.compare(NaiveDateTime.add(inserted_at, expires_in), NaiveDateTime.utc_now()) ==
+      :gt
+  end
 end
diff --git a/lib/web/controllers/application_controller.ex b/lib/web/controllers/application_controller.ex
index 63e0bfb25..df26c99bb 100644
--- a/lib/web/controllers/application_controller.ex
+++ b/lib/web/controllers/application_controller.ex
@@ -1,12 +1,11 @@
 defmodule Mobilizon.Web.ApplicationController do
   use Mobilizon.Web, :controller
 
-  alias Mobilizon.Applications.Application
+  alias Mobilizon.Applications.{Application, ApplicationDeviceActivation}
   alias Mobilizon.Service.Auth.Applications
   plug(:put_layout, false)
   import Mobilizon.Web.Gettext, only: [dgettext: 2]
-
-  @out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
+  require Logger
 
   @doc """
   Create an application
@@ -84,6 +83,27 @@ defmodule Mobilizon.Web.ApplicationController do
     end
   end
 
+  def device_code(conn, %{"client_id" => client_id} = args) do
+    case Applications.register_device_code(client_id, Map.get(args, "scope")) do
+      {:ok, res} when is_map(res) ->
+        case get_format(conn) do
+          "json" ->
+            json(conn, res)
+
+          _ ->
+            send_resp(conn, 200, URI.encode_query(res))
+        end
+
+      {:error, %Ecto.Changeset{} = err} ->
+        Logger.error(inspect(err))
+        send_resp(conn, 500, "Unable to produce device code")
+    end
+  end
+
+  def device_code(conn, _args) do
+    send_resp(conn, 400, "You need to send to send at least client_id to obtain a device code")
+  end
+
   @spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
   def generate_access_token(conn, %{
         "client_id" => client_id,
@@ -93,11 +113,7 @@ defmodule Mobilizon.Web.ApplicationController do
       }) do
     case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
       {:ok, token} ->
-        if redirect_uri != @out_of_band_redirect_uri do
-          redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
-        else
-          json(conn, token)
-        end
+        redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
 
       {:error, :application_not_found} ->
         send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))
@@ -123,6 +139,27 @@ defmodule Mobilizon.Web.ApplicationController do
     end
   end
 
+  def generate_access_token(conn, %{
+        "client_id" => client_id,
+        "device_code" => device_code,
+        "grant_type" => "urn:ietf:params:oauth:grant-type:device_code",
+        "_format" => "json"
+      }) do
+    json(conn, Applications.generate_access_token(client_id, device_code))
+  end
+
+  def generate_access_token(conn, %{
+        "client_id" => client_id,
+        "device_code" => device_code,
+        "grant_type" => "urn:ietf:params:oauth:grant-type:device_code"
+      }) do
+    send_resp(
+      conn,
+      200,
+      URI.encode_query(Applications.generate_access_token(client_id, device_code))
+    )
+  end
+
   @spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
   defp generate_redirect_with_query_params(redirect_uri, query_params) do
     redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()
diff --git a/lib/web/controllers/page_controller.ex b/lib/web/controllers/page_controller.ex
index 5243eec68..798d91aaa 100644
--- a/lib/web/controllers/page_controller.ex
+++ b/lib/web/controllers/page_controller.ex
@@ -124,6 +124,9 @@ defmodule Mobilizon.Web.PageController do
   @spec authorize(Plug.Conn.t(), any) :: Plug.Conn.t()
   def authorize(conn, _params), do: render(conn, :index)
 
+  @spec auth_device(Plug.Conn.t(), any) :: Plug.Conn.t()
+  def auth_device(conn, _params), do: render(conn, :index)
+
   @spec handle_collection_route(Plug.Conn.t(), collections()) :: Plug.Conn.t()
   defp handle_collection_route(conn, collection) do
     case get_format(conn) do
diff --git a/lib/web/router.ex b/lib/web/router.ex
index c85314471..97907aed9 100644
--- a/lib/web/router.ex
+++ b/lib/web/router.ex
@@ -210,6 +210,17 @@ defmodule Mobilizon.Web.Router do
     get("/oauth/authorize", ApplicationController, :authorize)
     post("/oauth/token", ApplicationController, :generate_access_token)
     get("/oauth/autorize_approve", PageController, :authorize)
+    get("/login/device", PageController, :auth_device)
+  end
+
+  pipeline :login do
+    plug(:accepts, ["html", "json"])
+  end
+
+  scope "/login", Mobilizon.Web do
+    pipe_through(:login)
+
+    post("/device/code", ApplicationController, :device_code)
   end
 
   scope "/proxy/", Mobilizon.Web do
diff --git a/priv/repo/migrations/20230216151638_add_device_flow_support.exs b/priv/repo/migrations/20230216151638_add_device_flow_support.exs
new file mode 100644
index 000000000..2e83dc59c
--- /dev/null
+++ b/priv/repo/migrations/20230216151638_add_device_flow_support.exs
@@ -0,0 +1,10 @@
+defmodule Mobilizon.Storage.Repo.Migrations.AddDeviceFlowSupport do
+  use Ecto.Migration
+
+  def change do
+    alter table(:application_tokens) do
+      add(:status, :string, default: :pending, null: false)
+      add(:scope, :string)
+    end
+  end
+end
diff --git a/priv/repo/migrations/20230217084253_create_application_device_activation.exs b/priv/repo/migrations/20230217084253_create_application_device_activation.exs
new file mode 100644
index 000000000..40e28bcdb
--- /dev/null
+++ b/priv/repo/migrations/20230217084253_create_application_device_activation.exs
@@ -0,0 +1,16 @@
+defmodule Mobilizon.Repo.Migrations.CreateApplicationDeviceActivation do
+  use Ecto.Migration
+
+  def change do
+    create table(:application_device_activation) do
+      add(:user_code, :string)
+      add(:device_code, :string)
+      add(:scope, :string)
+      add(:expires_in, :integer)
+      add(:status, :string, default: "pending")
+      add(:user_id, references(:users, on_delete: :delete_all), null: true)
+      add(:application_id, references(:applications, on_delete: :delete_all), null: false)
+      timestamps()
+    end
+  end
+end
diff --git a/test/mobilizon/applications_test.exs b/test/mobilizon/applications_test.exs
index b1553393e..01fbc41ed 100644
--- a/test/mobilizon/applications_test.exs
+++ b/test/mobilizon/applications_test.exs
@@ -143,4 +143,78 @@ defmodule Mobilizon.ApplicationsTest do
       assert %Ecto.Changeset{} = Applications.change_application_token(application_token)
     end
   end
+
+  describe "application_device_activation" do
+    alias Mobilizon.Applications.ApplicationDeviceActivation
+
+    import Mobilizon.ApplicationsFixtures
+
+    @invalid_attrs %{}
+
+    test "list_application_device_activation/0 returns all application_device_activation" do
+      application_device_activation = application_device_activation_fixture()
+      assert Applications.list_application_device_activation() == [application_device_activation]
+    end
+
+    test "get_application_device_activation!/1 returns the application_device_activation with given id" do
+      application_device_activation = application_device_activation_fixture()
+
+      assert Applications.get_application_device_activation!(application_device_activation.id) ==
+               application_device_activation
+    end
+
+    test "create_application_device_activation/1 with valid data creates a application_device_activation" do
+      valid_attrs = %{}
+
+      assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
+               Applications.create_application_device_activation(valid_attrs)
+    end
+
+    test "create_application_device_activation/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} =
+               Applications.create_application_device_activation(@invalid_attrs)
+    end
+
+    test "update_application_device_activation/2 with valid data updates the application_device_activation" do
+      application_device_activation = application_device_activation_fixture()
+      update_attrs = %{}
+
+      assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
+               Applications.update_application_device_activation(
+                 application_device_activation,
+                 update_attrs
+               )
+    end
+
+    test "update_application_device_activation/2 with invalid data returns error changeset" do
+      application_device_activation = application_device_activation_fixture()
+
+      assert {:error, %Ecto.Changeset{}} =
+               Applications.update_application_device_activation(
+                 application_device_activation,
+                 @invalid_attrs
+               )
+
+      assert application_device_activation ==
+               Applications.get_application_device_activation!(application_device_activation.id)
+    end
+
+    test "delete_application_device_activation/1 deletes the application_device_activation" do
+      application_device_activation = application_device_activation_fixture()
+
+      assert {:ok, %ApplicationDeviceActivation{}} =
+               Applications.delete_application_device_activation(application_device_activation)
+
+      assert_raise Ecto.NoResultsError, fn ->
+        Applications.get_application_device_activation!(application_device_activation.id)
+      end
+    end
+
+    test "change_application_device_activation/1 returns a application_device_activation changeset" do
+      application_device_activation = application_device_activation_fixture()
+
+      assert %Ecto.Changeset{} =
+               Applications.change_application_device_activation(application_device_activation)
+    end
+  end
 end
diff --git a/test/support/fixtures/applications_fixtures.ex b/test/support/fixtures/applications_fixtures.ex
index 10f341098..0607e6981 100644
--- a/test/support/fixtures/applications_fixtures.ex
+++ b/test/support/fixtures/applications_fixtures.ex
@@ -40,4 +40,16 @@ defmodule Mobilizon.ApplicationsFixtures do
 
     application_token
   end
+
+  @doc """
+  Generate a application_device_activation.
+  """
+  def application_device_activation_fixture(attrs \\ %{}) do
+    {:ok, application_device_activation} =
+      attrs
+      |> Enum.into(%{})
+      |> Mobilizon.Applications.create_application_device_activation()
+
+    application_device_activation
+  end
 end

From 8984bd76367e70cdecc79344be30302616d14c46 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 17 Mar 2023 18:10:59 +0100
Subject: [PATCH 05/12] Introduce authorizations with Rajska

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 config/test.exs                               |    2 +-
 js/package.json                               |   23 +-
 js/src/components/Event/EventMetadataList.vue |   17 +-
 .../Event/OrganizerPickerWrapper.story.vue    |    2 +-
 .../components/OAuth/AuthorizeApplication.vue |  135 +-
 js/src/components/OAuth/scopes.ts             |  283 +++
 js/src/components/core/MaterialIcon.vue       |    8 +
 js/src/composition/apollo/actor.ts            |    5 +-
 js/src/composition/apollo/user.ts             |   10 +-
 js/src/graphql/actor.ts                       |    8 +-
 js/src/graphql/application.ts                 |   21 +-
 js/src/graphql/config.ts                      |    1 +
 js/src/graphql/group.ts                       |   10 +-
 js/src/i18n/en_US.json                        |   98 +-
 js/src/i18n/fr_FR.json                        |   96 +-
 js/src/types/application.model.ts             |    2 +-
 js/src/types/current-user.model.ts            |    1 +
 js/src/utils/identity.ts                      |    5 +-
 .../views/Account/children/EditIdentity.vue   |   25 +-
 js/src/views/Group/TimelineView.vue           |   45 +-
 js/src/views/OAuth/AuthorizeView.vue          |   50 +-
 js/src/views/Settings/AppsView.vue            |    6 +-
 js/vite.config.js                             |    7 +
 js/yarn.lock                                  | 1818 ++++++++++-------
 lib/graphql/authorization.ex                  |   86 +
 lib/graphql/authorization/app_scope.ex        |  118 ++
 lib/graphql/error.ex                          |   19 +
 lib/graphql/resolvers/application.ex          |   62 +-
 lib/graphql/resolvers/media.ex                |    4 +-
 lib/graphql/schema.ex                         |   25 +-
 lib/graphql/schema/activity.ex                |    4 +
 lib/graphql/schema/actor.ex                   |    4 +
 lib/graphql/schema/actors/application.ex      |    1 +
 lib/graphql/schema/actors/follower.ex         |    4 +
 lib/graphql/schema/actors/group.ex            |   61 +-
 lib/graphql/schema/actors/member.ex           |   91 +-
 lib/graphql/schema/actors/person.ex           |   78 +-
 lib/graphql/schema/address.ex                 |    8 +-
 lib/graphql/schema/admin.ex                   |   27 +-
 lib/graphql/schema/auth_application.ex        |   52 +-
 lib/graphql/schema/config.ex                  |   45 +
 lib/graphql/schema/discussions/comment.ex     |   24 +
 lib/graphql/schema/discussions/discussion.ex  |   39 +
 lib/graphql/schema/event.ex                   |   45 +-
 lib/graphql/schema/events/feed_token.ex       |   17 +
 lib/graphql/schema/events/participant.ex      |   24 +-
 lib/graphql/schema/followed_group_activity.ex |    2 +
 lib/graphql/schema/media.ex                   |   20 +
 lib/graphql/schema/post.ex                    |   37 +-
 lib/graphql/schema/report.ex                  |   36 +-
 lib/graphql/schema/resource.ex                |   38 +
 lib/graphql/schema/search.ex                  |   13 +-
 lib/graphql/schema/statistics.ex              |    4 +
 lib/graphql/schema/tag.ex                     |    2 +
 lib/graphql/schema/todos/todo.ex              |    6 +-
 lib/graphql/schema/todos/todo_list.ex         |    4 +
 lib/graphql/schema/user.ex                    |   64 +-
 lib/graphql/schema/users/activity_setting.ex  |    8 +
 lib/graphql/schema/users/push_subscription.ex |   14 +
 lib/mobilizon/applications.ex                 |   29 +-
 lib/mobilizon/applications/application.ex     |    8 +-
 .../application_device_activation.ex          |    2 +-
 .../applications/application_token.ex         |    2 +-
 lib/service/auth/applications.ex              |  223 +-
 lib/web/auth/context.ex                       |    2 +-
 lib/web/auth/error_handler.ex                 |    5 +-
 lib/web/auth/guardian.ex                      |   19 +-
 lib/web/controllers/application_controller.ex |  173 +-
 lib/web/router.ex                             |    6 +-
 mix.exs                                       |    1 +
 mix.lock                                      |    1 +
 .../20230208101626_create_applications.exs    |    4 +-
 ...230215125801_create_application_tokens.exs |    2 +
 ...20230216151638_add_device_flow_support.exs |   10 -
 test/graphql/resolvers/activity_test.exs      |    3 +-
 test/graphql/resolvers/admin_test.exs         |  107 +-
 test/graphql/resolvers/application_test.exs   |  533 +++++
 test/graphql/resolvers/comment_test.exs       |   13 +-
 test/graphql/resolvers/event_test.exs         |   97 +-
 test/graphql/resolvers/feed_token_test.exs    |  176 +-
 test/graphql/resolvers/follower_test.exs      |    5 +-
 test/graphql/resolvers/group_test.exs         |   48 +-
 test/graphql/resolvers/media_test.exs         |    2 +-
 test/graphql/resolvers/member_test.exs        |    6 +-
 test/graphql/resolvers/person_test.exs        |    3 +-
 test/graphql/resolvers/report_test.exs        |    8 +-
 test/graphql/resolvers/resource_test.exs      |    8 +-
 test/graphql/resolvers/search_test.exs        |   49 +-
 test/graphql/resolvers/tag_test.exs           |   24 +-
 test/graphql/resolvers/user_test.exs          |   78 +-
 test/mobilizon/applications_test.exs          |   33 +-
 test/support/conn_case.ex                     |   10 +-
 test/support/factory.ex                       |   33 +
 .../support/fixtures/applications_fixtures.ex |   15 +-
 .../application_controller_test.exs           |  563 +++++
 95 files changed, 4560 insertions(+), 1505 deletions(-)
 create mode 100644 js/src/components/OAuth/scopes.ts
 create mode 100644 lib/graphql/authorization.ex
 create mode 100644 lib/graphql/authorization/app_scope.ex
 delete mode 100644 priv/repo/migrations/20230216151638_add_device_flow_support.exs
 create mode 100644 test/graphql/resolvers/application_test.exs
 create mode 100644 test/web/controllers/application_controller_test.exs

diff --git a/config/test.exs b/config/test.exs
index 62901358f..b5995e94a 100644
--- a/config/test.exs
+++ b/config/test.exs
@@ -78,7 +78,7 @@ config :tesla, Mobilizon.Service.HTTP.HostMetaClient,
 
 config :mobilizon, Mobilizon.Service.Geospatial, service: Mobilizon.Service.Geospatial.Mock
 
-config :mobilizon, Oban, queues: false, plugins: false
+config :mobilizon, Oban, testing: :manual
 
 config :mobilizon, Mobilizon.Web.Auth.Guardian, secret_key: "some secret"
 
diff --git a/js/package.json b/js/package.json
index d73a875ce..40b802bad 100644
--- a/js/package.json
+++ b/js/package.json
@@ -45,6 +45,7 @@
     "@tiptap/extension-strike": "^2.0.0-beta.26",
     "@tiptap/extension-text": "^2.0.0-beta.15",
     "@tiptap/extension-underline": "^2.0.0-beta.7",
+    "@tiptap/pm": "^2.0.0-beta.220",
     "@tiptap/suggestion": "^2.0.0-beta.195",
     "@tiptap/vue-3": "^2.0.0-beta.96",
     "@vue-a11y/announcer": "^2.1.0",
@@ -59,7 +60,7 @@
     "autoprefixer": "^10",
     "blurhash": "^2.0.0",
     "date-fns": "^2.16.0",
-    "date-fns-tz": "^1.1.6",
+    "date-fns-tz": "^2.0.0",
     "floating-vue": "^2.0.0-beta.17",
     "graphql": "^15.8.0",
     "graphql-tag": "^2.10.3",
@@ -74,16 +75,6 @@
     "p-debounce": "^4.0.0",
     "phoenix": "^1.6",
     "postcss": "^8",
-    "prosemirror-commands": "^1.5.0",
-    "prosemirror-dropcursor": "^1.6.1",
-    "prosemirror-gapcursor": "^1.3.1",
-    "prosemirror-history": "^1.3.0",
-    "prosemirror-keymap": "^1.2.0",
-    "prosemirror-model": "^1.19.0",
-    "prosemirror-schema-list": "^1.2.2",
-    "prosemirror-state": "^1.4.2",
-    "prosemirror-transform": "^1.7.1",
-    "prosemirror-view": "^1.30.0",
     "register-service-worker": "^1.7.2",
     "sanitize-html": "^2.5.3",
     "tailwindcss": "^3",
@@ -100,7 +91,7 @@
     "zhyswan-vuedraggable": "^4.1.3"
   },
   "devDependencies": {
-    "@histoire/plugin-vue": "^0.12.4",
+    "@histoire/plugin-vue": "^0.15.8",
     "@playwright/test": "^1.25.1",
     "@rushstack/eslint-patch": "^1.1.4",
     "@tailwindcss/forms": "^0.5.2",
@@ -114,8 +105,8 @@
     "@types/phoenix": "^1.5.2",
     "@types/sanitize-html": "^2.5.0",
     "@vitejs/plugin-vue": "^4.0.0",
-    "@vitest/coverage-c8": "^0.28.2",
-    "@vitest/ui": "^0.28.2",
+    "@vitest/coverage-c8": "^0.29.2",
+    "@vitest/ui": "^0.29.2",
     "@vue/eslint-config-prettier": "^7.0.0",
     "@vue/eslint-config-typescript": "^11.0.0",
     "@vue/test-utils": "^2.0.2",
@@ -125,7 +116,7 @@
     "eslint-plugin-prettier": "^4.0.0",
     "eslint-plugin-vue": "^9.3.0",
     "flush-promises": "^1.0.2",
-    "histoire": "^0.12.4",
+    "histoire": "^0.15.8",
     "jsdom": "^21.1.0",
     "mock-apollo-client": "^1.1.0",
     "prettier": "^2.2.1",
@@ -135,7 +126,7 @@
     "typescript": "~4.9.4",
     "vite": "^4.0.4",
     "vite-plugin-pwa": "^0.14.1",
-    "vitest": "^0.28.2",
+    "vitest": "^0.29.2",
     "vue-i18n-extract": "^2.0.4"
   }
 }
diff --git a/js/src/components/Event/EventMetadataList.vue b/js/src/components/Event/EventMetadataList.vue
index d3fb4abd0..1b5041513 100644
--- a/js/src/components/Event/EventMetadataList.vue
+++ b/js/src/components/Event/EventMetadataList.vue
@@ -65,18 +65,15 @@
     </o-field>
     <o-modal
       has-modal-card
-      v-model="showNewElementModal"
+      v-model:active="showNewElementModal"
       :close-button-aria-label="$t('Close')"
     >
-      <div class="modal-card">
-        <header class="modal-card-head">
-          <button
-            type="button"
-            class="delete"
-            @click="showNewElementModal = false"
-          />
+      <div class="">
+        <header class="">
+          <h2>{{ t('Create a new metadata element') }}</h2>
+          <p>{{  t('You can put any arbitrary content in this element. URLs will be clickable.') }}</p>
         </header>
-        <div class="modal-card-body">
+        <div class="">
           <form @submit="addNewElement">
             <o-field :label="$t('Element title')">
               <o-input v-model="newElement.title" />
@@ -84,7 +81,7 @@
             <o-field :label="$t('Element value')">
               <o-input v-model="newElement.value" />
             </o-field>
-            <o-button variant="primary" native-type="submit">{{
+            <o-button class="mt-2" variant="primary" native-type="submit">{{
               $t("Add")
             }}</o-button>
           </form>
diff --git a/js/src/components/Event/OrganizerPickerWrapper.story.vue b/js/src/components/Event/OrganizerPickerWrapper.story.vue
index 0f67ec97b..bc8e1df0d 100644
--- a/js/src/components/Event/OrganizerPickerWrapper.story.vue
+++ b/js/src/components/Event/OrganizerPickerWrapper.story.vue
@@ -70,7 +70,7 @@ function setupApp({ app }) {
       new Promise((resolve) =>
         resolve({
           data: {
-            identities: [{ id: "9", preferredUsername: "sam", name: "Samuel" }],
+            loggedUser: { actors: [{ id: "9", preferredUsername: "sam", name: "Samuel" }] },
           },
         })
       )
diff --git a/js/src/components/OAuth/AuthorizeApplication.vue b/js/src/components/OAuth/AuthorizeApplication.vue
index 913ef0441..695821362 100644
--- a/js/src/components/OAuth/AuthorizeApplication.vue
+++ b/js/src/components/OAuth/AuthorizeApplication.vue
@@ -1,44 +1,94 @@
 <template>
-  <h1 class="text-3xl">
-    {{ t("Autorize this application to access your account?") }}
-  </h1>
+  <div>
+    <h1 class="text-3xl">
+      {{ t("Autorize this application to access your account?") }}
+    </h1>
 
-  <div
-    class="rounded-lg bg-mbz-warning dark:text-black shadow-xl my-6 p-4 flex items-center gap-2"
-  >
-    <AlertCircle :size="42" />
-    <p>
-      {{
-        t(
-          "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
-        )
-      }}
-    </p>
-  </div>
-
-  <div class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6">
-    <div class="p-4 pb-0">
-      <p class="text-3xl font-bold">{{ authApplication.name }}</p>
-      <p>{{ authApplication.website }}</p>
-    </div>
-    <div class="flex gap-3 p-4">
-      <o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
-      <o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
-        t("Decline")
-      }}</o-button>
+    <div class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6">
+      <div class="p-4 pb-0">
+        <p class="text-3xl font-bold">{{ authApplication.name }}</p>
+        <p>{{ authApplication.website }}</p>
+      </div>
+      <p class="p-4">
+        {{
+          t(
+            "You'll be able to revoke access for this application in your account settings."
+          )
+        }}
+      </p>
+      <div class="">
+        <div
+          v-if="collapses.length === 0"
+          class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
+        >
+          <AlertCircle :size="42" />
+          <p>
+            {{
+              t(
+                "This application didn't ask for known permissions. It's likely the request is incorrect."
+              )
+            }}
+          </p>
+        </div>
+        <p v-else class="px-4 font-bold">
+          {{ t('This application asks for the following permissions:') }}
+        </p>
+        <o-collapse
+          class="mt-3 border-b pb-2 border-zinc-700 text-black dark:text-white"
+          :class="{
+            'bg-mbz-warning dark:!text-black': collapse?.type === 'warning',
+          }"
+          animation="slide"
+          v-for="(collapse, index) of collapses"
+          :key="index"
+          :open="isOpen === index"
+          @open="isOpen = index"
+        >
+          <template #trigger="props">
+            <div class="flex py-1" role="button">
+              <o-icon :icon="collapse.icon" class="px-2" />
+              <p class="font-bold text-lg p-2 flex-1">
+                {{ collapse.title }}
+              </p>
+              <a
+                class="flex items-center cursor-pointer p-3 justify-center self-end"
+              >
+                <o-icon :icon="props.open ? 'chevron-up' : 'chevron-down'">
+                </o-icon>
+              </a>
+            </div>
+          </template>
+          <div class="p-2">
+            <div class="content">
+              {{ collapse.text }}
+            </div>
+          </div>
+        </o-collapse>
+      </div>
+      <div class="flex gap-3 p-4">
+        <o-button
+          :disabled="collapses.length === 0"
+          @click="() => authorize()"
+          >{{ t("Authorize") }}</o-button
+        >
+        <o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
+          t("Decline")
+        }}</o-button>
+      </div>
     </div>
   </div>
 </template>
 
 <script lang="ts" setup>
 import { useHead } from "@vueuse/head";
-import { computed } from "vue";
+import { computed, ref } from "vue";
 import { useI18n } from "vue-i18n";
 import { useMutation } from "@vue/apollo-composable";
 import { AUTORIZE_APPLICATION } from "@/graphql/application";
-import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
 import RouteName from "@/router/name";
 import { IApplication } from "@/types/application.model";
+import { scope } from "./scope";
+import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
 
 const { t } = useI18n({ useScope: "global" });
 
@@ -49,9 +99,25 @@ const props = defineProps<{
   scope?: string | null;
 }>();
 
+const isOpen = ref<number>(-1);
+
+const collapses = computed(() =>
+  (props.scope ?? "")
+    .split(" ")
+    .map((scope) => scope[scope])
+    .filter((scope) => scope)
+);
+
 const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
   useMutation<
-    { authorizeApplication: { code: string; state: string } },
+    {
+      authorizeApplication: {
+        code: string;
+        state: string;
+        clientId: string;
+        scope: string;
+      };
+    },
     {
       applicationClientId: string;
       redirectURI: string;
@@ -71,13 +137,20 @@ const authorize = () => {
 
 onAuthorizeMutationDone(({ data }) => {
   const code = data?.authorizeApplication?.code;
+  const localClientId = data?.authorizeApplication?.clientId;
+  const localScope = data?.authorizeApplication?.scope;
   const returnedState = data?.authorizeApplication?.state ?? "";
 
-  if (!code) return;
+  if (!code || !localClientId || !localScope) return;
 
   if (props.redirectURI) {
     const params = new URLSearchParams(
-      Object.entries({ code, state: returnedState })
+      Object.entries({
+        code,
+        state: returnedState,
+        client_id: localClientId,
+        scope: localScope,
+      })
     );
     window.location.assign(
       new URL(`${props.redirectURI}?${params.toString()}`)
diff --git a/js/src/components/OAuth/scopes.ts b/js/src/components/OAuth/scopes.ts
new file mode 100644
index 000000000..543cdc2ad
--- /dev/null
+++ b/js/src/components/OAuth/scopes.ts
@@ -0,0 +1,283 @@
+import { i18n } from "@/utils/i18n";
+
+const t = i18n.global.t;
+
+export const scope: Record<
+  string,
+  { title: string; type?: "warning"; text: string; icon?: string }
+> = {
+  read: {
+    title: t("Read all of your account's data"),
+    type: "warning",
+    text: t(
+      "This application will be allowed to see all of your events organized, the events you participate to, as well as every data from your groups."
+    ),
+    icon: "eye-outline",
+  },
+  write: {
+    title: t("Modify all of your account's data"),
+    text: t(
+      "This application will be allowed to publish and manage events on your behalf, post and manage comments, participate to events, manage all of your groups, including group events, resources, posts and discussions. It will also be allowed to manage your account and profile settings."
+    ),
+    type: "warning",
+    icon: "pencil-outline",
+  },
+  "write:event:create": {
+    title: t("Publish events"),
+    text: t(
+      "This application will be allowed to publish events on your behalf"
+    ),
+    icon: "calendar",
+  },
+  "write:event:update": {
+    title: t("Update events"),
+    text: t("This application will be allowed to update events on your behalf"),
+    icon: "calendar",
+  },
+  "write:event:delete": {
+    title: t("Delete events"),
+    text: t("This application will be allowed to delete events on your behalf"),
+    icon: "calendar",
+  },
+  "write:media:upload": {
+    title: t("Upload media"),
+    text: t("This application will be allowed to upload media on your behalf"),
+    icon: "image",
+  },
+  "write:media:remove": {
+    title: t("Remove uploaded media"),
+    text: t(
+      "This application will be allowed to remove uploaded media on your behalf"
+    ),
+    icon: "image",
+  },
+  "write:group:post:create": {
+    title: t("Publish group posts"),
+    text: t(
+      "This application will be allowed to publish group posts on your behalf"
+    ),
+    icon: "bullhorn",
+  },
+  "write:group:post:update": {
+    title: t("Update group posts"),
+    text: t(
+      "This application will be allowed to update group posts on your behalf"
+    ),
+    icon: "bullhorn",
+  },
+  "write:group:post:delete": {
+    title: t("Delete group posts"),
+    text: t(
+      "This application will be allowed to delete group posts on your behalf"
+    ),
+    icon: "bullhorn",
+  },
+  "read:group:resources": {
+    title: t("Access your group's resources"),
+    text: t(
+      "This application will be allowed to access all of the groups you're a member of on your behalf"
+    ),
+    icon: "link",
+  },
+  "write:group:resources:create": {
+    title: t("Create group resources"),
+    text: t(
+      "This application will be allowed to create resources in all of the groups you're a member of on your behalf"
+    ),
+    icon: "link",
+  },
+  "write:group:resources:update": {
+    title: t("Update group resources"),
+    text: t(
+      "This application will be allowed to update resources in all of the groups you're a member of on your behalf"
+    ),
+    icon: "link",
+  },
+  "write:group:resources:delete": {
+    title: t("Delete group resources"),
+    text: t(
+      "This application will be allowed to delete resources in all of the groups you're a member of on your behalf"
+    ),
+    icon: "link",
+  },
+  "read:group:events": {
+    title: t("Access group events"),
+    text: t(
+      "This application will be allowed to list and access group events in all of the groups you're a member of on your behalf"
+    ),
+    icon: "calendar",
+  },
+  "read:group:discussions": {
+    title: t("Access group discussions"),
+    text: t(
+      "This application will be allowed to list and access group discussions in all of the groups you're a member of on your behalf"
+    ),
+    icon: "chat",
+  },
+  "read:group:members": {
+    title: t("Access group members"),
+    text: t(
+      "This application will be allowed to list group members in all of the groups you're a member of on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "read:group:followers": {
+    title: t("Access group followers"),
+    text: t(
+      "This application will be allowed to list group followers in all of the groups you're a member of on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "read:group:activities": {
+    title: t("Access group activities"),
+    text: t(
+      "This application will be allowed to access group activities in all of the groups you're a member of on your behalf"
+    ),
+    icon: "timeline-text",
+  },
+  "read:group:todo_lists": {
+    title: t("Access group todo-lists"),
+    text: t(
+      "This application will be allowed to list and access group todo-lists in all of the groups you're a member of on your behalf"
+    ),
+    icon: "checkbox-marked",
+  },
+  "write:group:group_membership": {
+    title: t("Manage group memberships"),
+    text: t(
+      "This application will be allowed to join and leave groups on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "write:group:members": {
+    title: t("Manage group members"),
+    text: t(
+      "This application will be allowed to manage group members in all of the groups you're a member of on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "read:profile:organized_events": {
+    title: t("Access organized events"),
+    text: t(
+      "This application will be allowed to list and view your organized events"
+    ),
+    icon: "calendar",
+  },
+  "read:profile:participations": {
+    title: t("Access participations"),
+    text: t(
+      "This application will be allowed to list and view the events you're participating to"
+    ),
+    icon: "account-circle",
+  },
+  "read:profile:memberships": {
+    title: t("Access memberships"),
+    text: t(
+      "This application will be allowed to list and view the groups you're a member of"
+    ),
+    icon: "account-circle",
+  },
+  "read:profile:follows": {
+    title: t("Access followed groups"),
+    text: t(
+      "This application will be allowed to list and view the groups you're following"
+    ),
+    icon: "account-circle",
+  },
+  "write:profile:create": {
+    title: t("Create new profiles"),
+    text: t(
+      "This application will be allowed to create new profiles for your account on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "write:profile:update": {
+    title: t("Update profiles"),
+    text: t(
+      "This application will be allowed to update your profiles on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "write:profile:delete": {
+    title: t("Delete profiles"),
+    text: t(
+      "This application will be allowed to delete your profiles on your behalf"
+    ),
+    icon: "account-circle",
+  },
+  "write:comment:create": {
+    title: t("Post comments"),
+    text: t("This application will be allowed to post comments on your behalf"),
+    icon: "comment",
+  },
+  "write:comment:update": {
+    title: t("Update comments"),
+    text: t(
+      "This application will be allowed to update comments on your behalf"
+    ),
+    icon: "comment",
+  },
+  "write:comment:delete": {
+    title: t("Delete comments"),
+    text: t(
+      "This application will be allowed to delete comments on your behalf"
+    ),
+    icon: "comment",
+  },
+  "write:group:discussion:create": {
+    title: t("Create group discussions"),
+    text: t(
+      "This application will be allowed to create group discussions on your behalf"
+    ),
+    icon: "comment",
+  },
+  "write:group:discussion:update": {
+    title: t("Update group discussions"),
+    text: t(
+      "This application will be allowed to update group discussions on your behalf"
+    ),
+    icon: "comment",
+  },
+  "write:group:discussion:delete": {
+    title: t("Delete group discussions"),
+    text: t(
+      "This application will be allowed to delete group discussions on your behalf"
+    ),
+    icon: "comment",
+  },
+  "write:profile:feed_token:create": {
+    title: t("Create feed tokens"),
+    text: t(
+      "This application will be allowed to create feed tokens on your behalf"
+    ),
+    icon: "rss",
+  },
+  "write:feed_token:delete": {
+    title: t("Delete feed tokens"),
+    text: t(
+      "This application will be allowed to delete feed tokens on your behalf"
+    ),
+    icon: "rss",
+  },
+  "write:participation": {
+    title: t("Manage event participations"),
+    text: t(
+      "This application will be allowed to manage events participations on your behalf"
+    ),
+    icon: "rss",
+  },
+  "write:user:setting:activity": {
+    title: t("Manage activity settings"),
+    text: t(
+      "This application will be allowed to manage your account activity settings"
+    ),
+    icon: "cog",
+  },
+  "write:user:setting:push": {
+    title: t("Manage push notification settings"),
+    text: t(
+      "This application will be allowed to manage your account push notification settings"
+    ),
+    icon: "cog",
+  },
+};
diff --git a/js/src/components/core/MaterialIcon.vue b/js/src/components/core/MaterialIcon.vue
index 9124fc444..4d05b7bed 100644
--- a/js/src/components/core/MaterialIcon.vue
+++ b/js/src/components/core/MaterialIcon.vue
@@ -250,6 +250,14 @@ const icons: Record<string, () => Promise<any>> = {
     ),
   ExitToApp: () =>
     import(`../../../node_modules/vue-material-design-icons/ExitToApp.vue`),
+  CheckboxMarked: () =>
+    import(
+      `../../../node_modules/vue-material-design-icons/CheckboxMarked.vue`
+    ),
+  EyeOutline: () =>
+    import(`../../../node_modules/vue-material-design-icons/EyeOutline.vue`),
+  PencilOutline: () =>
+    import(`../../../node_modules/vue-material-design-icons/PencilOutline.vue`),
 };
 
 const props = withDefaults(
diff --git a/js/src/composition/apollo/actor.ts b/js/src/composition/apollo/actor.ts
index ca2463452..32219f35b 100644
--- a/js/src/composition/apollo/actor.ts
+++ b/js/src/composition/apollo/actor.ts
@@ -5,6 +5,7 @@ import {
   PERSON_STATUS_GROUP,
 } from "@/graphql/actor";
 import { IPerson } from "@/types/actor";
+import { ICurrentUser } from "@/types/current-user.model";
 import { useQuery } from "@vue/apollo-composable";
 import { computed, Ref, unref } from "vue";
 import { useCurrentUserClient } from "./user";
@@ -24,7 +25,7 @@ export function useCurrentActorClient() {
 export function useCurrentUserIdentities() {
   const { currentUser } = useCurrentUserClient();
 
-  const { result, error, loading } = useQuery<{ identities: IPerson[] }>(
+  const { result, error, loading } = useQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>(
     IDENTITIES,
     {},
     () => ({
@@ -35,7 +36,7 @@ export function useCurrentUserIdentities() {
     })
   );
 
-  const identities = computed(() => result.value?.identities);
+  const identities = computed(() => result.value?.loggedUser?.actors);
   return { identities, error, loading };
 }
 
diff --git a/js/src/composition/apollo/user.ts b/js/src/composition/apollo/user.ts
index b285d7f7c..e5666d0ce 100644
--- a/js/src/composition/apollo/user.ts
+++ b/js/src/composition/apollo/user.ts
@@ -82,11 +82,11 @@ export function registerAccount() {
       { context }
     ) => {
       if (context?.userAlreadyActivated) {
-        const identitiesData = store.readQuery<{ identities: IPerson[] }>({
+        const currentUserData = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
           query: IDENTITIES,
         });
 
-        if (identitiesData && localData) {
+        if (currentUserData && localData) {
           const newPersonData = {
             ...localData.registerPerson,
             type: ActorType.PERSON,
@@ -95,8 +95,10 @@ export function registerAccount() {
           store.writeQuery({
             query: IDENTITIES,
             data: {
-              ...identitiesData,
-              identities: [...identitiesData.identities, newPersonData],
+              ...currentUserData.loggedUser,
+              actors: [
+                [...currentUserData.loggedUser.actors, newPersonData]
+              ]
             },
           });
         }
diff --git a/js/src/graphql/actor.ts b/js/src/graphql/actor.ts
index af9b244cc..71e09e3f7 100644
--- a/js/src/graphql/actor.ts
+++ b/js/src/graphql/actor.ts
@@ -282,13 +282,17 @@ export const LOGGED_USER_MEMBERSHIPS = gql`
 
 export const IDENTITIES = gql`
   query Identities {
-    identities {
-      ...ActorFragment
+    loggedUser {
+      actors {
+        ...ActorFragment
+      }
     }
   }
   ${ACTOR_FRAGMENT}
 `;
 
+
+
 export const PERSON_MEMBERSHIPS = gql`
   query PersonMemberships($id: ID!) {
     person(id: $id) {
diff --git a/js/src/graphql/application.ts b/js/src/graphql/application.ts
index 086a8579d..50babb52f 100644
--- a/js/src/graphql/application.ts
+++ b/js/src/graphql/application.ts
@@ -14,9 +14,9 @@ export const AUTH_APPLICATION = gql`
 export const AUTORIZE_APPLICATION = gql`
   mutation AuthorizeApplication(
     $applicationClientId: String!
-    $redirectURI: String
+    $redirectURI: String!
     $state: String
-    $scope: String
+    $scope: String!
   ) {
     authorizeApplication(
       clientId: $applicationClientId
@@ -26,6 +26,23 @@ export const AUTORIZE_APPLICATION = gql`
     ) {
       code
       state
+      clientId
+      scope
+    }
+  }
+`;
+
+export const AUTORIZE_DEVICE_APPLICATION = gql`
+  mutation AuthorizeDeviceApplication(
+    $applicationClientId: String!
+    $userCode: String
+  ) {
+    authorizeDeviceApplication(
+      clientId: $applicationClientId
+      userCode: $userCode
+    ) {
+      clientId
+      scope
     }
   }
 `;
diff --git a/js/src/graphql/config.ts b/js/src/graphql/config.ts
index 4f8c0b258..64ca90a5e 100644
--- a/js/src/graphql/config.ts
+++ b/js/src/graphql/config.ts
@@ -72,6 +72,7 @@ export const CONFIG = gql`
       features {
         groups
         eventCreation
+        antispam
       }
       restrictions {
         onlyAdminCanCreateGroups
diff --git a/js/src/graphql/group.ts b/js/src/graphql/group.ts
index 54afdb4fe..ae45ef5ad 100644
--- a/js/src/graphql/group.ts
+++ b/js/src/graphql/group.ts
@@ -226,15 +226,6 @@ export const FETCH_GROUP = gql`
   ${RESOURCE_METADATA_BASIC_FIELDS_FRAGMENT}
 `;
 
-export const FETCH_GROUP_BY_ID = gql`
-  query FetchGroupById($id: ID!) {
-    groupById(id: $name) {
-      ...GroupFullFields
-    }
-  }
-  ${GROUP_FIELDS_FRAGMENTS}
-`;
-
 export const GET_GROUP = gql`
   query GetGroup(
     $id: ID!
@@ -407,6 +398,7 @@ export const GROUP_TIMELINE = gql`
               openness
               physicalAddress {
                 id
+                originId
               }
               banner {
                 id
diff --git a/js/src/i18n/en_US.json b/js/src/i18n/en_US.json
index d14808ad9..0d8493b7d 100644
--- a/js/src/i18n/en_US.json
+++ b/js/src/i18n/en_US.json
@@ -1457,5 +1457,101 @@
   "Autorize this application to access your account?": "Autorize this application to access your account?",
   "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust.": "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust.",
   "Authorize application": "Authorize application",
-  "Authorize": "Authorize"
+  "Authorize": "Authorize",
+  "You'll be able to revoke access for this application in your account settings.": "You'll be able to revoke access for this application in your account settings.",
+  "Read all of your account's data": "Read all of your account's data",
+  "This application will be allowed to see all of your events organized, the events you participate to, …": "",
+  "Modify all of your account's data": "Modify all of your account's data",
+  "This application will be allowed to publish events on your behalf, participate to events": "",
+  "Publish events": "Publish events",
+  "This application will be allowed to publish events on your behalf": "This application will be allowed to publish events on your behalf",
+  "Update events": "Update events",
+  "This application will be allowed to update events on your behalf": "This application will be allowed to update events on your behalf",
+  "Delete events": "Delete events",
+  "This application will be allowed to delete events on your behalf": "This application will be allowed to delete events on your behalf",
+  "Upload media": "Upload media",
+  "This application will be allowed to upload media on your behalf": "This application will be allowed to upload media on your behalf",
+  "Remove uploaded media": "Remove uploaded media",
+  "This application will be allowed to remove uploaded media on your behalf": "This application will be allowed to remove uploaded media on your behalf",
+  "Publish group posts": "Publish group posts",
+  "This application will be allowed to publish group posts on your behalf": "This application will be allowed to publish group posts on your behalf",
+  "Update group posts": "Update group posts",
+  "This application will be allowed to update group posts on your behalf": "This application will be allowed to update group posts on your behalf",
+  "Delete group posts": "Delete group posts",
+  "This application will be allowed to delete group posts on your behalf": "This application will be allowed to delete group posts on your behalf",
+  "Access your group's resources": "Access your group's resources",
+  "This application will be allowed to access all of the groups you're a member of on your behalf": "This application will be allowed to access all of the groups you're a member of on your behalf",
+  "Create group resources": "Create group resources",
+  "This application will be allowed to create resources in all of the groups you're a member of on your behalf": "This application will be allowed to create resources in all of the groups you're a member of on your behalf",
+  "Update group resources": "Update group resources",
+  "This application will be allowed to update resources in all of the groups you're a member of on your behalf": "This application will be allowed to update resources in all of the groups you're a member of on your behalf",
+  "Delete group resources": "Delete group resources",
+  "This application will be allowed to delete resources in all of the groups you're a member of on your behalf": "This application will be allowed to delete resources in all of the groups you're a member of on your behalf",
+  "Access group events": "Access group events",
+  "This application will be allowed to list and access group events in all of the groups you're a member of on your behalf": "This application will be allowed to list and access group events in all of the groups you're a member of on your behalf",
+  "Access group discussions": "Access group discussions",
+  "This application will be allowed to list and access group discussions in all of the groups you're a member of on your behalf": "This application will be allowed to list and access group discussions in all of the groups you're a member of on your behalf",
+  "Access group members": "Access group members",
+  "This application will be allowed to list group members in all of the groups you're a member of on your behalf": "This application will be allowed to list group members in all of the groups you're a member of on your behalf",
+  "Access group followers": "Access group followers",
+  "This application will be allowed to list group followers in all of the groups you're a member of on your behalf": "This application will be allowed to list group followers in all of the groups you're a member of on your behalf",
+  "Access group activities": "Access group activities",
+  "This application will be allowed to access group activities in all of the groups you're a member of on your behalf": "This application will be allowed to access group activities in all of the groups you're a member of on your behalf",
+  "Access group todo-lists": "Access group todo-lists",
+  "This application will be allowed to list and access group todo-lists in all of the groups you're a member of on your behalf": "This application will be allowed to list and access group todo-lists in all of the groups you're a member of on your behalf",
+  "Manage group memberships": "Manage group memberships",
+  "This application will be allowed to join and leave groups on your behalf": "This application will be allowed to join and leave groups on your behalf",
+  "Manage group members": "Manage group members",
+  "This application will be allowed to manage group members in all of the groups you're a member of on your behalf": "This application will be allowed to manage group members in all of the groups you're a member of on your behalf",
+  "Access organized events": "Access organized events",
+  "This application will be allowed to list and view your organized events": "This application will be allowed to list and view your organized events",
+  "Access participations": "Access participations",
+  "This application will be allowed to list and view the events you're participating to": "This application will be allowed to list and view the events you're participating to",
+  "Access memberships": "Access memberships",
+  "This application will be allowed to list and view the groups you're a member of": "This application will be allowed to list and view the groups you're a member of",
+  "Access followed groups": "Access followed groups",
+  "This application will be allowed to list and view the groups you're following": "This application will be allowed to list and view the groups you're following",
+  "Create new profiles": "Create new profiles",
+  "This application will be allowed to create new profiles for your account on your behalf": "This application will be allowed to create new profiles for your account on your behalf",
+  "Update profiles": "Update profiles",
+  "This application will be allowed to update your profiles on your behalf": "This application will be allowed to update your profiles on your behalf",
+  "Delete profiles": "Delete profiles",
+  "This application will be allowed to delete your profiles on your behalf": "This application will be allowed to delete your profiles on your behalf",
+  "Post comments": "Post comments",
+  "This application will be allowed to post comments on your behalf": "This application will be allowed to post comments on your behalf",
+  "Update comments": "Update comments",
+  "This application will be allowed to update comments on your behalf": "This application will be allowed to update comments on your behalf",
+  "Delete comments": "Delete comments",
+  "This application will be allowed to delete comments on your behalf": "This application will be allowed to delete comments on your behalf",
+  "Create group discussions": "Create group discussions",
+  "This application will be allowed to create group discussions on your behalf": "This application will be allowed to create group discussions on your behalf",
+  "Update group discussions": "Update group discussions",
+  "This application will be allowed to update group discussions on your behalf": "This application will be allowed to update group discussions on your behalf",
+  "Delete group discussions": "Delete group discussions",
+  "This application will be allowed to delete group discussions on your behalf": "This application will be allowed to delete group discussions on your behalf",
+  "Create feed tokens": "Create feed tokens",
+  "This application will be allowed to create feed tokens on your behalf": "This application will be allowed to create feed tokens on your behalf",
+  "Delete feed tokens": "Delete feed tokens",
+  "This application will be allowed to delete feed tokens on your behalf": "This application will be allowed to delete feed tokens on your behalf",
+  "Manage event participations": "Manage event participations",
+  "This application will be allowed to manage events participations on your behalf": "This application will be allowed to manage events participations on your behalf",
+  "Manage activity settings": "Manage activity settings",
+  "This application will be allowed to manage your account activity settings": "This application will be allowed to manage your account activity settings",
+  "Manage push notification settings": "Manage push notification settings",
+  "This application will be allowed to manage your account push notification settings": "This application will be allowed to manage your account push notification settings",
+  "Apps": "Apps",
+  "Device activation": "Device activation",
+  "Application not found": "Application not found",
+  "The provided application was not found.": "The provided application was not found.",
+  "Your application code": "Your application code",
+  "You need to provide the following code to your application": "You need to provide the following code to your application",
+  "Enter the code displayed on your device": "Enter the code displayed on your device",
+  "Continue": "Continue",
+  "The device code is incorrect or no longer valid.": "The device code is incorrect or no longer valid.",
+  "These apps can access your account through the API. If you see here apps that you don't recognize, that don't work as expected or that you don't use anymore, you can revoke their access.": "These apps can access your account through the API. If you see here apps that you don't recognize, that don't work as expected or that you don't use anymore, you can revoke their access.",
+  "Last used on {last_used_date}": "Last used on {last_used_date}",
+  "Never used": "Never used",
+  "Authorized on {authorization_date}": "Authorized on {authorization_date}",
+  "Revoke": "Revoke",
+  "Application was revoked": "Application was revoked"
 }
\ No newline at end of file
diff --git a/js/src/i18n/fr_FR.json b/js/src/i18n/fr_FR.json
index 90ad97cb1..e255e59cb 100644
--- a/js/src/i18n/fr_FR.json
+++ b/js/src/i18n/fr_FR.json
@@ -1455,5 +1455,99 @@
   "Autorize this application to access your account?": "Autoriser cette application à accéder à votre compte ?",
   "This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust.": "Cette application sera capable d'accéder à toutes vos informations et poster du contenu en votre nom. Assurez-vous d'approuver uniquement des applications en lesquelles vous avez confiance.",
   "Authorize application": "Autoriser l'application",
-  "Authorize": "Autoriser"
+  "Authorize": "Autoriser",
+  "You'll be able to revoke access for this application in your account settings.": "Vous pourrez révoquer l'accès pour cette applications dans les paramètres de votre compte.",
+  "Read all of your account's data": "Lire toutes les données de votre compte",
+  "Modify all of your account's data": "Modifier toutes les données de votre compte",
+  "Publish events": "Publier des événements",
+  "This application will be allowed to publish events on your behalf": "Cette application pourra publier des événements en votre nom",
+  "Update events": "Update events",
+  "This application will be allowed to update events on your behalf": "Cette application pourra mettre à jour des événements en votre nom",
+  "Delete events": "Delete events",
+  "This application will be allowed to delete events on your behalf": "Cette application pourra supprimer des événements en votre nom",
+  "Upload media": "Upload media",
+  "This application will be allowed to upload media on your behalf": "Cette application pourra téléverser des médias en votre nom",
+  "Remove uploaded media": "Remove uploaded media",
+  "This application will be allowed to remove uploaded media on your behalf": "Cette application pourra supprimer des médias téléversés en votre nom",
+  "Publish group posts": "Publish group posts",
+  "This application will be allowed to publish group posts on your behalf": "Cette application pourra publier des billets de groupes en votre nom",
+  "Update group posts": "Update group posts",
+  "This application will be allowed to update group posts on your behalf": "Cette application pourra mettre à jour des billets de groupes en votre nom",
+  "Delete group posts": "Delete group posts",
+  "This application will be allowed to delete group posts on your behalf": "Cette application pourra supprimer des billets de groupes en votre nom",
+  "Access your group's resources": "Access your group's resources",
+  "This application will be allowed to access all of the groups you're a member of on your behalf": "Cette application pourra accéder à tous les groupes dont vous êtes membres",
+  "Create group resources": "Create group resources",
+  "This application will be allowed to create resources in all of the groups you're a member of on your behalf": "Cette application pourra créer des ressources dans chacun des groupes dont vous êtes membre en votre nom",
+  "Update group resources": "Update group resources",
+  "This application will be allowed to update resources in all of the groups you're a member of on your behalf": "Cette application pourra mettre à jour des ressources dans chacun des groupes dont vous êtes membre en votre nom",
+  "Delete group resources": "Delete group resources",
+  "This application will be allowed to delete resources in all of the groups you're a member of on your behalf": "Cette application pourra supprimer des ressources dans chacun des groupes dont vous êtes membre en votre nom",
+  "Access group events": "Access group events",
+  "This application will be allowed to list and access group events in all of the groups you're a member of on your behalf": "Cette application pourra lister et accéder aux événements des groupes dont vous êtes membre",
+  "Access group discussions": "Access group discussions",
+  "This application will be allowed to list and access group discussions in all of the groups you're a member of on your behalf": "This application will be allowed to list and access group discussions in all of the groups you're a member of on your behalf",
+  "Access group members": "Access group members",
+  "This application will be allowed to list group members in all of the groups you're a member of on your behalf": "This application will be allowed to list group members in all of the groups you're a member of on your behalf",
+  "Access group followers": "Access group followers",
+  "This application will be allowed to list group followers in all of the groups you're a member of on your behalf": "This application will be allowed to list group followers in all of the groups you're a member of on your behalf",
+  "Access group activities": "Access group activities",
+  "This application will be allowed to access group activities in all of the groups you're a member of on your behalf": "This application will be allowed to access group activities in all of the groups you're a member of on your behalf",
+  "Access group todo-lists": "Access group todo-lists",
+  "This application will be allowed to list and access group todo-lists in all of the groups you're a member of on your behalf": "This application will be allowed to list and access group todo-lists in all of the groups you're a member of on your behalf",
+  "Manage group memberships": "Manage group memberships",
+  "This application will be allowed to join and leave groups on your behalf": "This application will be allowed to join and leave groups on your behalf",
+  "Manage group members": "Manage group members",
+  "This application will be allowed to manage group members in all of the groups you're a member of on your behalf": "This application will be allowed to manage group members in all of the groups you're a member of on your behalf",
+  "Access organized events": "Access organized events",
+  "This application will be allowed to list and view your organized events": "This application will be allowed to list and view your organized events",
+  "Access participations": "Access participations",
+  "This application will be allowed to list and view the events you're participating to": "This application will be allowed to list and view the events you're participating to",
+  "Access memberships": "Access memberships",
+  "This application will be allowed to list and view the groups you're a member of": "This application will be allowed to list and view the groups you're a member of",
+  "Access followed groups": "Access followed groups",
+  "This application will be allowed to list and view the groups you're following": "This application will be allowed to list and view the groups you're following",
+  "Create new profiles": "Create new profiles",
+  "This application will be allowed to create new profiles for your account on your behalf": "This application will be allowed to create new profiles for your account on your behalf",
+  "Update profiles": "Update profiles",
+  "This application will be allowed to update your profiles on your behalf": "This application will be allowed to update your profiles on your behalf",
+  "Delete profiles": "Delete profiles",
+  "This application will be allowed to delete your profiles on your behalf": "This application will be allowed to delete your profiles on your behalf",
+  "Post comments": "Post comments",
+  "This application will be allowed to post comments on your behalf": "This application will be allowed to post comments on your behalf",
+  "Update comments": "Update comments",
+  "This application will be allowed to update comments on your behalf": "This application will be allowed to update comments on your behalf",
+  "Delete comments": "Delete comments",
+  "This application will be allowed to delete comments on your behalf": "This application will be allowed to delete comments on your behalf",
+  "Create group discussions": "Create group discussions",
+  "This application will be allowed to create group discussions on your behalf": "This application will be allowed to create group discussions on your behalf",
+  "Update group discussions": "Update group discussions",
+  "This application will be allowed to update group discussions on your behalf": "This application will be allowed to update group discussions on your behalf",
+  "Delete group discussions": "Delete group discussions",
+  "This application will be allowed to delete group discussions on your behalf": "This application will be allowed to delete group discussions on your behalf",
+  "Create feed tokens": "Create feed tokens",
+  "This application will be allowed to create feed tokens on your behalf": "This application will be allowed to create feed tokens on your behalf",
+  "Delete feed tokens": "Delete feed tokens",
+  "This application will be allowed to delete feed tokens on your behalf": "This application will be allowed to delete feed tokens on your behalf",
+  "Manage event participations": "Manage event participations",
+  "This application will be allowed to manage events participations on your behalf": "This application will be allowed to manage events participations on your behalf",
+  "Manage activity settings": "Manage activity settings",
+  "This application will be allowed to manage your account activity settings": "This application will be allowed to manage your account activity settings",
+  "Manage push notification settings": "Manage push notification settings",
+  "This application will be allowed to manage your account push notification settings": "This application will be allowed to manage your account push notification settings",
+  "Apps": "Apps",
+  "Device activation": "Device activation",
+  "Application not found": "Application not found",
+  "The provided application was not found.": "The provided application was not found.",
+  "Your application code": "Your application code",
+  "You need to provide the following code to your application": "You need to provide the following code to your application",
+  "Enter the code displayed on your device": "Enter the code displayed on your device",
+  "Continue": "Continue",
+  "The device code is incorrect or no longer valid.": "The device code is incorrect or no longer valid.",
+  "These apps can access your account through the API. If you see here apps that you don't recognize, that don't work as expected or that you don't use anymore, you can revoke their access.": "These apps can access your account through the API. If you see here apps that you don't recognize, that don't work as expected or that you don't use anymore, you can revoke their access.",
+  "Last used on {last_used_date}": "Last used on {last_used_date}",
+  "Never used": "Never used",
+  "Authorized on {authorization_date}": "Authorized on {authorization_date}",
+  "Revoke": "Revoke",
+  "Application was revoked": "Application was revoked"
 }
diff --git a/js/src/types/application.model.ts b/js/src/types/application.model.ts
index c473a370d..31b3fc391 100644
--- a/js/src/types/application.model.ts
+++ b/js/src/types/application.model.ts
@@ -3,7 +3,7 @@ export interface IApplication {
   clientId: string;
   clientSecret?: string;
   redirectUris?: string;
-  scopes: string | null;
+  scope: string | null;
   website: string | null;
 }
 
diff --git a/js/src/types/current-user.model.ts b/js/src/types/current-user.model.ts
index 33504ecf2..cfc7c5135 100644
--- a/js/src/types/current-user.model.ts
+++ b/js/src/types/current-user.model.ts
@@ -15,6 +15,7 @@ export interface ICurrentUser {
   isLoggedIn: boolean;
   role: ICurrentUserRole;
   defaultActor?: IPerson;
+  actors: IPerson[];
 }
 
 export interface IUserPreferredLocation {
diff --git a/js/src/utils/identity.ts b/js/src/utils/identity.ts
index e4541ef51..cf1feca83 100644
--- a/js/src/utils/identity.ts
+++ b/js/src/utils/identity.ts
@@ -1,6 +1,7 @@
 import { AUTH_USER_ACTOR_ID } from "@/constants";
 import { UPDATE_CURRENT_ACTOR_CLIENT, IDENTITIES } from "@/graphql/actor";
 import { IPerson } from "@/types/actor";
+import { ICurrentUser } from "@/types/current-user.model";
 import { apolloClient } from "@/vue-apollo";
 import {
   provideApolloClient,
@@ -36,10 +37,10 @@ export async function initializeCurrentActor(): Promise<void> {
   const actorId = localStorage.getItem(AUTH_USER_ACTOR_ID);
 
   const { result: identitiesResult } = provideApolloClient(apolloClient)(() =>
-    useQuery<{ identities: IPerson[] }>(IDENTITIES)
+    useQuery<{ currentUser: Pick<ICurrentUser, 'actors'> }>(IDENTITIES)
   );
 
-  const identities = computed(() => identitiesResult.value?.identities);
+  const identities = computed(() => identitiesResult.value?.currentUser.actors);
 
   watch(identities, async () => {
     if (identities.value && identities.value.length < 1) {
diff --git a/js/src/views/Account/children/EditIdentity.vue b/js/src/views/Account/children/EditIdentity.vue
index f2d71ea4d..e2f9ed7ad 100644
--- a/js/src/views/Account/children/EditIdentity.vue
+++ b/js/src/views/Account/children/EditIdentity.vue
@@ -234,6 +234,7 @@ import { convertToUsername } from "@/utils/username";
 import { Dialog } from "@/plugins/dialog";
 import { Notifier } from "@/plugins/notifier";
 import { AbsintheGraphQLErrors } from "@/types/errors.model";
+import { ICurrentUser } from "@/types/current-user.model";
 
 const { t } = useI18n({ useScope: "global" });
 const router = useRouter();
@@ -348,7 +349,7 @@ const {
   onError: deletePersonError,
 } = useMutation(DELETE_PERSON, () => ({
   update: (store: ApolloCache<InMemoryCache>) => {
-    const data = store.readQuery<{ identities: IPerson[] }>({
+    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
       query: IDENTITIES,
     });
 
@@ -356,7 +357,10 @@ const {
       store.writeQuery({
         query: IDENTITIES,
         data: {
-          identities: data.identities.filter((i) => i.id !== identity.value.id),
+          loggedUser: {
+            ...data.loggedUser,
+            actors: data.loggedUser.actors.filter((i) => i.id !== identity.value.id)
+          }
         },
       });
     }
@@ -379,10 +383,10 @@ deletePersonDone(async () => {
    */
   const client = resolveClient();
   const data = client.readQuery<{
-    identities: IPerson[];
+    loggedUser: Pick<ICurrentUser, 'actors'>
   }>({ query: IDENTITIES });
   if (data) {
-    await maybeUpdateCurrentActorCache(data.identities[0]);
+    await maybeUpdateCurrentActorCache(data.loggedUser.actors[0]);
   }
 
   await redirectIfNoIdentitySelected();
@@ -408,7 +412,7 @@ const {
     store: ApolloCache<InMemoryCache>,
     { data: updateData }: FetchResult
   ) => {
-    const data = store.readQuery<{ identities: IPerson[] }>({
+    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
       query: IDENTITIES,
     });
 
@@ -452,7 +456,7 @@ const {
     store: ApolloCache<InMemoryCache>,
     { data: updateData }: FetchResult
   ) => {
-    const data = store.readQuery<{ identities: IPerson[] }>({
+    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
       query: IDENTITIES,
     });
 
@@ -460,10 +464,13 @@ const {
       store.writeQuery({
         query: IDENTITIES,
         data: {
-          identities: [
-            ...data.identities,
+          loggedUser: {
+            ...data.loggedUser,
+            actors: [
+            ...data.loggedUser.actors,
             { ...updateData?.createPerson, type: ActorType.PERSON },
-          ],
+            ]
+          }
         },
       });
     }
diff --git a/js/src/views/Group/TimelineView.vue b/js/src/views/Group/TimelineView.vue
index 5b75f1aec..fd862dae8 100644
--- a/js/src/views/Group/TimelineView.vue
+++ b/js/src/views/Group/TimelineView.vue
@@ -18,27 +18,47 @@
 
     <section class="timeline">
       <o-field>
-        <o-radio v-model="activityType" :native-value="undefined">
+        <o-radio class="pr-4" v-model="activityType" :native-value="undefined">
           <TimelineText />
           {{ t("All activities") }}</o-radio
         >
-        <o-radio v-model="activityType" :native-value="ActivityType.MEMBER">
+        <o-radio
+          class="pr-4"
+          v-model="activityType"
+          :native-value="ActivityType.MEMBER"
+        >
           <o-icon icon="account-multiple-plus"></o-icon>
           {{ t("Members") }}</o-radio
         >
-        <o-radio v-model="activityType" :native-value="ActivityType.GROUP">
+        <o-radio
+          class="pr-4"
+          v-model="activityType"
+          :native-value="ActivityType.GROUP"
+        >
           <o-icon icon="cog"></o-icon>
           {{ t("Settings") }}</o-radio
         >
-        <o-radio v-model="activityType" :native-value="ActivityType.EVENT">
+        <o-radio
+          class="pr-4"
+          v-model="activityType"
+          :native-value="ActivityType.EVENT"
+        >
           <o-icon icon="calendar"></o-icon>
           {{ t("Events") }}</o-radio
         >
-        <o-radio v-model="activityType" :native-value="ActivityType.POST">
+        <o-radio
+          class="pr-4"
+          v-model="activityType"
+          :native-value="ActivityType.POST"
+        >
           <o-icon icon="bullhorn"></o-icon>
           {{ t("Posts") }}</o-radio
         >
-        <o-radio v-model="activityType" :native-value="ActivityType.DISCUSSION">
+        <o-radio
+          class="pr-4"
+          v-model="activityType"
+          :native-value="ActivityType.DISCUSSION"
+        >
           <o-icon icon="chat"></o-icon>
           {{ t("Discussions") }}</o-radio
         >
@@ -48,11 +68,16 @@
         >
       </o-field>
       <o-field>
-        <o-radio v-model="activityAuthor" :native-value="undefined">
+        <o-radio
+          class="pr-4"
+          v-model="activityAuthor"
+          :native-value="undefined"
+        >
           <TimelineText />
           {{ t("All activities") }}</o-radio
         >
         <o-radio
+          class="pr-4"
           v-model="activityAuthor"
           :native-value="ActivityAuthorFilter.SELF"
         >
@@ -60,6 +85,7 @@
           {{ t("From yourself") }}</o-radio
         >
         <o-radio
+          class="pr-4"
           v-model="activityAuthor"
           :native-value="ActivityAuthorFilter.BY"
         >
@@ -89,7 +115,7 @@
           <h2 v-else>
             {{ formatDateString(date) }}
           </h2>
-          <ul>
+          <ul class="before:opacity-10">
             <li v-for="activityItem in activityItems" :key="activityItem.id">
               <skeleton-activity-item v-if="activityItem.type === 'skeleton'" />
               <component
@@ -202,6 +228,7 @@ const page = ref(1);
 const {
   result: groupTimelineResult,
   fetchMore: fetchMoreActivities,
+  onError: onGroupTLError,
   loading,
 } = useQuery<{ group: IGroup }>(GROUP_TIMELINE, () => ({
   preferredUsername: props.preferredUsername,
@@ -211,6 +238,8 @@ const {
   author: activityAuthor.value,
 }));
 
+onGroupTLError((err) => console.error(err));
+
 const group = computed(() => groupTimelineResult.value?.group);
 
 useHead({
diff --git a/js/src/views/OAuth/AuthorizeView.vue b/js/src/views/OAuth/AuthorizeView.vue
index 184c5fdca..7b5e18955 100644
--- a/js/src/views/OAuth/AuthorizeView.vue
+++ b/js/src/views/OAuth/AuthorizeView.vue
@@ -36,8 +36,8 @@
     />
     <div v-show="authApplicationError">
       <div
-        class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
-        v-if="authApplicationGraphError?.status_code === 404"
+        class="rounded-lg text-white bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
+        v-if="authApplicationGraphError?.message === 'not_found'"
       >
         <AlertCircle :size="42" />
         <div>
@@ -72,9 +72,6 @@
         <p class="text-4xl">{{ resultCode }}</p>
       </div>
     </div>
-    <o-button variant="text" tag="router-link" :to="{ name: RouteName.HOME }">{{
-      t("Back to homepage")
-    }}</o-button>
   </div>
 </template>
 
@@ -83,8 +80,8 @@ import { useRouteQuery } from "vue-use-route-query";
 import { useHead } from "@vueuse/head";
 import { computed, ref } from "vue";
 import { useI18n } from "vue-i18n";
-import { useMutation, useQuery } from "@vue/apollo-composable";
-import { AUTH_APPLICATION, AUTORIZE_APPLICATION } from "@/graphql/application";
+import { useQuery } from "@vue/apollo-composable";
+import { AUTH_APPLICATION } from "@/graphql/application";
 import { IApplication } from "@/types/application.model";
 import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
 import type { AbsintheGraphQLError } from "@/types/errors.model";
@@ -98,7 +95,6 @@ const redirectURI = useRouteQuery("redirect_uri", null);
 const state = useRouteQuery("state", null);
 const scope = useRouteQuery("scope", null);
 
-const OUT_OF_BAND_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
 const resultCode = ref<string | null>(null);
 
 const {
@@ -123,44 +119,6 @@ const authApplicationGraphError = computed(
   () => authApplicationError.value?.graphQLErrors[0] as AbsintheGraphQLError
 );
 
-const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
-  useMutation<
-    { authorizeApplication: { code: string; state: string } },
-    {
-      applicationClientId: string;
-      redirectURI: string;
-      state?: string | null;
-      scope?: string | null;
-    }
-  >(AUTORIZE_APPLICATION);
-
-const authorize = () => {
-  authorizeMutation({
-    applicationClientId: clientId.value as string,
-    redirectURI: redirectURI.value as string,
-    state: state.value,
-    scope: scope.value,
-  });
-};
-
-onAuthorizeMutationDone(({ data }) => {
-  const code = data?.authorizeApplication?.code;
-  const returnedState = data?.authorizeApplication?.state ?? "";
-
-  if (!code) return;
-
-  if (redirectURI.value !== OUT_OF_BAND_REDIRECT_URI) {
-    const params = new URLSearchParams(
-      Object.entries({ code, state: returnedState })
-    );
-    window.location.assign(
-      new URL(`${redirectURI.value}?${params.toString()}`)
-    );
-    return;
-  }
-  resultCode.value = code;
-});
-
 useHead({
   title: computed(() => t("Authorize application")),
 });
diff --git a/js/src/views/Settings/AppsView.vue b/js/src/views/Settings/AppsView.vue
index 21bf2c3d4..2f6f6b5cd 100644
--- a/js/src/views/Settings/AppsView.vue
+++ b/js/src/views/Settings/AppsView.vue
@@ -136,10 +136,8 @@ const { mutate: revoke, onDone: onRevokedApplication } = useMutation<
 const notifier = inject<Notifier>("notifier");
 
 onRevokedApplication(() => {
-  notifier?.success(
-    t("Application was revoked")
-  );
-})
+  notifier?.success(t("Application was revoked"));
+});
 
 useHead({
   title: computed(() => t("Apps")),
diff --git a/js/vite.config.js b/js/vite.config.js
index 6deb53055..184f0ac91 100644
--- a/js/vite.config.js
+++ b/js/vite.config.js
@@ -45,6 +45,13 @@ export default defineConfig(({ command }) => {
     resolve: {
       alias: {
         "@": path.resolve(__dirname, "./src"),
+        unfetch: path.resolve(
+          __dirname,
+          "node_modules",
+          "unfetch",
+          "dist",
+          "unfetch.mjs"
+        ),
       },
     },
     css: {
diff --git a/js/yarn.lock b/js/yarn.lock
index 05950385d..348a98666 100644
--- a/js/yarn.lock
+++ b/js/yarn.lock
@@ -27,7 +27,12 @@
     core-js "2.6.0"
     zen-observable "0.8.11"
 
-"@ampproject/remapping@^2.1.0":
+"@akryum/tinypool@^0.3.1":
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/@akryum/tinypool/-/tinypool-0.3.1.tgz#a14b3d51a400e7c0ab4c7e2b1c2e2fa0386aea87"
+  integrity sha512-nznEC1ZA/m3hQDEnrGQ4c5gkaa9pcaVnw4LFJyzBAaR7E3nfiAPEHS3otnSafpZouVnoKeITl5D+2LsnwlnK8g==
+
+"@ampproject/remapping@^2.2.0":
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/@ampproject/remapping/-/remapping-2.2.0.tgz#56c133824780de3174aed5ab6834f3026790154d"
   integrity sha512-qRmjj8nj9qmLTQXXmaR1cck3UXSRMPrbsLJAasZpF+t3riI71BXed5ebIOYwQntykeZuhjsdweEc9BxH5Jc26w==
@@ -45,9 +50,9 @@
     leven "^3.1.0"
 
 "@apollo/client@^3.0.0", "@apollo/client@^3.3.16":
-  version "3.7.5"
-  resolved "https://registry.yarnpkg.com/@apollo/client/-/client-3.7.5.tgz#d2ab6e284822296c9102ff57ab3a8dcbaa818052"
-  integrity sha512-HEAhX2n2Y8Y2BwRr0UdteT94OTM7pn64K5/rTk/oLIdg/h7R2d83LdsCGDxSH5sBiqDqlv9vou4xdyTxxRWj/g==
+  version "3.7.10"
+  resolved "https://registry.yarnpkg.com/@apollo/client/-/client-3.7.10.tgz#addc5fcebaf016981d9476268a06d529be83f568"
+  integrity sha512-/k1MfrqPKYiPNdHcOzdxg9cEx96vhAGxAcSorzfBvV29XtFQcYW2cPNQOTjK/fpSMtqVo8UNmu5vwQAWD1gfCg==
   dependencies:
     "@graphql-typed-document-node/core" "^3.1.1"
     "@wry/context" "^0.7.0"
@@ -71,38 +76,39 @@
     "@babel/highlight" "^7.18.6"
 
 "@babel/compat-data@^7.17.7", "@babel/compat-data@^7.20.1", "@babel/compat-data@^7.20.5":
-  version "7.20.10"
-  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.20.10.tgz#9d92fa81b87542fff50e848ed585b4212c1d34ec"
-  integrity sha512-sEnuDPpOJR/fcafHMjpcpGN5M2jbUGUHwmuWKM/YdPzeEDJg8bgmbcWQFUfE32MQjti1koACvoPVsDe8Uq+idg==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.21.0.tgz#c241dc454e5b5917e40d37e525e2f4530c399298"
+  integrity sha512-gMuZsmsgxk/ENC3O/fRw5QY8A9/uxQbbCEypnLIiYYc/qVJtEV7ouxC3EllIIwNzMqAQee5tanFabWsUOutS7g==
 
 "@babel/core@^7.11.1":
-  version "7.20.12"
-  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.20.12.tgz#7930db57443c6714ad216953d1356dac0eb8496d"
-  integrity sha512-XsMfHovsUYHFMdrIHkZphTN/2Hzzi78R08NuHfDBehym2VsPDL6Zn/JAD/JQdnRvbSsbQc4mVaU1m6JgtTEElg==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.21.0.tgz#1341aefdcc14ccc7553fcc688dd8986a2daffc13"
+  integrity sha512-PuxUbxcW6ZYe656yL3EAhpy7qXKq0DmYsrJLpbB8XrsCP9Nm+XCg9XFMb5vIDliPD7+U/+M+QJlH17XOcB7eXA==
   dependencies:
-    "@ampproject/remapping" "^2.1.0"
+    "@ampproject/remapping" "^2.2.0"
     "@babel/code-frame" "^7.18.6"
-    "@babel/generator" "^7.20.7"
+    "@babel/generator" "^7.21.0"
     "@babel/helper-compilation-targets" "^7.20.7"
-    "@babel/helper-module-transforms" "^7.20.11"
-    "@babel/helpers" "^7.20.7"
-    "@babel/parser" "^7.20.7"
+    "@babel/helper-module-transforms" "^7.21.0"
+    "@babel/helpers" "^7.21.0"
+    "@babel/parser" "^7.21.0"
     "@babel/template" "^7.20.7"
-    "@babel/traverse" "^7.20.12"
-    "@babel/types" "^7.20.7"
+    "@babel/traverse" "^7.21.0"
+    "@babel/types" "^7.21.0"
     convert-source-map "^1.7.0"
     debug "^4.1.0"
     gensync "^1.0.0-beta.2"
     json5 "^2.2.2"
     semver "^6.3.0"
 
-"@babel/generator@^7.20.7":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.20.7.tgz#f8ef57c8242665c5929fe2e8d82ba75460187b4a"
-  integrity sha512-7wqMOJq8doJMZmP4ApXTzLxSr7+oO2jroJURrVEp6XShrQUObV8Tq/D0NCcoYg2uHqUrjzO0zwBjoYzelxK+sw==
+"@babel/generator@^7.21.0", "@babel/generator@^7.21.1":
+  version "7.21.1"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.21.1.tgz#951cc626057bc0af2c35cd23e9c64d384dea83dd"
+  integrity sha512-1lT45bAYlQhFn/BHivJs43AiW2rg3/UbLyShGfF3C0KmHvO5fSghWd5kBJy30kpRRucGzXStvnnCFniCR2kXAA==
   dependencies:
-    "@babel/types" "^7.20.7"
+    "@babel/types" "^7.21.0"
     "@jridgewell/gen-mapping" "^0.3.2"
+    "@jridgewell/trace-mapping" "^0.3.17"
     jsesc "^2.5.1"
 
 "@babel/helper-annotate-as-pure@^7.18.6":
@@ -131,27 +137,27 @@
     lru-cache "^5.1.1"
     semver "^6.3.0"
 
-"@babel/helper-create-class-features-plugin@^7.18.6", "@babel/helper-create-class-features-plugin@^7.20.5", "@babel/helper-create-class-features-plugin@^7.20.7":
-  version "7.20.12"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.20.12.tgz#4349b928e79be05ed2d1643b20b99bb87c503819"
-  integrity sha512-9OunRkbT0JQcednL0UFvbfXpAsUXiGjUk0a7sN8fUXX7Mue79cUSMjHGDRRi/Vz9vYlpIhLV5fMD5dKoMhhsNQ==
+"@babel/helper-create-class-features-plugin@^7.18.6", "@babel/helper-create-class-features-plugin@^7.21.0":
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.21.0.tgz#64f49ecb0020532f19b1d014b03bccaa1ab85fb9"
+  integrity sha512-Q8wNiMIdwsv5la5SPxNYzzkPnjgC0Sy0i7jLkVOCdllu/xcVNkr3TeZzbHBJrj+XXRqzX5uCyCoV9eu6xUG7KQ==
   dependencies:
     "@babel/helper-annotate-as-pure" "^7.18.6"
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-function-name" "^7.19.0"
-    "@babel/helper-member-expression-to-functions" "^7.20.7"
+    "@babel/helper-function-name" "^7.21.0"
+    "@babel/helper-member-expression-to-functions" "^7.21.0"
     "@babel/helper-optimise-call-expression" "^7.18.6"
     "@babel/helper-replace-supers" "^7.20.7"
     "@babel/helper-skip-transparent-expression-wrappers" "^7.20.0"
     "@babel/helper-split-export-declaration" "^7.18.6"
 
 "@babel/helper-create-regexp-features-plugin@^7.18.6", "@babel/helper-create-regexp-features-plugin@^7.20.5":
-  version "7.20.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.20.5.tgz#5ea79b59962a09ec2acf20a963a01ab4d076ccca"
-  integrity sha512-m68B1lkg3XDGX5yCvGO0kPx3v9WIYLnzjKfPcQiwntEQa5ZeRkPmo2X/ISJc8qxWGfwUr+kvZAeEzAwLec2r2w==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.21.0.tgz#53ff78472e5ce10a52664272a239787107603ebb"
+  integrity sha512-N+LaFW/auRSWdx7SHD/HiARwXQju1vXTW4fKr4u5SgBUTm51OKEjKgj+cs00ggW3kEvNqwErnlwuq7Y3xBe4eg==
   dependencies:
     "@babel/helper-annotate-as-pure" "^7.18.6"
-    regexpu-core "^5.2.1"
+    regexpu-core "^5.3.1"
 
 "@babel/helper-define-polyfill-provider@^0.3.3":
   version "0.3.3"
@@ -177,13 +183,13 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-function-name@^7.18.9", "@babel/helper-function-name@^7.19.0":
-  version "7.19.0"
-  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.19.0.tgz#941574ed5390682e872e52d3f38ce9d1bef4648c"
-  integrity sha512-WAwHBINyrpqywkUH0nTnNgI5ina5TFn85HKS0pbPDfxFfhyR/aNQEn4hGi1P1JyT//I0t4OgXUlofzWILRvS5w==
+"@babel/helper-function-name@^7.18.9", "@babel/helper-function-name@^7.19.0", "@babel/helper-function-name@^7.21.0":
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.21.0.tgz#d552829b10ea9f120969304023cd0645fa00b1b4"
+  integrity sha512-HfK1aMRanKHpxemaY2gqBmL04iAPOPRj7DxtNbiDOrJK+gdwkiNRVpCpUJYbUT+aZyemKN8brqTOxzCaG6ExRg==
   dependencies:
-    "@babel/template" "^7.18.10"
-    "@babel/types" "^7.19.0"
+    "@babel/template" "^7.20.7"
+    "@babel/types" "^7.21.0"
 
 "@babel/helper-hoist-variables@^7.18.6":
   version "7.18.6"
@@ -192,12 +198,12 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-member-expression-to-functions@^7.20.7":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.20.7.tgz#a6f26e919582275a93c3aa6594756d71b0bb7f05"
-  integrity sha512-9J0CxJLq315fEdi4s7xK5TQaNYjZw+nDVpVqr1axNGKzdrdwYBD5b4uKv3n75aABG0rCCTK8Im8Ww7eYfMrZgw==
+"@babel/helper-member-expression-to-functions@^7.20.7", "@babel/helper-member-expression-to-functions@^7.21.0":
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.21.0.tgz#319c6a940431a133897148515877d2f3269c3ba5"
+  integrity sha512-Muu8cdZwNN6mRRNG6lAYErJ5X3bRevgYR2O8wN0yn7jJSnGDu6eG59RfT29JHxGUovyfrh6Pj0XzmR7drNVL3Q==
   dependencies:
-    "@babel/types" "^7.20.7"
+    "@babel/types" "^7.21.0"
 
 "@babel/helper-module-imports@^7.10.4", "@babel/helper-module-imports@^7.18.6":
   version "7.18.6"
@@ -206,10 +212,10 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.20.11":
-  version "7.20.11"
-  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.20.11.tgz#df4c7af713c557938c50ea3ad0117a7944b2f1b0"
-  integrity sha512-uRy78kN4psmji1s2QtbtcCSaj/LILFDp0f/ymhpQH5QY3nljUZCaNWz9X1dEj/8MBdBEFECs7yRhKn8i7NjZgg==
+"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.20.11", "@babel/helper-module-transforms@^7.21.0", "@babel/helper-module-transforms@^7.21.2":
+  version "7.21.2"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.21.2.tgz#160caafa4978ac8c00ac66636cb0fa37b024e2d2"
+  integrity sha512-79yj2AR4U/Oqq/WOV7Lx6hUjau1Zfo4cI+JLAVYeMV5XIlbOhmjEk5ulbTc9fMpmlojzZHkUUxAiK+UKn+hNQQ==
   dependencies:
     "@babel/helper-environment-visitor" "^7.18.9"
     "@babel/helper-module-imports" "^7.18.6"
@@ -217,8 +223,8 @@
     "@babel/helper-split-export-declaration" "^7.18.6"
     "@babel/helper-validator-identifier" "^7.19.1"
     "@babel/template" "^7.20.7"
-    "@babel/traverse" "^7.20.10"
-    "@babel/types" "^7.20.7"
+    "@babel/traverse" "^7.21.2"
+    "@babel/types" "^7.21.2"
 
 "@babel/helper-optimise-call-expression@^7.18.6":
   version "7.18.6"
@@ -286,9 +292,9 @@
   integrity sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==
 
 "@babel/helper-validator-option@^7.18.6":
-  version "7.18.6"
-  resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.18.6.tgz#bf0d2b5a509b1f336099e4ff36e1a63aa5db4db8"
-  integrity sha512-XO7gESt5ouv/LRJdrVjkShckw6STTaB7l9BrpBaAHDeF5YZT+01PCwmR0SJHnkW6i8OwW/EVWRShfi4j2x+KQw==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.21.0.tgz#8224c7e13ace4bafdc4004da2cf064ef42673180"
+  integrity sha512-rmL/B8/f0mKS2baE9ZpyTcTavvEuWhTTW8amjzXNvYG4AwBsqTLikfXsEofsJEfKHf+HQVQbFOHy6o+4cnC/fQ==
 
 "@babel/helper-wrap-function@^7.18.9":
   version "7.20.5"
@@ -300,14 +306,14 @@
     "@babel/traverse" "^7.20.5"
     "@babel/types" "^7.20.5"
 
-"@babel/helpers@^7.20.7":
-  version "7.20.13"
-  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.20.13.tgz#e3cb731fb70dc5337134cadc24cbbad31cc87ad2"
-  integrity sha512-nzJ0DWCL3gB5RCXbUO3KIMMsBY2Eqbx8mBpKGE/02PgyRQFcPQLbkQ1vyy596mZLaP+dAfD+R4ckASzNVmW3jg==
+"@babel/helpers@^7.21.0":
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.21.0.tgz#9dd184fb5599862037917cdc9eecb84577dc4e7e"
+  integrity sha512-XXve0CBtOW0pd7MRzzmoyuSj0e3SEzj8pgyFxnTT1NJZL38BD1MK7yYrm8yefRPIDvNNe14xR4FdbHwpInD4rA==
   dependencies:
     "@babel/template" "^7.20.7"
-    "@babel/traverse" "^7.20.13"
-    "@babel/types" "^7.20.7"
+    "@babel/traverse" "^7.21.0"
+    "@babel/types" "^7.21.0"
 
 "@babel/highlight@^7.18.6":
   version "7.18.6"
@@ -318,10 +324,10 @@
     chalk "^2.0.0"
     js-tokens "^4.0.0"
 
-"@babel/parser@^7.16.4", "@babel/parser@^7.20.13", "@babel/parser@^7.20.7":
-  version "7.20.13"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.20.13.tgz#ddf1eb5a813588d2fb1692b70c6fce75b945c088"
-  integrity sha512-gFDLKMfpiXCsjt4za2JA9oTMn70CeseCehb11kRZgvd7+F67Hih3OHOK24cRrWECJ/ljfPGac6ygXAs/C8kIvw==
+"@babel/parser@^7.16.4", "@babel/parser@^7.20.7", "@babel/parser@^7.21.0", "@babel/parser@^7.21.2":
+  version "7.21.2"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.21.2.tgz#dacafadfc6d7654c3051a66d6fe55b6cb2f2a0b3"
+  integrity sha512-URpaIJQwEkEC2T9Kn+Ai6Xe/02iNaVCuT/PtoRz3GPVJVDpPd7mLo+VddTbhCRU9TXqW5mSrQfXZyi8kDKOVpQ==
 
 "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6":
   version "7.18.6"
@@ -358,11 +364,11 @@
     "@babel/helper-plugin-utils" "^7.18.6"
 
 "@babel/plugin-proposal-class-static-block@^7.18.6":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-class-static-block/-/plugin-proposal-class-static-block-7.20.7.tgz#92592e9029b13b15be0f7ce6a7aedc2879ca45a7"
-  integrity sha512-AveGOoi9DAjUYYuUAG//Ig69GlazLnoyzMw68VCDux+c1tsnnH/OkYcpz/5xzMkEFC6UxjR5Gw1c+iY2wOGVeQ==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-class-static-block/-/plugin-proposal-class-static-block-7.21.0.tgz#77bdd66fb7b605f3a61302d224bdfacf5547977d"
+  integrity sha512-XP5G9MWNUskFuP30IfFSEFB0Z6HzLIUcjYM4bYOPHXl7eiJ9HFv8tWj6TXTN5QODiEhDZAeI4hLok2iHFFV4hw==
   dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.20.7"
+    "@babel/helper-create-class-features-plugin" "^7.21.0"
     "@babel/helper-plugin-utils" "^7.20.2"
     "@babel/plugin-syntax-class-static-block" "^7.14.5"
 
@@ -434,9 +440,9 @@
     "@babel/plugin-syntax-optional-catch-binding" "^7.8.3"
 
 "@babel/plugin-proposal-optional-chaining@^7.18.9", "@babel/plugin-proposal-optional-chaining@^7.20.7":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.20.7.tgz#49f2b372519ab31728cc14115bb0998b15bfda55"
-  integrity sha512-T+A7b1kfjtRM51ssoOfS1+wbyCVqorfyZhT99TvxxLMirPShD8CzKMRepMlCBGM5RpHMbn8s+5MMHnPstJH6mQ==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.21.0.tgz#886f5c8978deb7d30f678b2e24346b287234d3ea"
+  integrity sha512-p4zeefM72gpmEe2fkUr/OnOXpWEf8nAgk7ZYVqqfFiyIG7oFfVZcCrU64hWn5xp4tQ9LkV4bTIa5rD0KANpKNA==
   dependencies:
     "@babel/helper-plugin-utils" "^7.20.2"
     "@babel/helper-skip-transparent-expression-wrappers" "^7.20.0"
@@ -451,12 +457,12 @@
     "@babel/helper-plugin-utils" "^7.18.6"
 
 "@babel/plugin-proposal-private-property-in-object@^7.18.6":
-  version "7.20.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.20.5.tgz#309c7668f2263f1c711aa399b5a9a6291eef6135"
-  integrity sha512-Vq7b9dUA12ByzB4EjQTPo25sFhY+08pQDBSZRtUAkj7lb7jahaHR5igera16QZ+3my1nYR4dKsNdYj5IjPHilQ==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0.tgz#19496bd9883dd83c23c7d7fc45dcd9ad02dfa1dc"
+  integrity sha512-ha4zfehbJjc5MmXBlHec1igel5TJXXLDDRbuJ4+XT2TJcyD9/V1919BA8gMvsdHcNMBy4WBUBiRb3nw/EQUtBw==
   dependencies:
     "@babel/helper-annotate-as-pure" "^7.18.6"
-    "@babel/helper-create-class-features-plugin" "^7.20.5"
+    "@babel/helper-create-class-features-plugin" "^7.21.0"
     "@babel/helper-plugin-utils" "^7.20.2"
     "@babel/plugin-syntax-private-property-in-object" "^7.14.5"
 
@@ -597,21 +603,21 @@
     "@babel/helper-plugin-utils" "^7.18.6"
 
 "@babel/plugin-transform-block-scoping@^7.20.2":
-  version "7.20.11"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.20.11.tgz#9f5a3424bd112a3f32fe0cf9364fbb155cff262a"
-  integrity sha512-tA4N427a7fjf1P0/2I4ScsHGc5jcHPbb30xMbaTke2gxDuWpUfXDuX1FEymJwKk4tuGUvGcejAR6HdZVqmmPyw==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.21.0.tgz#e737b91037e5186ee16b76e7ae093358a5634f02"
+  integrity sha512-Mdrbunoh9SxwFZapeHVrwFmri16+oYotcZysSzhNIVDwIAb1UV+kvnxULSYq9J3/q5MDG+4X6w8QVgD1zhBXNQ==
   dependencies:
     "@babel/helper-plugin-utils" "^7.20.2"
 
 "@babel/plugin-transform-classes@^7.20.2":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.20.7.tgz#f438216f094f6bb31dc266ebfab8ff05aecad073"
-  integrity sha512-LWYbsiXTPKl+oBlXUGlwNlJZetXD5Am+CyBdqhPsDVjM9Jc8jwBJFrKhHf900Kfk2eZG1y9MAG3UNajol7A4VQ==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.21.0.tgz#f469d0b07a4c5a7dbb21afad9e27e57b47031665"
+  integrity sha512-RZhbYTCEUAe6ntPehC4hlslPWosNHDox+vAs4On/mCLRLfoDVHf6hVEd7kuxr1RnHwJmxFfUM3cZiZRmPxJPXQ==
   dependencies:
     "@babel/helper-annotate-as-pure" "^7.18.6"
     "@babel/helper-compilation-targets" "^7.20.7"
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-function-name" "^7.19.0"
+    "@babel/helper-function-name" "^7.21.0"
     "@babel/helper-optimise-call-expression" "^7.18.6"
     "@babel/helper-plugin-utils" "^7.20.2"
     "@babel/helper-replace-supers" "^7.20.7"
@@ -657,11 +663,11 @@
     "@babel/helper-plugin-utils" "^7.18.6"
 
 "@babel/plugin-transform-for-of@^7.18.8":
-  version "7.18.8"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.18.8.tgz#6ef8a50b244eb6a0bdbad0c7c61877e4e30097c1"
-  integrity sha512-yEfTRnjuskWYo0k1mHUqrVWaZwrdq8AYbfrpqULOJOaucGSp4mNMVps+YtA8byoevxS/urwU75vyhQIxcCgiBQ==
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.21.0.tgz#964108c9988de1a60b4be2354a7d7e245f36e86e"
+  integrity sha512-LlUYlydgDkKpIY7mcBWvyPPmMcOphEyYA27Ef4xpbh1IiDNLr0kZsos2nf92vz3IccvJI25QUwp86Eo5s6HmBQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.18.6"
+    "@babel/helper-plugin-utils" "^7.20.2"
 
 "@babel/plugin-transform-function-name@^7.18.9":
   version "7.18.9"
@@ -695,11 +701,11 @@
     "@babel/helper-plugin-utils" "^7.20.2"
 
 "@babel/plugin-transform-modules-commonjs@^7.19.6":
-  version "7.20.11"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.20.11.tgz#8cb23010869bf7669fd4b3098598b6b2be6dc607"
-  integrity sha512-S8e1f7WQ7cimJQ51JkAaDrEtohVEitXjgCGAS2N8S31Y42E+kWwfSz83LYz57QdBm7q9diARVqanIaH2oVgQnw==
+  version "7.21.2"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.21.2.tgz#6ff5070e71e3192ef2b7e39820a06fb78e3058e7"
+  integrity sha512-Cln+Yy04Gxua7iPdj6nOV96smLGjpElir5YwzF0LBPKoPlLDNJePNlrGGaybAJkd0zKRnOVXOgizSqPYMNYkzA==
   dependencies:
-    "@babel/helper-module-transforms" "^7.20.11"
+    "@babel/helper-module-transforms" "^7.21.2"
     "@babel/helper-plugin-utils" "^7.20.2"
     "@babel/helper-simple-access" "^7.20.2"
 
@@ -916,6 +922,11 @@
     "@babel/types" "^7.4.4"
     esutils "^2.0.2"
 
+"@babel/regjsgen@^0.8.0":
+  version "0.8.0"
+  resolved "https://registry.yarnpkg.com/@babel/regjsgen/-/regjsgen-0.8.0.tgz#f0ba69b075e1f05fb2825b7fad991e7adbb18310"
+  integrity sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==
+
 "@babel/runtime@7.2.0":
   version "7.2.0"
   resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.2.0.tgz#b03e42eeddf5898e00646e4c840fa07ba8dcad7f"
@@ -923,10 +934,10 @@
   dependencies:
     regenerator-runtime "^0.12.0"
 
-"@babel/runtime@^7.11.2", "@babel/runtime@^7.8.4":
-  version "7.20.13"
-  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.20.13.tgz#7055ab8a7cff2b8f6058bf6ae45ff84ad2aded4b"
-  integrity sha512-gt3PKXs0DBoL9xCvOIIZ2NEqAGZqHjAnmVbfQtB620V0uReIQutpel14KcneZuer7UioY8ALKZ7iocavvzTNFA==
+"@babel/runtime@^7.11.2", "@babel/runtime@^7.13.10", "@babel/runtime@^7.8.4":
+  version "7.21.0"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.21.0.tgz#5b55c9d394e5fcf304909a8b00c07dc217b56673"
+  integrity sha512-xwII0//EObnq89Ji5AKYQaRYiW/nZ3llSv29d49IuxPhKbtJoLP+9QUUZ4nVragQVtaVGeZrpB+ZtG/Pdy/POw==
   dependencies:
     regenerator-runtime "^0.13.11"
 
@@ -939,26 +950,26 @@
     "@babel/parser" "^7.20.7"
     "@babel/types" "^7.20.7"
 
-"@babel/traverse@^7.20.10", "@babel/traverse@^7.20.12", "@babel/traverse@^7.20.13", "@babel/traverse@^7.20.5", "@babel/traverse@^7.20.7":
-  version "7.20.13"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.20.13.tgz#817c1ba13d11accca89478bd5481b2d168d07473"
-  integrity sha512-kMJXfF0T6DIS9E8cgdLCSAL+cuCK+YEZHWiLK0SXpTo8YRj5lpJu3CDNKiIBCne4m9hhTIqUg6SYTAI39tAiVQ==
+"@babel/traverse@^7.20.5", "@babel/traverse@^7.20.7", "@babel/traverse@^7.21.0", "@babel/traverse@^7.21.2":
+  version "7.21.2"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.21.2.tgz#ac7e1f27658750892e815e60ae90f382a46d8e75"
+  integrity sha512-ts5FFU/dSUPS13tv8XiEObDu9K+iagEKME9kAbaP7r0Y9KtZJZ+NGndDvWoRAYNpeWafbpFeki3q9QoMD6gxyw==
   dependencies:
     "@babel/code-frame" "^7.18.6"
-    "@babel/generator" "^7.20.7"
+    "@babel/generator" "^7.21.1"
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-function-name" "^7.19.0"
+    "@babel/helper-function-name" "^7.21.0"
     "@babel/helper-hoist-variables" "^7.18.6"
     "@babel/helper-split-export-declaration" "^7.18.6"
-    "@babel/parser" "^7.20.13"
-    "@babel/types" "^7.20.7"
+    "@babel/parser" "^7.21.2"
+    "@babel/types" "^7.21.2"
     debug "^4.1.0"
     globals "^11.1.0"
 
-"@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.19.0", "@babel/types@^7.20.0", "@babel/types@^7.20.2", "@babel/types@^7.20.5", "@babel/types@^7.20.7", "@babel/types@^7.4.4":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.20.7.tgz#54ec75e252318423fc07fb644dc6a58a64c09b7f"
-  integrity sha512-69OnhBxSSgK0OzTJai4kyPDiKTIe3j+ctaHdIGVbRahTLAT7L3R9oeXHC2aVSuGYt3cVnoAMDmOCgJ2yaiLMvg==
+"@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.20.0", "@babel/types@^7.20.2", "@babel/types@^7.20.5", "@babel/types@^7.20.7", "@babel/types@^7.21.0", "@babel/types@^7.21.2", "@babel/types@^7.4.4":
+  version "7.21.2"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.21.2.tgz#92246f6e00f91755893c2876ad653db70c8310d1"
+  integrity sha512-3wRZSs7jiFaB8AjxiiD+VqN5DTG2iRvJGQ+qYFrs/654lg6kGTQWIOFjlBo5RaXuAZjBmP3+OQH4dmhqiiyYxw==
   dependencies:
     "@babel/helper-string-parser" "^7.19.4"
     "@babel/helper-validator-identifier" "^7.19.1"
@@ -970,9 +981,9 @@
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
 "@codemirror/commands@^6.1.1":
-  version "6.2.0"
-  resolved "https://registry.yarnpkg.com/@codemirror/commands/-/commands-6.2.0.tgz#e575b7542406be8bc61efb56f1827c71587bb5f8"
-  integrity sha512-+00smmZBradoGFEkRjliN7BjqPh/Hx0KCHWOEibUmflUqZz2RwBTU0MrVovEEHozhx3AUSGcO/rl3/5f9e9Biw==
+  version "6.2.1"
+  resolved "https://registry.yarnpkg.com/@codemirror/commands/-/commands-6.2.1.tgz#ab5e979ad1458bbe395bf69ac601f461ac73cf08"
+  integrity sha512-FFiNKGuHA5O8uC6IJE5apI5rT9gyjlw4whqy4vlcX0wE/myxL6P1s0upwDhY4HtMWLOwzwsp0ap3bjdQhvfDOA==
   dependencies:
     "@codemirror/language" "^6.0.0"
     "@codemirror/state" "^6.2.0"
@@ -988,9 +999,9 @@
     "@lezer/json" "^1.0.0"
 
 "@codemirror/language@^6.0.0", "@codemirror/language@^6.2.1":
-  version "6.4.0"
-  resolved "https://registry.yarnpkg.com/@codemirror/language/-/language-6.4.0.tgz#803990e0f07bbb619e915651d3a57d143765dbcc"
-  integrity sha512-Wzb7GnNj8vnEtbPWiOy9H0m1fBtE28kepQNGLXekU2EEZv43BF865VKITUn+NoV8OpW6gRtvm29YEhqm46927Q==
+  version "6.6.0"
+  resolved "https://registry.yarnpkg.com/@codemirror/language/-/language-6.6.0.tgz#2204407174a38a68053715c19e28ad61f491779f"
+  integrity sha512-cwUd6lzt3MfNYOobdjf14ZkLbJcnv4WtndYaoBkbor/vF+rCNguMPK0IRtvZJG4dsWiaWPcK8x1VijhvSxnstg==
   dependencies:
     "@codemirror/state" "^6.0.0"
     "@codemirror/view" "^6.0.0"
@@ -1000,9 +1011,9 @@
     style-mod "^4.0.0"
 
 "@codemirror/lint@^6.0.0":
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/@codemirror/lint/-/lint-6.1.0.tgz#f006142d3a580fdb8ffc2faa3361b2232c08e079"
-  integrity sha512-mdvDQrjRmYPvQ3WrzF6Ewaao+NWERYtpthJvoQ3tK3t/44Ynhk8ZGjTSL9jMEv8CgSMogmt75X8ceOZRDSXHtQ==
+  version "6.2.0"
+  resolved "https://registry.yarnpkg.com/@codemirror/lint/-/lint-6.2.0.tgz#25cdab7425fcda1b38a9d63f230f833c8b6b369f"
+  integrity sha512-KVCECmR2fFeYBr1ZXDVue7x3q5PMI0PzcIbA+zKufnkniMBo1325t0h1jM85AKp8l3tj67LRxVpZfgDxEXlQkg==
   dependencies:
     "@codemirror/state" "^6.0.0"
     "@codemirror/view" "^6.0.0"
@@ -1014,9 +1025,9 @@
   integrity sha512-69QXtcrsc3RYtOtd+GsvczJ319udtBf1PTrr2KbLWM/e2CXUPnh0Nz9AUo8WfhSQ7GeL8dPVNUmhQVgpmuaNGA==
 
 "@codemirror/theme-one-dark@^6.1.0":
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/@codemirror/theme-one-dark/-/theme-one-dark-6.1.0.tgz#6f8b3c7fc22e9fec59edd573f4ba9546db42e007"
-  integrity sha512-AiTHtFRu8+vWT9wWUWDM+cog6ZwgivJogB1Tm/g40NIpLwph7AnmxrSzWfvJN5fBVufsuwBxecQCNmdcR5D7Aw==
+  version "6.1.1"
+  resolved "https://registry.yarnpkg.com/@codemirror/theme-one-dark/-/theme-one-dark-6.1.1.tgz#76600555cbb314c495216f018f75b0c28daff158"
+  integrity sha512-+CfzmScfJuD6uDF5bHJkAjWTQ2QAAHxODCPxUEgcImDYcJLT+4l5vLnBHmDVv46kCC5uUJGMrBJct2Z6JbvqyQ==
   dependencies:
     "@codemirror/language" "^6.0.0"
     "@codemirror/state" "^6.0.0"
@@ -1024,9 +1035,9 @@
     "@lezer/highlight" "^1.0.0"
 
 "@codemirror/view@^6.0.0", "@codemirror/view@^6.3.0":
-  version "6.7.3"
-  resolved "https://registry.yarnpkg.com/@codemirror/view/-/view-6.7.3.tgz#be2f9d0e6fc8882fb192041bf78425ca04999827"
-  integrity sha512-Lt+4POnhXrZFfHOdPzXEHxrzwdy7cjqYlMkOWvoFGi6/bAsjzlFfr0NY3B15B/PGx+cDFgM1hlc12wvYeZbGLw==
+  version "6.9.1"
+  resolved "https://registry.yarnpkg.com/@codemirror/view/-/view-6.9.1.tgz#2ce4c528974b6172a5a4a738b7b0a0f04a4c1140"
+  integrity sha512-bzfSjJn9dAADVpabLKWKNmMG4ibyTV2e3eOGowjElNPTdTkSbi6ixPYHm2u0ADcETfKsi2/R84Rkmi91dH9yEg==
   dependencies:
     "@codemirror/state" "^6.1.4"
     style-mod "^4.0.0"
@@ -1142,10 +1153,10 @@
   resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.16.17.tgz#c5a1a4bfe1b57f0c3e61b29883525c6da3e5c091"
   integrity sha512-y+EHuSchhL7FjHgvQL/0fnnFmO4T1bhvWANX6gcnqTjtnKWbTvUMCpGnv2+t+31d7RzyEAYAd4u2fnIhHL6N/Q==
 
-"@eslint/eslintrc@^1.4.1":
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-1.4.1.tgz#af58772019a2d271b7e2d4c23ff4ddcba3ccfb3e"
-  integrity sha512-XXrH9Uarn0stsyldqDYq8r++mROmWRI1xKMXa640Bb//SY1+ECYX6VzT6Lcx5frD0V30XieqJ0oX9I2Xj5aoMA==
+"@eslint/eslintrc@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-2.0.0.tgz#943309d8697c52fc82c076e90c1c74fbbe69dbff"
+  integrity sha512-fluIaaV+GyV24CCu/ggiHdV+j4RNh85yQnAYS/G2mZODZgGmmlrgCydjUcV3YvxCm9x8nMAfThsqTni4KiXT4A==
   dependencies:
     ajv "^6.12.4"
     debug "^4.3.2"
@@ -1157,6 +1168,11 @@
     minimatch "^3.1.2"
     strip-json-comments "^3.1.1"
 
+"@eslint/js@8.35.0":
+  version "8.35.0"
+  resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.35.0.tgz#b7569632b0b788a0ca0e438235154e45d42813a7"
+  integrity sha512-JXdzbRiWclLVoD8sNUjR443VVlYqiYmDVT6rGUEIEHU5YJW0gaVZwV2xgM7D4arkvASqD0IlLUVjHiFuxaftRw==
+
 "@floating-ui/core@^0.3.0":
   version "0.3.1"
   resolved "https://registry.yarnpkg.com/@floating-ui/core/-/core-0.3.1.tgz#3dde0ad0724d4b730567c92f49f0950910e18871"
@@ -1170,26 +1186,26 @@
     "@floating-ui/core" "^0.3.0"
 
 "@graphql-typed-document-node/core@^3.1.1":
-  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/@graphql-typed-document-node/core/-/core-3.1.1.tgz#076d78ce99822258cf813ecc1e7fa460fa74d052"
-  integrity sha512-NQ17ii0rK1b34VZonlmT2QMJFI70m0TRwbknO/ihlbatXyaktDhN/98vBiUU6kNBPljqGqyIrl2T4nY2RpFANg==
+  version "3.1.2"
+  resolved "https://registry.yarnpkg.com/@graphql-typed-document-node/core/-/core-3.1.2.tgz#6fc464307cbe3c8ca5064549b806360d84457b04"
+  integrity sha512-9anpBMM9mEgZN4wr2v8wHJI2/u5TnnggewRN6OlvXTTnuVyoY19X6rOv9XTqKRw6dcGKwZsBi8n0kDE2I5i4VA==
 
-"@histoire/app@^0.12.4":
-  version "0.12.4"
-  resolved "https://registry.yarnpkg.com/@histoire/app/-/app-0.12.4.tgz#4c377f5d6c8fe13f6a7bcd3b961c973638eec347"
-  integrity sha512-noemJQ3q5ofHbBJGJ9FgLIdoV4Feyn3zHMhOQjHZRPETdoAak2adALO4UWKVnFu75+R43SLtoV7HnK0TAPx5kw==
+"@histoire/app@^0.15.8":
+  version "0.15.8"
+  resolved "https://registry.yarnpkg.com/@histoire/app/-/app-0.15.8.tgz#c41bf95549e7db19b60ab9fef991bd75f4909213"
+  integrity sha512-kVMqd07PS7RyI+XGQ2pMxXcj/UtsuHZc3nwNV8CfislUir9eK+itQBI3K8okqFt513tX85zUe82Dob2knrJ9NQ==
   dependencies:
-    "@histoire/controls" "^0.12.4"
-    "@histoire/shared" "^0.12.4"
-    "@histoire/vendors" "^0.12.4"
+    "@histoire/controls" "^0.15.8"
+    "@histoire/shared" "^0.15.8"
+    "@histoire/vendors" "^0.15.8"
     "@types/flexsearch" "^0.7.3"
     flexsearch "0.7.21"
-    shiki-es "^0.1.2"
+    shiki-es "^0.2.0"
 
-"@histoire/controls@^0.12.4":
-  version "0.12.4"
-  resolved "https://registry.yarnpkg.com/@histoire/controls/-/controls-0.12.4.tgz#1c250c0c424938cad8d8b660f2452c7dd9d06075"
-  integrity sha512-p4qa11vXqhSMsnXW1p+n7ZqawoHVErLFL24yNnA9peMuXnR306/0cvdAnsLMQJdq5mDNayOY5Di69YKVQ0Shqg==
+"@histoire/controls@^0.15.8":
+  version "0.15.8"
+  resolved "https://registry.yarnpkg.com/@histoire/controls/-/controls-0.15.8.tgz#3ff3846b683ac3bb5b37bc081352771e38092dbc"
+  integrity sha512-P4BNxVXM+lkL45rTZHV8+aHXvuTo2o7uir0Is7iWxR7jOtMr3ujBa/NQBXrp6+5TPw5whJXYRNAPJ1+jXiVfpQ==
   dependencies:
     "@codemirror/commands" "^6.1.1"
     "@codemirror/lang-json" "^6.0.0"
@@ -1198,32 +1214,38 @@
     "@codemirror/state" "^6.1.2"
     "@codemirror/theme-one-dark" "^6.1.0"
     "@codemirror/view" "^6.3.0"
-    "@histoire/vendors" "^0.12.4"
+    "@histoire/shared" "^0.15.8"
+    "@histoire/vendors" "^0.15.8"
 
-"@histoire/plugin-vue@^0.12.4":
-  version "0.12.4"
-  resolved "https://registry.yarnpkg.com/@histoire/plugin-vue/-/plugin-vue-0.12.4.tgz#8c151da729fd1e17bda14ce3bff4b3438650783c"
-  integrity sha512-2xgBDwEHmiY053hPWy4rKnnMjntVcg8qfIYJGyITwFWSfNTq+6ez/HjWzUcHT6qwFMglUHq+rDlQb9gYZF+Edw==
+"@histoire/plugin-vue@^0.15.8":
+  version "0.15.8"
+  resolved "https://registry.yarnpkg.com/@histoire/plugin-vue/-/plugin-vue-0.15.8.tgz#cbd0ef2f24afe836f1e6bc84e2f3e366c4840e3e"
+  integrity sha512-7KNZyTiXZOHcOfN3BeZSFjkSnKAIgKBN4hGcpOQ8uB8crWF4J4MIHxmdRns3ysvIIb+QdqfkkWEabenpaQmCcw==
   dependencies:
-    "@histoire/controls" "^0.12.4"
-    "@histoire/shared" "^0.12.4"
-    "@histoire/vendors" "^0.12.4"
+    "@histoire/controls" "^0.15.8"
+    "@histoire/shared" "^0.15.8"
+    "@histoire/vendors" "^0.15.8"
+    change-case "^4.1.2"
+    globby "^13.1.1"
+    launch-editor "^2.6.0"
+    pathe "^0.2.0"
 
-"@histoire/shared@^0.12.4":
-  version "0.12.4"
-  resolved "https://registry.yarnpkg.com/@histoire/shared/-/shared-0.12.4.tgz#037b1013170e8b5ffd6bd93001171f4a642e379a"
-  integrity sha512-dVSrfsEu17KczjyHVW8yPvSlguhEV7hWjDSwsjlUrRdbe7hwztX4GbbcCIWvG5hy5gASpKpQq6FJa5uTs0HOsg==
+"@histoire/shared@^0.15.8":
+  version "0.15.8"
+  resolved "https://registry.yarnpkg.com/@histoire/shared/-/shared-0.15.8.tgz#9045e936381552a34f97de6a0363b1c2f16631d1"
+  integrity sha512-pHtCUJy6Zr8IUtKIXv4LCU80xD+5nx+bhqef6nfdVFsZhMp2WbtqGkIThUk74P/NPQTFoJSFECn/HmBqdXZlrg==
   dependencies:
+    "@histoire/vendors" "^0.15.8"
     "@types/fs-extra" "^9.0.13"
     "@types/markdown-it" "^12.2.3"
     chokidar "^3.5.3"
     pathe "^0.2.0"
     picocolors "^1.0.0"
 
-"@histoire/vendors@^0.12.4":
-  version "0.12.4"
-  resolved "https://registry.yarnpkg.com/@histoire/vendors/-/vendors-0.12.4.tgz#f34d5011be176eba26ae4bd378e38efc172369e5"
-  integrity sha512-NIi0krz19iSjPHhIsGLrW4Q3tvrCLfvCet2kFA8crKPX6inaMZm8g/+pDQBqlh9DRCXVbxV5RWQKcumrIFbrmw==
+"@histoire/vendors@^0.15.8":
+  version "0.15.8"
+  resolved "https://registry.yarnpkg.com/@histoire/vendors/-/vendors-0.15.8.tgz#941c2838530ae7c8a6375bcf175c087fb28033f1"
+  integrity sha512-RVvJmWlpRHa5dEdcAB+IB8OYKvw2Mv/tXF/Xu42SP2PwKkgQnTkDXmg+2HPMu9Uc+2i0u2cc9Lz+hqvkvS34kQ==
 
 "@humanwhocodes/config-array@^0.11.8":
   version "0.11.8"
@@ -1327,7 +1349,7 @@
   resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24"
   integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==
 
-"@jridgewell/trace-mapping@^0.3.12", "@jridgewell/trace-mapping@^0.3.9":
+"@jridgewell/trace-mapping@^0.3.12", "@jridgewell/trace-mapping@^0.3.17", "@jridgewell/trace-mapping@^0.3.9":
   version "0.3.17"
   resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz#793041277af9073b0951a7fe0f0d8c4c98c36985"
   integrity sha512-MCNzAp77qzKca9+W/+I0+sEpaUnZoeasnghNeVc41VZCEKaCH73Vq3BZZ/SzWIgrqE4H4ceI+p+b6C0mHf9T4g==
@@ -1385,12 +1407,17 @@
     "@lezer/lr" "^1.0.0"
 
 "@lezer/lr@^1.0.0":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@lezer/lr/-/lr-1.3.1.tgz#f1e6c82860a3499d2f718217dc1c3e5719b8a319"
-  integrity sha512-+GymJB/+3gThkk2zHwseaJTI5oa4AuOuj1I2LCslAVq1dFZLSX8SAe4ZlJq1TjezteDXtF/+d4qeWz9JvnrG9Q==
+  version "1.3.3"
+  resolved "https://registry.yarnpkg.com/@lezer/lr/-/lr-1.3.3.tgz#0ac6c889f1235874f33c45a1b9785d7054f60708"
+  integrity sha512-JPQe3mwJlzEVqy67iQiiGozhcngbO8QBgpqZM6oL1Wj/dXckrEexpBLeFkq0edtW5IqnPRFxA24BHJni8Js69w==
   dependencies:
     "@lezer/common" "^1.0.0"
 
+"@linaria/core@3.0.0-beta.13":
+  version "3.0.0-beta.13"
+  resolved "https://registry.yarnpkg.com/@linaria/core/-/core-3.0.0-beta.13.tgz#049c5be5faa67e341e413a0f6b641d5d78d91056"
+  integrity sha512-3zEi5plBCOsEzUneRVuQb+2SAx3qaC1dj0FfFAI6zIJQoDWu0dlSwKijMRack7oO9tUWrchfj3OkKQAd1LBdVg==
+
 "@nodelib/fs.scandir@2.1.5":
   version "2.1.5"
   resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
@@ -1418,12 +1445,14 @@
   integrity sha512-DQU62bqILDb9IBrrup0dssicTxAWNe8/qU+CnsKOvzu4LoDAa5mmMjYJGPm2/awYNwJXlGDohLwKIZChYR0qBg==
 
 "@playwright/test@^1.25.1":
-  version "1.30.0"
-  resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.30.0.tgz#8c0c4930ff2c7be7b3ec3fd434b2a3b4465ed7cb"
-  integrity sha512-SVxkQw1xvn/Wk/EvBnqWIq6NLo1AppwbYOjNLmyU0R1RoQ3rLEBtmjTnElcnz8VEtn11fptj1ECxK0tgURhajw==
+  version "1.31.2"
+  resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.31.2.tgz#426d8545143a97a6fed250a2a27aa1c8e5e2548e"
+  integrity sha512-BYVutxDI4JeZKV1+ups6dt5WiqKhjBtIYowyZIJ3kBDmJgsuPKsqqKNIMFbUePLSCmp2cZu+BDL427RcNKTRYw==
   dependencies:
     "@types/node" "*"
-    playwright-core "1.30.0"
+    playwright-core "1.31.2"
+  optionalDependencies:
+    fsevents "2.3.2"
 
 "@polka/url@^1.0.0-next.20":
   version "1.0.0-next.21"
@@ -1435,6 +1464,41 @@
   resolved "https://registry.yarnpkg.com/@popperjs/core/-/core-2.11.6.tgz#cee20bd55e68a1720bdab363ecf0c821ded4cd45"
   integrity sha512-50/17A98tWUfQ176raKiOGXuYpLyyVMkxxG6oylzL3BPOlA6ADGdK7EYunSa4I064xerltq9TGXs8HmOk5E+vw==
 
+"@remirror/core-constants@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@remirror/core-constants/-/core-constants-2.0.0.tgz#a52f89059d93955e00810023cc76b4f7db9650bf"
+  integrity sha512-vpePPMecHJllBqCWXl6+FIcZqS+tRUM2kSCCKFeEo1H3XUEv3ocijBIPhnlSAa7g6maX+12ATTgxrOsLpWVr2g==
+  dependencies:
+    "@babel/runtime" "^7.13.10"
+
+"@remirror/core-helpers@^2.0.1":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@remirror/core-helpers/-/core-helpers-2.0.1.tgz#6847666a009ada8c9b9f3a093c13a6d07a95d9bb"
+  integrity sha512-s8M1pn33aBUhduvD1QR02uUQMegnFkGaTr4c1iBzxTTyg0rbQstzuQ7Q8TkL6n64JtgCdJS9jLz2dONb2meBKQ==
+  dependencies:
+    "@babel/runtime" "^7.13.10"
+    "@linaria/core" "3.0.0-beta.13"
+    "@remirror/core-constants" "^2.0.0"
+    "@remirror/types" "^1.0.0"
+    "@types/object.omit" "^3.0.0"
+    "@types/object.pick" "^1.3.1"
+    "@types/throttle-debounce" "^2.1.0"
+    case-anything "^2.1.10"
+    dash-get "^1.0.2"
+    deepmerge "^4.2.2"
+    fast-deep-equal "^3.1.3"
+    make-error "^1.3.6"
+    object.omit "^3.0.0"
+    object.pick "^1.3.0"
+    throttle-debounce "^3.0.1"
+
+"@remirror/types@^1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@remirror/types/-/types-1.0.0.tgz#cc8764440089a2ada71f149c409739575b73b12e"
+  integrity sha512-7HQbW7k8VxrAtfzs9FxwO6XSDabn8tSFDi1wwzShOnU+cvaYpfxu0ygyTk3TpXsag1hgFKY3ZIlAfB4WVz2LkQ==
+  dependencies:
+    type-fest "^2.0.0"
+
 "@rollup/plugin-babel@^5.2.0":
   version "5.3.1"
   resolved "https://registry.yarnpkg.com/@rollup/plugin-babel/-/plugin-babel-5.3.1.tgz#04bc0608f4aa4b2e4b1aebf284344d0f68fda283"
@@ -1494,67 +1558,67 @@
   resolved "https://registry.yarnpkg.com/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz#8be36a1f66f3265389e90b5f9c9962146758f728"
   integrity sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg==
 
-"@sentry/browser@7.34.0":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.34.0.tgz#6a521c5d95d535e6e89cf4eae85153f90c37d17a"
-  integrity sha512-5Jmjj0DLxx+31o12T+VH4U+gO7wz3L+ftjuTxcQaC8GeFVe5qCyXZoDmWKNV9NEyREiZ3azV62bJc5wojZrIIg==
+"@sentry/browser@7.41.0":
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.41.0.tgz#f4e789417e3037cbc9cd15f3a000064b1873b964"
+  integrity sha512-ZEtgTXPOHZ9/Qn42rr9ZAPTKCV6fAjyDC4FFWMGP4HoUqJqr2woRddP9O5n1jvjsoIPAFOmGzbCuZwFrPVVnpQ==
   dependencies:
-    "@sentry/core" "7.34.0"
-    "@sentry/replay" "7.34.0"
-    "@sentry/types" "7.34.0"
-    "@sentry/utils" "7.34.0"
+    "@sentry/core" "7.41.0"
+    "@sentry/replay" "7.41.0"
+    "@sentry/types" "7.41.0"
+    "@sentry/utils" "7.41.0"
     tslib "^1.9.3"
 
-"@sentry/core@7.34.0":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.34.0.tgz#bfda8d386cf7343200aa9fb7a7a26e99b839fc0c"
-  integrity sha512-J1oxsYZX1N0tkEcaHt/uuDqk6zOnaivyampp+EvBsUMCdemjg7rwKvawlRB0ZtBEQu3HAhi8zecm03mlpWfCDw==
+"@sentry/core@7.41.0":
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.41.0.tgz#a4a8291ef4e65f40c28fc38318e7dae721d5d609"
+  integrity sha512-yT3wl3wMfPymstIZRWNjuov4xhieIEPD0z9MIW9VmoemqkD5BEZsgPuvGaVIyQVMyx61GsN4H4xd0JCyNqNvLg==
   dependencies:
-    "@sentry/types" "7.34.0"
-    "@sentry/utils" "7.34.0"
+    "@sentry/types" "7.41.0"
+    "@sentry/utils" "7.41.0"
     tslib "^1.9.3"
 
-"@sentry/replay@7.34.0":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/replay/-/replay-7.34.0.tgz#66d63b1e04d7e8068cac0c623a607f470d000751"
-  integrity sha512-4L4YZfWt8mcVNcI99RxHORPb308URI1R9xsFj97fagk0ATjexLKr5QCA2ApnKaSn8Q0q1Zdzd4XmFtW9anU45Q==
+"@sentry/replay@7.41.0":
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/replay/-/replay-7.41.0.tgz#73168d659b0e78ca58574831a6672a77ce9727ee"
+  integrity sha512-/vxuO17AysCoBbCl9wCwjsCFBD4lEbYgfC1GJm8ayWwPU1uhvZcEx6reUwi0rEFpWYGHSHh3+gi+QsOcY/EmnQ==
   dependencies:
-    "@sentry/core" "7.34.0"
-    "@sentry/types" "7.34.0"
-    "@sentry/utils" "7.34.0"
+    "@sentry/core" "7.41.0"
+    "@sentry/types" "7.41.0"
+    "@sentry/utils" "7.41.0"
 
 "@sentry/tracing@^7.1":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/tracing/-/tracing-7.34.0.tgz#bc084389cad4f1e8520311ac195b070eced72b40"
-  integrity sha512-JtfSWBfcWslfIujcpGEPF5oOiAOCd5shMoWYrdTvCfruHhYjp4w5kv/ndkvq2EpFkcQYhdmtQEytXEO8IJIqRw==
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/tracing/-/tracing-7.41.0.tgz#28f57667a13b95cb8bce5af0809e7727b645e6b7"
+  integrity sha512-zh1ceuwQ8NzE5n8r4y78QrYD/alJl4qlkiEX9lAL6PnLMWJkVWM02BBu+x75yPFWSSDfDA/kZ9WqKkHNdjGpDw==
   dependencies:
-    "@sentry/core" "7.34.0"
-    "@sentry/types" "7.34.0"
-    "@sentry/utils" "7.34.0"
+    "@sentry/core" "7.41.0"
+    "@sentry/types" "7.41.0"
+    "@sentry/utils" "7.41.0"
     tslib "^1.9.3"
 
-"@sentry/types@7.34.0":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.34.0.tgz#e0dc6a927dd13e4cacbca7bfee67a088885e8309"
-  integrity sha512-K+OeHIrl35PSYn6Zwqe4b8WWyAJQoI5NeWxHVkM7oQTGJ1YLG4BvLsR+UiUXnKdR5krE4EDtEA5jLsDlBEyPvw==
+"@sentry/types@7.41.0":
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.41.0.tgz#3d53432a3d7693a31b606d3083ab9203c56f5aec"
+  integrity sha512-4z9VdObynwd64i0VHCqkeIAHmsFzapL21qN41Brzb7jY/eGxjn/0rxInDGH+vkoE9qacGqiYfWj4vRNPLsC/bw==
 
-"@sentry/utils@7.34.0":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.34.0.tgz#32fb6db8b352477d219ddff8200372959c68b445"
-  integrity sha512-VIHHXEBw0htzqxnU8A7WkXKvmsG2pZVqHlAn0H9W/yyFQtXMuP1j1i0NsjADB/3JXUKK83kTNWGzScXvp0o+Jg==
+"@sentry/utils@7.41.0":
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.41.0.tgz#54224dba668dd8c8feb0ff1b4f39938b8fdefd3b"
+  integrity sha512-SL+MGitvkakbkrOTb48rDuJp9GYx/veB6EOzYygh49+zwz4DGM7dD4/rvf/mVlgmXUzPgdGDgkVmxgX3nT7I7g==
   dependencies:
-    "@sentry/types" "7.34.0"
+    "@sentry/types" "7.41.0"
     tslib "^1.9.3"
 
 "@sentry/vue@^7.1":
-  version "7.34.0"
-  resolved "https://registry.yarnpkg.com/@sentry/vue/-/vue-7.34.0.tgz#41163ec56f4871bb0eb57b73a16eb008e239d948"
-  integrity sha512-aC0IRjgh6qZ/e0T+/tMYop2w88dVwuqxTPjimuceAXo7exF1nbFWxJ6J6PnBvH+gR4ERaw3XLkXdUI3EHq3X9g==
+  version "7.41.0"
+  resolved "https://registry.yarnpkg.com/@sentry/vue/-/vue-7.41.0.tgz#69a3234c15a85c05d7fa1b170ec9e77907e15b39"
+  integrity sha512-MgB9m9lpAxKz5OfWBsGkxaVoO5CEzzG5jqkfx5tlOC5eQKTecFqKYohCDHP9Bk76iq+uIHjRIoueFDN/Lx4GTA==
   dependencies:
-    "@sentry/browser" "7.34.0"
-    "@sentry/core" "7.34.0"
-    "@sentry/types" "7.34.0"
-    "@sentry/utils" "7.34.0"
+    "@sentry/browser" "7.41.0"
+    "@sentry/core" "7.41.0"
+    "@sentry/types" "7.41.0"
+    "@sentry/utils" "7.41.0"
     tslib "^1.9.3"
 
 "@surma/rollup-plugin-off-main-thread@^2.2.3":
@@ -1589,138 +1653,159 @@
     lodash.merge "^4.6.2"
     postcss-selector-parser "6.0.10"
 
-"@tiptap/core@^2.0.0-beta.209", "@tiptap/core@^2.0.0-beta.41":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/core/-/core-2.0.0-beta.209.tgz#fd0edb8f87a5eea70c6a11e0d7e628738a10ef3f"
-  integrity sha512-DOOzfo2XKD5Qt2oEGW33/6ugwSnvpl4WbxtlKdPadLoApk6Kja3K1Eps3pihBgIGmo4tkctkCzmj8wNWS7KeWg==
+"@tiptap/core@^2.0.0-beta.41":
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/core/-/core-2.0.0-beta.220.tgz#ced4b8f13ad6361f957275510bd0c005de29d18c"
+  integrity sha512-F2Q666xJqijBU5o+GqekqseNgIEMTs6BhsLDaf9DwThhljGLS8RXKnSvQxrxLNrYEPpw39n/G3Qt8YAOk5qR6w==
 
 "@tiptap/extension-blockquote@^2.0.0-beta.25":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-blockquote/-/extension-blockquote-2.0.0-beta.209.tgz#553a620007bbf039167036eab434a354934a7ceb"
-  integrity sha512-ay5c+SJ1vQOL5zpsr94jN15tCt0ytd7zPMM433pkhi9ZL0qqf1fZ+D0KzDs2z8N49rfArVpoo238V3ZChBh2sA==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-blockquote/-/extension-blockquote-2.0.0-beta.220.tgz#acce6a7d2fda829296e1e0b6386f618ea8ae328e"
+  integrity sha512-uE1VRU/doQzXsfsZ/JqsbSbXeZYTJnyQkSfHYA2ZYhbEM2XqDEsYkgcmZEJgunUZJpERf+3ZTfTpqaHq29iMMg==
 
 "@tiptap/extension-bold@^2.0.0-beta.24":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-bold/-/extension-bold-2.0.0-beta.209.tgz#27268311f3fd53af8e658e2fd0d65f2e43130268"
-  integrity sha512-8jaoZSe55iwuEvwdM1mPhlgE+/tDyveECv0d1qogUcbPdIkhDQaNlIOmuH9Ftr465iIDthMjt4GB6AWi5tfsMg==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-bold/-/extension-bold-2.0.0-beta.220.tgz#f10468317fd5c63ebab68be907e33fb138a60ef9"
+  integrity sha512-KcEuKI85Drug/cCWbDy+HxhYrD+rLXHEBG10DmKPvgPpKHG/2wOau6LwUwyV4muWR8CR2mIO+mEc3yVBD8nNwQ==
 
-"@tiptap/extension-bubble-menu@^2.0.0-beta.209", "@tiptap/extension-bubble-menu@^2.0.0-beta.9":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-bubble-menu/-/extension-bubble-menu-2.0.0-beta.209.tgz#dcef008f84286c7719f43e54ebdd7de778837974"
-  integrity sha512-tceZAuDpy3J96uGyCzpJFD3fHABJDTJTq5E0hm+TRQT+eVGVqZI0PE3/4yVFgkCshioTuJq8veMDFcqNsSkKsQ==
+"@tiptap/extension-bubble-menu@^2.0.0-beta.220", "@tiptap/extension-bubble-menu@^2.0.0-beta.9":
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-bubble-menu/-/extension-bubble-menu-2.0.0-beta.220.tgz#3fea0c846f73a237f562fdce05671ef1fa025943"
+  integrity sha512-wthyec7s0vZlTSEAAZEgoFfx/1Arwg1zxDUrrE+YAost/Yn+w4xQksz/ts5Bx90iOk2qsJ+jzzttLRV17Ku7lA==
   dependencies:
-    "@tiptap/core" "^2.0.0-beta.209"
     lodash "^4.17.21"
-    prosemirror-state "^1.4.1"
-    prosemirror-view "^1.28.2"
     tippy.js "^6.3.7"
 
 "@tiptap/extension-bullet-list@^2.0.0-beta.23":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-bullet-list/-/extension-bullet-list-2.0.0-beta.209.tgz#86e5023d330ce0dc39e42083ec839af2dbec51bc"
-  integrity sha512-NGoSYakXCiKb5xrVe339Acu2iherOGQUR1bAeWgOKf+dINvIdjawnud6fIeB3n1h95aDvsmYuH1o9B+/bd7e3w==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-bullet-list/-/extension-bullet-list-2.0.0-beta.220.tgz#ffc04992bbee53bc858aab6c082f17419a2236b7"
+  integrity sha512-QQ/0ZlYy6Hgb+UAc79V+fxvI+AaQf20cbKtBXaR8TIZ0x4FotSma89bKh+CIXMhFiBGXTcYBaYhl7OwACsKtxw==
 
 "@tiptap/extension-document@^2.0.0-beta.15":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-document/-/extension-document-2.0.0-beta.209.tgz#7bb4025737a5361c06d52e56406d7e0649387e88"
-  integrity sha512-ZRTC5j0J6fNTtIcU6UnxJm5KZrfJI2pygCJ172mMNzwE89upJMhRSP0CvPWTY7nf0odmQTJ5vD99QDR4CdOTng==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-document/-/extension-document-2.0.0-beta.220.tgz#15b4db7a92659eff7efc6d4d877dcf72e3fd61b6"
+  integrity sha512-2sja4ZvOb4iynHrzinnclCSFgLyo6fJc1fBV5fIYaOgZOYcvz9KK8fgKiq+wIpG58sJEmQ5kcwwBlkXv+NTK+g==
 
 "@tiptap/extension-dropcursor@^2.0.0-beta.25":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-dropcursor/-/extension-dropcursor-2.0.0-beta.209.tgz#5107e255a4c1c5ca3dae606854019d6ec6051481"
-  integrity sha512-b4RxbZg4hza4p1Lp+m4CWkIIMVgoAKSo49OyvO/Y/igtQ0DcdQutSJDEPeEhuqy+jPdQFaU5GBonSvVi89Loog==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-dropcursor/-/extension-dropcursor-2.0.0-beta.220.tgz#b635fa6cdf9be1027579c7ab6c00e5a811b3b30b"
+  integrity sha512-BIaA4Lvb3xL9KFN+K6SO2IHqLO6hDmGN2/rGKHFaU3Eh+oiXM2G73KTSS5KIP1u872zY1RpAtswSc4kjv3cuVw==
 
-"@tiptap/extension-floating-menu@^2.0.0-beta.209":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-floating-menu/-/extension-floating-menu-2.0.0-beta.209.tgz#1c5f7ffca9fdd2d272069949345c3b888ea57049"
-  integrity sha512-m5ucAguqDxuOvNcsmvuSLcN8TMkbhFmiC6dTJOyaAGjGn6d8Ly6aZh+lEwU228TebM0TKHTp8Xob1cLjV4TGgg==
+"@tiptap/extension-floating-menu@^2.0.0-beta.220":
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-floating-menu/-/extension-floating-menu-2.0.0-beta.220.tgz#35eb154227533ada738c922be2f8cf18426fe4bf"
+  integrity sha512-+WfcBEedm82ntaVIEQAGz0Om96Rpav7a+4f7e8N4PrLKm6nZ3gBaEkZVQ6vjJ6S/1htiWCv1XosYIwRboPBG0w==
   dependencies:
     tippy.js "^6.3.7"
 
 "@tiptap/extension-gapcursor@^2.0.0-beta.33":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-gapcursor/-/extension-gapcursor-2.0.0-beta.209.tgz#91eadf2863cfd6ba0325d378aff49af95c2783b5"
-  integrity sha512-F03mr2VV5bZycIVWHCIYpQTzs9tC+goWJFhbJgPrT62f1gUAnlc1ZRc79mSqw1AxTsfbDvAc65OlUJb0QfxDWA==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-gapcursor/-/extension-gapcursor-2.0.0-beta.220.tgz#07c96f7adc354d19b6209ea1e080188fb8d63de5"
+  integrity sha512-W5N2Ey+thufUOrs2TFGpEGBGue7ZEhcUXvxcsZlGbrjVa9Y+4rEp68Du4y7yM0hCeSj2GGwiV+uPzkc0CSDE/g==
 
 "@tiptap/extension-heading@^2.0.0-beta.23":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-heading/-/extension-heading-2.0.0-beta.209.tgz#7ae7e3f1adac7eaad20dcb30effb4b25f53a453d"
-  integrity sha512-eqq9if0XsPjLvivM5gNUqSHj5I4Zpiv66NPO+pM4ig0Wq2CjjxWzzgmdSLfTPGRfsZe9kPCOgO86AAB07am3fQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-heading/-/extension-heading-2.0.0-beta.220.tgz#b4889de7b3f152ff88a119d6cb6a22537eff73a2"
+  integrity sha512-7mrHRj++UaZ26C2Gjwb0WKWAzpiKb8TOYkVC2uMaCwaNhLDXpFEwZ7RtJRSTNBHkIGnMO46BH8Z0qlkFMmk9Jw==
 
 "@tiptap/extension-history@^2.0.0-beta.21":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-history/-/extension-history-2.0.0-beta.209.tgz#4d082a92bd434232b3d3db6584b8dd499086f343"
-  integrity sha512-P5nw+r47gBdac4igeaBvW6gxsZUnS67SRgbAyQSmXVe45NXc1t0EUb2Be9YuHRKDVxhJUhGT8NawPY70Fgk4mQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-history/-/extension-history-2.0.0-beta.220.tgz#6370b28872b29288d655cd14211efb8dc76daba0"
+  integrity sha512-qNL2a9UhnlmCs4y2iQYrfeMB8vEX3bHozBJanHu0PWNQJcj90R5xqorBp/bRcqZdi0kuQfxcTnGHtLUpN/U0TA==
 
 "@tiptap/extension-image@^2.0.0-beta.6":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-image/-/extension-image-2.0.0-beta.209.tgz#8e8a9316d4f2a3168cd21c8faea52d569102dace"
-  integrity sha512-Erjs9/vRud5TYATt7gJ1cBPNp0LAxtQ4mYZ+6Avpu0FfOWDv9WHXGtV85vJnbqKkRBf031L3dfLnYZPhTkS2sQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-image/-/extension-image-2.0.0-beta.220.tgz#c197b0dbd2f5d7a08f91e63cb8ca98c1972159a4"
+  integrity sha512-xyzlY/cupj/7AVqybQDaPaJ3SwKqe12xMWQlWxhhksuNpbQ6RGHrJz0DBSe61kIkaTZmIUBw055IFEMOPFF53g==
 
 "@tiptap/extension-italic@^2.0.0-beta.24":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-italic/-/extension-italic-2.0.0-beta.209.tgz#892ff90de43a5e1e88197e7a9839bbd877027321"
-  integrity sha512-KnRdbqfD01tcCnUNypA3TX3FqmQSFwu7/9YU3vwS8Zyaz+OIc/g/vJai5twg1DzFAvIcYWzRFPTFcqkjwkcW1w==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-italic/-/extension-italic-2.0.0-beta.220.tgz#94e442689f69e694a2a983eabcae0ccc803262b9"
+  integrity sha512-aWAgqoR8fql9fJ7T/ZrEqovkEjZXbUpvlvWEvdBDMG3id8ZTGNDpdDKdvI6J/Rl5ZGPIg1TpHJtd+UixheWQsQ==
 
 "@tiptap/extension-link@^2.0.0-beta.8":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-link/-/extension-link-2.0.0-beta.209.tgz#a441f5ead858ea54b88fa7e1a8b5e02e8f671678"
-  integrity sha512-X+iPnKWTb8nuZ7xieemPxZOiCQiaQw4z3RVJ7Hz4/T+ujxfxu7MJhBzjyw9htGPmUijyN4zt0NPjZ089yMzAxQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-link/-/extension-link-2.0.0-beta.220.tgz#c9954613cd1e0a0f1527853b732ef50dff734eac"
+  integrity sha512-vjEA8cE37ZZVVgPHSpttw3kbJoClb+ya/BVukDtJ1h6C7mIR1rqzNxTgpbnXJuA8xww0JOjpa5dpzEgcs294fA==
   dependencies:
-    linkifyjs "^3.0.5"
+    linkifyjs "^4.1.0"
 
 "@tiptap/extension-list-item@^2.0.0-beta.19":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-list-item/-/extension-list-item-2.0.0-beta.209.tgz#d7d6b5c3dce4c048d7216e307c2b2234a5032b65"
-  integrity sha512-qkHwymyGfXIVAiqLXvL66UzGLhYpD2BYbSSAIQ6Rmuvk4aeNrsBvFv9tL7+YsYLKvlOa4+Q+PN2uhST+lOH0hw==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-list-item/-/extension-list-item-2.0.0-beta.220.tgz#c2fcff1fb9148d303d78b0336032a6353a86ff6c"
+  integrity sha512-+O0ivwxPP2l/m9PAowb2ytDT/cM5kwu0s1W5MUsHPIqf+M6ahnl4ESjhWZfDHUzvjqPq6MTbqoQLHbB1KS/N7w==
 
 "@tiptap/extension-mention@^2.0.0-beta.42":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-mention/-/extension-mention-2.0.0-beta.209.tgz#f6d2787d823e911a3cb707937819d949b7300f46"
-  integrity sha512-Ke8+/T9gsI10CQtb8CxuR+1t/6RkHVUr9ZZd7lqQ7c7kpw5YcEJ89yzDl/OpEoUboC7IlHLlxuhI8njf9+zHVw==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-mention/-/extension-mention-2.0.0-beta.220.tgz#c3745895096157b09412bd49544f4ae741e8d0da"
+  integrity sha512-mjFNBuLxLaZ48CaIp/AdyHB2X1UKptpv6NVG0JaP2vBxW22eUy709JmCbRnWjeYe8pHbJjW22WC4/M1C44SFWg==
 
 "@tiptap/extension-ordered-list@^2.0.0-beta.24":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-ordered-list/-/extension-ordered-list-2.0.0-beta.209.tgz#d22539313c3fb5879d5ee8cd0bab5aff78a6353c"
-  integrity sha512-PhJ9uqxqKVO97rb2MzW/TzQJ9XQicp9gsV/y0QbAEv1ZOH9QI/qF5sCe6BfeN8ZoMyYUEh6de3yxQL8iXSFWsw==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-ordered-list/-/extension-ordered-list-2.0.0-beta.220.tgz#1fac8e8c2f8c0187e23ede59764fd031d5d1a83a"
+  integrity sha512-j3DmxJfwmNxFfMnvO7glmGlhYeZSIUnRrKnZu2KkpD6OcGJSh9y/yfnYwcuK80XbzEG/jKKIw0M2yRveOvyVwA==
 
 "@tiptap/extension-paragraph@^2.0.0-beta.22":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-paragraph/-/extension-paragraph-2.0.0-beta.209.tgz#6c26e94eebfd0207e14601691c121dbf68fc17c2"
-  integrity sha512-XkiguVbOX/KJwux2wdurvZRwG1UulpZ3Uhw7Yl59sLBf7YDw8H781EMgVvaLSWf3B1o27/yOyc+kiepW/Pp9Wg==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-paragraph/-/extension-paragraph-2.0.0-beta.220.tgz#d552dfdeeab9856e9eb8f0a7cf850f37d7cced69"
+  integrity sha512-ZGCzNGFYV4wa3l1nXtDIaYp7O6f0DrGTSl3alKkDTQe3SOmzXS2HjgWl9yPw8VXpU9W5mMGhXd+nGn/jUk+f/A==
 
 "@tiptap/extension-placeholder@^2.0.0-beta.199":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-placeholder/-/extension-placeholder-2.0.0-beta.209.tgz#c27f81970db8075a8d5005c9512930b1998ab5e0"
-  integrity sha512-L94thCy0qECMP1mcDjvN7P2RtMT7cc1IB6FbB+C1gnDaPXlJbiZFGsnuyjcCfoVX1rFZXBb6Ud0aSG0VaXWQCQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-placeholder/-/extension-placeholder-2.0.0-beta.220.tgz#1d6057e5ae950d9a1ed43c03d26df60c08368f87"
+  integrity sha512-Pq79BH/JqhjTNgxHkmbzcmwATsSJdRRSLHrnLx5upSmwEkQwCzqni9jL10rL2NM1ZyR+o25xC+r5loujx0aQ+Q==
 
 "@tiptap/extension-strike@^2.0.0-beta.26":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-strike/-/extension-strike-2.0.0-beta.209.tgz#f601b07e186f9079cadff7f29e29107909f5478c"
-  integrity sha512-k8yaeyMYBzdq5U1zv5DYZt3KtpglPHV2JX7dYfNyoFpiX+6IJ2EwSuTXUGilZGRpyUw6UxeDF0yJbiOGMeEIDA==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-strike/-/extension-strike-2.0.0-beta.220.tgz#2beb02d2d8807056ff3ea4ea74d9f6abba42bf78"
+  integrity sha512-cIM2ma6mzk08pijOn+KS3ZoHWaUVsVT+OF3m6xewjwJdC0ILg9nApEOhPFrhbeDcxcPmJMlgBl/xeUrEu1HQMg==
 
 "@tiptap/extension-text@^2.0.0-beta.15":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-text/-/extension-text-2.0.0-beta.209.tgz#f34a6cda849c16d7dbf9677e2cf6242cc6987a9e"
-  integrity sha512-12PTPTQViDR7xDLwxGMPiYaV89E9olH/+4Zfoh6QiOjHqhmgYu3+/c8YZ3eARgXnfpy/EzUD0PBxiAyDZJ1vdw==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-text/-/extension-text-2.0.0-beta.220.tgz#3f51d4aac11c16d79cf8ca22502898b67f5bc2f5"
+  integrity sha512-3tnffc2YMjNyv7Lbad6fx9wYDE/Buz8vhx76M2AOSrjYbzmTJf7mLkgdlPM0VTy7FGZD5CGgHJAgYNt5HIqPkQ==
 
 "@tiptap/extension-underline@^2.0.0-beta.7":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/extension-underline/-/extension-underline-2.0.0-beta.209.tgz#9f12040c32bfbc72db180deede8805b2dbb4ef62"
-  integrity sha512-xCW0GvCE883l8+YLvDkj5lNdVpqL15uJFMvWP9v79rqlMVZGIFd49saMyAPQworZqepnhnndFOELZ0pHcCV4vQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/extension-underline/-/extension-underline-2.0.0-beta.220.tgz#62b6c02f63a439721f79dff63a73ea366fa31919"
+  integrity sha512-MW2EjL12xW01Nmlwih7wHwHSn8zGUtsyruqPH8sTxnOtbVOmMBnmFj0/LW+TvwqjlNdkwkrteZO4svLdD0MEhw==
+
+"@tiptap/pm@^2.0.0-beta.220":
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/pm/-/pm-2.0.0-beta.220.tgz#04e4c98e4d042ea8d67148ec6676f7078c6bac5a"
+  integrity sha512-O9mGcmwUpEr630HY9RylIyZJKnpXi3xWINWNiAEfRJ1br5j5pHRoVRJQ1HzU+6+Z+i/8qp3zRHGLTBqihaZETA==
+  dependencies:
+    prosemirror-changeset "^2.2.0"
+    prosemirror-collab "^1.3.0"
+    prosemirror-commands "^1.3.1"
+    prosemirror-dropcursor "^1.5.0"
+    prosemirror-gapcursor "^1.3.1"
+    prosemirror-history "^1.3.0"
+    prosemirror-inputrules "^1.2.0"
+    prosemirror-keymap "^1.2.0"
+    prosemirror-markdown "^1.10.1"
+    prosemirror-menu "^1.2.1"
+    prosemirror-model "^1.18.1"
+    prosemirror-schema-basic "^1.2.0"
+    prosemirror-schema-list "^1.2.2"
+    prosemirror-state "^1.4.1"
+    prosemirror-tables "^1.3.0"
+    prosemirror-trailing-node "^2.0.2"
+    prosemirror-transform "^1.7.0"
+    prosemirror-view "^1.28.2"
 
 "@tiptap/suggestion@^2.0.0-beta.195":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/suggestion/-/suggestion-2.0.0-beta.209.tgz#7cd93e60024b3d229129c2723d9e09416e093dfe"
-  integrity sha512-KKV64rTzTGY1q03nK0b4wCrAmihwThYJrYlPTUTelQm0AeJ4EPTNMRSR5rHD+fVF7agqrtrCkMw46vTXd6j1Jw==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/suggestion/-/suggestion-2.0.0-beta.220.tgz#2dc05f65e89006ffaad9f2b6a3468311a305e5ee"
+  integrity sha512-lYb2HOAKJLjEBbTx5VXA32wRryQiMwaKkNfr3v6UhlwoNgD6NkCYID08UJbpMV7iM+iFQp9408D/vVWFwvOuKg==
 
 "@tiptap/vue-3@^2.0.0-beta.96":
-  version "2.0.0-beta.209"
-  resolved "https://registry.yarnpkg.com/@tiptap/vue-3/-/vue-3-2.0.0-beta.209.tgz#4bd3c5fe7b68e1f84cc4f1379ad2f916f2410ebf"
-  integrity sha512-v0GUO6mcRgDfT6bNX3fHJds9QIpYqFBiGaanvTDVlOhErOSgrOx2+QuEieG0F9nUQ1az9h0kj5NZxvP9CeTlcQ==
+  version "2.0.0-beta.220"
+  resolved "https://registry.yarnpkg.com/@tiptap/vue-3/-/vue-3-2.0.0-beta.220.tgz#69f772f6b58734dc3dec09ac3793fa3a895336b9"
+  integrity sha512-rhSKUECLE6NOjTYZHheXAGpyIqruhxkU/9YfWNLWNFIHHW9wHO+t/B3XMJAWBwgkUvRRepU5JmBBIfYd8RgqTA==
   dependencies:
-    "@tiptap/extension-bubble-menu" "^2.0.0-beta.209"
-    "@tiptap/extension-floating-menu" "^2.0.0-beta.209"
+    "@tiptap/extension-bubble-menu" "^2.0.0-beta.220"
+    "@tiptap/extension-floating-menu" "^2.0.0-beta.220"
 
 "@tootallnate/once@2":
   version "2.0.0"
@@ -1740,9 +1825,9 @@
   integrity sha512-KnRanxnpfpjUTqTCXslZSEdLfXExwgNxYPdiO2WGUj8+HDjFi8R3k5RVKPeSCzLjCcshCAtVO2QBbVuAV4kTnw==
 
 "@types/eslint@^8.4.2":
-  version "8.4.10"
-  resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.4.10.tgz#19731b9685c19ed1552da7052b6f668ed7eb64bb"
-  integrity sha512-Sl/HOqN8NKPmhWo2VBEPm0nvHnu2LL3v9vKo8MEq0EtbJ4eVzGPl41VNPvn5E1i5poMk4/XD8UriLHpJvEP/Nw==
+  version "8.21.1"
+  resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.21.1.tgz#110b441a210d53ab47795124dbc3e9bb993d1e7c"
+  integrity sha512-rc9K8ZpVjNcLs8Fp0dkozd5Pt2Apk1glO4Vgz8ix1u6yFByxfqo5Yavpy65o+93TAe24jr7v+eSBtFLvOQtCRQ==
   dependencies:
     "@types/estree" "*"
     "@types/json-schema" "*"
@@ -1809,9 +1894,9 @@
     "@types/leaflet" "*"
 
 "@types/leaflet@*", "@types/leaflet@^1.5.2":
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/@types/leaflet/-/leaflet-1.9.0.tgz#8caf452255e16cb15e0eabcb0d2a26793da0a6a2"
-  integrity sha512-7LeOSj7EloC5UcyOMo+1kc3S1UT3MjJxwqsMT1d2PTyvQz53w0Y0oSSk9nwZnOZubCmBvpSNGceucxiq+ZPEUw==
+  version "1.9.1"
+  resolved "https://registry.yarnpkg.com/@types/leaflet/-/leaflet-1.9.1.tgz#a220706b02c6024951d7fc2959d530c6941c4224"
+  integrity sha512-lYawM3I3lLO6rmBASaqdGgY6zUL4YHr3H79/axx7FNYyPXuj0P1DZHbkNo8Itbv0i7Y9EryLWtDXXROMygXhRA==
   dependencies:
     "@types/geojson" "*"
 
@@ -1844,14 +1929,24 @@
   integrity sha512-rr20mmx41OkWx4q5du2dv2sESR/6xH2tzScUQXwO8SiaQWa6PYTuan1nqBtA76FR9qkVfZY7nwQwZNC9StX/Ww==
 
 "@types/node@*":
-  version "18.11.18"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.11.18.tgz#8dfb97f0da23c2293e554c5a50d61ef134d7697f"
-  integrity sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==
+  version "18.14.6"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.14.6.tgz#ae1973dd2b1eeb1825695bb11ebfb746d27e3e93"
+  integrity sha512-93+VvleD3mXwlLI/xASjw0FzKcwzl3OdTCzm1LaRfqgS21gfFtK3zDXM5Op9TeeMsJVOaJ2VRDpT9q4Y3d0AvA==
+
+"@types/object.omit@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@types/object.omit/-/object.omit-3.0.0.tgz#0d31e1208eac8fe2ad5c9499a1016a8273bbfafc"
+  integrity sha512-I27IoPpH250TUzc9FzXd0P1BV/BMJuzqD3jOz98ehf9dQqGkxlq+hO1bIqZGWqCg5bVOy0g4AUVJtnxe0klDmw==
+
+"@types/object.pick@^1.3.1":
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/@types/object.pick/-/object.pick-1.3.2.tgz#9eb28118240ad8f658b9c9c6caf35359fdb37150"
+  integrity sha512-sn7L+qQ6RLPdXRoiaE7bZ/Ek+o4uICma/lBFPyJEKDTPTBP1W8u0c4baj3EiS4DiqLs+Hk+KUGvMVJtAw3ePJg==
 
 "@types/phoenix@^1.5.2":
-  version "1.5.4"
-  resolved "https://registry.yarnpkg.com/@types/phoenix/-/phoenix-1.5.4.tgz#c08a1da6d7b4e365f6a1fe1ff9aada55f5356d24"
-  integrity sha512-L5eZmzw89eXBKkiqVBcJfU1QGx9y+wurRIEgt0cuLH0hwNtVUxtx+6cu0R2STwWj468sjXyBYPYDtGclUd1kjQ==
+  version "1.5.5"
+  resolved "https://registry.yarnpkg.com/@types/phoenix/-/phoenix-1.5.5.tgz#2276102b16203ca16a5ec3f2e20bcc2819a8a520"
+  integrity sha512-1eWWT19k0L4ZiTvdXjAvJ9KvW0B8SdiVftQmFPJGTEx78Q4PCSIQDpz+EfkFVR1N4U9gREjlW4JXL8YCIlY0bw==
 
 "@types/prettier@^2.6.0":
   version "2.7.2"
@@ -1866,9 +1961,9 @@
     "@types/node" "*"
 
 "@types/sanitize-html@^2.5.0":
-  version "2.8.0"
-  resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-2.8.0.tgz#c53d3114d832734fc299568a3458a49f9edc1eef"
-  integrity sha512-Uih6caOm3DsBYnVGOYn0A9NoTNe1c4aPStmHC/YA2JrpP9kx//jzaRcIklFvSpvVQEcpl/ZCr4DgISSf/YxTvg==
+  version "2.8.1"
+  resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-2.8.1.tgz#0ed8022777b571e9221557ceb187482641675627"
+  integrity sha512-Q6kMAbBBaXA5IagoipeSr4Y/zuGyh4BZ5lewgb3cYe3OYqy0k/d67iMsC4O895eks676bVAe9G+0y1i0k2ZlnA==
   dependencies:
     htmlparser2 "^8.0.0"
 
@@ -1877,10 +1972,15 @@
   resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.3.13.tgz#da4bfd73f49bd541d28920ab0e2bf0ee80f71c91"
   integrity sha512-21cFJr9z3g5dW8B0CVI9g2O9beqaThGQ6ZFBqHfwhzLDKUxaqTIy3vnfah/UPkfOiF2pLq+tGz+W8RyCskuslw==
 
+"@types/throttle-debounce@^2.1.0":
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/@types/throttle-debounce/-/throttle-debounce-2.1.0.tgz#1c3df624bfc4b62f992d3012b84c56d41eab3776"
+  integrity sha512-5eQEtSCoESnh2FsiLTxE121IiE60hnMqcb435fShf4bpLRjEu1Eoekht23y6zXS9Ts3l+Szu3TARnTsA0GkOkQ==
+
 "@types/trusted-types@^2.0.2":
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.2.tgz#fc25ad9943bcac11cceb8168db4f275e0e72e756"
-  integrity sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg==
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311"
+  integrity sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g==
 
 "@types/web-bluetooth@^0.0.16":
   version "0.0.16"
@@ -1888,14 +1988,15 @@
   integrity sha512-oh8q2Zc32S6gd/j50GowEjKLoOVOwHP/bWVjKJInBwQqdOYMdPrf1oVlelTlyfFK3CKxL1uahMDAr+vy8T7yMQ==
 
 "@typescript-eslint/eslint-plugin@^5.0.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.49.0.tgz#d0b4556f0792194bf0c2fb297897efa321492389"
-  integrity sha512-IhxabIpcf++TBaBa1h7jtOWyon80SXPRLDq0dVz5SLFC/eW6tofkw/O7Ar3lkx5z5U6wzbKDrl2larprp5kk5Q==
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.54.1.tgz#0c5091289ce28372e38ab8d28e861d2dbe1ab29e"
+  integrity sha512-a2RQAkosH3d3ZIV08s3DcL/mcGc2M/UC528VkPULFxR9VnVPT8pBu0IyBAJJmVsCmhVfwQX1v6q+QGnmSe1bew==
   dependencies:
-    "@typescript-eslint/scope-manager" "5.49.0"
-    "@typescript-eslint/type-utils" "5.49.0"
-    "@typescript-eslint/utils" "5.49.0"
+    "@typescript-eslint/scope-manager" "5.54.1"
+    "@typescript-eslint/type-utils" "5.54.1"
+    "@typescript-eslint/utils" "5.54.1"
     debug "^4.3.4"
+    grapheme-splitter "^1.0.4"
     ignore "^5.2.0"
     natural-compare-lite "^1.4.0"
     regexpp "^3.2.0"
@@ -1903,147 +2004,157 @@
     tsutils "^3.21.0"
 
 "@typescript-eslint/parser@^5.0.0", "@typescript-eslint/parser@^5.10.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.49.0.tgz#d699734b2f20e16351e117417d34a2bc9d7c4b90"
-  integrity sha512-veDlZN9mUhGqU31Qiv2qEp+XrJj5fgZpJ8PW30sHU+j/8/e5ruAhLaVDAeznS7A7i4ucb/s8IozpDtt9NqCkZg==
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.54.1.tgz#05761d7f777ef1c37c971d3af6631715099b084c"
+  integrity sha512-8zaIXJp/nG9Ff9vQNh7TI+C3nA6q6iIsGJ4B4L6MhZ7mHnTMR4YP5vp2xydmFXIy8rpyIVbNAG44871LMt6ujg==
   dependencies:
-    "@typescript-eslint/scope-manager" "5.49.0"
-    "@typescript-eslint/types" "5.49.0"
-    "@typescript-eslint/typescript-estree" "5.49.0"
+    "@typescript-eslint/scope-manager" "5.54.1"
+    "@typescript-eslint/types" "5.54.1"
+    "@typescript-eslint/typescript-estree" "5.54.1"
     debug "^4.3.4"
 
-"@typescript-eslint/scope-manager@5.49.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.49.0.tgz#81b5d899cdae446c26ddf18bd47a2f5484a8af3e"
-  integrity sha512-clpROBOiMIzpbWNxCe1xDK14uPZh35u4QaZO1GddilEzoCLAEz4szb51rBpdgurs5k2YzPtJeTEN3qVbG+LRUQ==
+"@typescript-eslint/scope-manager@5.54.1":
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.54.1.tgz#6d864b4915741c608a58ce9912edf5a02bb58735"
+  integrity sha512-zWKuGliXxvuxyM71UA/EcPxaviw39dB2504LqAmFDjmkpO8qNLHcmzlh6pbHs1h/7YQ9bnsO8CCcYCSA8sykUg==
   dependencies:
-    "@typescript-eslint/types" "5.49.0"
-    "@typescript-eslint/visitor-keys" "5.49.0"
+    "@typescript-eslint/types" "5.54.1"
+    "@typescript-eslint/visitor-keys" "5.54.1"
 
-"@typescript-eslint/type-utils@5.49.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-5.49.0.tgz#8d5dcc8d422881e2ccf4ebdc6b1d4cc61aa64125"
-  integrity sha512-eUgLTYq0tR0FGU5g1YHm4rt5H/+V2IPVkP0cBmbhRyEmyGe4XvJ2YJ6sYTmONfjmdMqyMLad7SB8GvblbeESZA==
+"@typescript-eslint/type-utils@5.54.1":
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-5.54.1.tgz#4825918ec27e55da8bb99cd07ec2a8e5f50ab748"
+  integrity sha512-WREHsTz0GqVYLIbzIZYbmUUr95DKEKIXZNH57W3s+4bVnuF1TKe2jH8ZNH8rO1CeMY3U4j4UQeqPNkHMiGem3g==
   dependencies:
-    "@typescript-eslint/typescript-estree" "5.49.0"
-    "@typescript-eslint/utils" "5.49.0"
+    "@typescript-eslint/typescript-estree" "5.54.1"
+    "@typescript-eslint/utils" "5.54.1"
     debug "^4.3.4"
     tsutils "^3.21.0"
 
-"@typescript-eslint/types@5.49.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.49.0.tgz#ad66766cb36ca1c89fcb6ac8b87ec2e6dac435c3"
-  integrity sha512-7If46kusG+sSnEpu0yOz2xFv5nRz158nzEXnJFCGVEHWnuzolXKwrH5Bsf9zsNlOQkyZuk0BZKKoJQI+1JPBBg==
+"@typescript-eslint/types@5.54.1":
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.54.1.tgz#29fbac29a716d0f08c62fe5de70c9b6735de215c"
+  integrity sha512-G9+1vVazrfAfbtmCapJX8jRo2E4MDXxgm/IMOF4oGh3kq7XuK3JRkOg6y2Qu1VsTRmWETyTkWt1wxy7X7/yLkw==
 
-"@typescript-eslint/typescript-estree@5.49.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.49.0.tgz#ebd6294c0ea97891fce6af536048181e23d729c8"
-  integrity sha512-PBdx+V7deZT/3GjNYPVQv1Nc0U46dAHbIuOG8AZ3on3vuEKiPDwFE/lG1snN2eUB9IhF7EyF7K1hmTcLztNIsA==
+"@typescript-eslint/typescript-estree@5.54.1":
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.54.1.tgz#df7b6ae05fd8fef724a87afa7e2f57fa4a599be1"
+  integrity sha512-bjK5t+S6ffHnVwA0qRPTZrxKSaFYocwFIkZx5k7pvWfsB1I57pO/0M0Skatzzw1sCkjJ83AfGTL0oFIFiDX3bg==
   dependencies:
-    "@typescript-eslint/types" "5.49.0"
-    "@typescript-eslint/visitor-keys" "5.49.0"
+    "@typescript-eslint/types" "5.54.1"
+    "@typescript-eslint/visitor-keys" "5.54.1"
     debug "^4.3.4"
     globby "^11.1.0"
     is-glob "^4.0.3"
     semver "^7.3.7"
     tsutils "^3.21.0"
 
-"@typescript-eslint/utils@5.49.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-5.49.0.tgz#1c07923bc55ff7834dfcde487fff8d8624a87b32"
-  integrity sha512-cPJue/4Si25FViIb74sHCLtM4nTSBXtLx1d3/QT6mirQ/c65bV8arBEebBJJizfq8W2YyMoPI/WWPFWitmNqnQ==
+"@typescript-eslint/utils@5.54.1":
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-5.54.1.tgz#7a3ee47409285387b9d4609ea7e1020d1797ec34"
+  integrity sha512-IY5dyQM8XD1zfDe5X8jegX6r2EVU5o/WJnLu/znLPWCBF7KNGC+adacXnt5jEYS9JixDcoccI6CvE4RCjHMzCQ==
   dependencies:
     "@types/json-schema" "^7.0.9"
     "@types/semver" "^7.3.12"
-    "@typescript-eslint/scope-manager" "5.49.0"
-    "@typescript-eslint/types" "5.49.0"
-    "@typescript-eslint/typescript-estree" "5.49.0"
+    "@typescript-eslint/scope-manager" "5.54.1"
+    "@typescript-eslint/types" "5.54.1"
+    "@typescript-eslint/typescript-estree" "5.54.1"
     eslint-scope "^5.1.1"
     eslint-utils "^3.0.0"
     semver "^7.3.7"
 
-"@typescript-eslint/visitor-keys@5.49.0":
-  version "5.49.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.49.0.tgz#2561c4da3f235f5c852759bf6c5faec7524f90fe"
-  integrity sha512-v9jBMjpNWyn8B6k/Mjt6VbUS4J1GvUlR4x3Y+ibnP1z7y7V4n0WRz+50DY6+Myj0UaXVSuUlHohO+eZ8IJEnkg==
+"@typescript-eslint/visitor-keys@5.54.1":
+  version "5.54.1"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.54.1.tgz#d7a8a0f7181d6ac748f4d47b2306e0513b98bf8b"
+  integrity sha512-q8iSoHTgwCfgcRJ2l2x+xCbu8nBlRAlsQ33k24Adj8eoVBE0f8dUeI+bAa8F84Mv05UGbAx57g2zrRsYIooqQg==
   dependencies:
-    "@typescript-eslint/types" "5.49.0"
+    "@typescript-eslint/types" "5.54.1"
     eslint-visitor-keys "^3.3.0"
 
-"@unhead/dom@^1.0.18":
-  version "1.0.18"
-  resolved "https://registry.yarnpkg.com/@unhead/dom/-/dom-1.0.18.tgz#bba1e160ab8058597d3f1d0d63a431e1ead9697f"
-  integrity sha512-zX7w/Z3a1/spyQ3SuxB/0s1Tjx8zu5RzYBBXTtYvGutF8g/ScXreC0c5Vm5F3x4HOPdWG+71Qr/M+k6AxPLHDA==
+"@unhead/dom@1.1.20", "@unhead/dom@^1.1.19":
+  version "1.1.20"
+  resolved "https://registry.yarnpkg.com/@unhead/dom/-/dom-1.1.20.tgz#2273c6e7528dc966360c3eccf3820b2288952b46"
+  integrity sha512-LKd3Wq1myQmhea/5ysa9LsWWYFgtRhJ8D75PQfsIz9SOvjAUs6gNJi2Tv9adXr5gfFGXd0s2EMTLk/0IPTBwdg==
   dependencies:
-    "@unhead/schema" "1.0.18"
+    "@unhead/schema" "1.1.20"
+    "@unhead/shared" "1.1.20"
 
-"@unhead/schema@1.0.18", "@unhead/schema@^1.0.18":
-  version "1.0.18"
-  resolved "https://registry.yarnpkg.com/@unhead/schema/-/schema-1.0.18.tgz#c8c5bc9b43a21a85c681c337e6b038b6b5b29e85"
-  integrity sha512-LjNxwwQMZTD0b3LlB4/mmCZpO6HP7ZjK5sKuMpy7/+2O9HJO6TefxsDVrJVAitdUfm5Jej9cNEjnL2gJkc2uWg==
+"@unhead/schema@1.1.20", "@unhead/schema@^1.1.19":
+  version "1.1.20"
+  resolved "https://registry.yarnpkg.com/@unhead/schema/-/schema-1.1.20.tgz#6cbcfa22e46dff0d59d92a0a6a43850349c0f450"
+  integrity sha512-XAMPCJjE+AhOW+HCYgxwNT7KX1Ch0y/byduJvM3kdwk4oA5lHRxF7M+s98FTZPpGJmlJr07CdW3l3w+qxmaJLQ==
   dependencies:
-    "@zhead/schema" "^1.0.9"
     hookable "^5.4.2"
+    zhead "^2.0.4"
 
-"@unhead/ssr@^1.0.18":
-  version "1.0.18"
-  resolved "https://registry.yarnpkg.com/@unhead/ssr/-/ssr-1.0.18.tgz#9bc15ef09fc195177ec9461972fd2caec27bb2fc"
-  integrity sha512-In0bJSLAyN8DdCuNJaoOIrjsK40g904ELR/0Eue9VzyO0fe147dPGfYlwwUrZOqj0JzGtndiQCF/D6bjn76ovw==
+"@unhead/shared@1.1.20":
+  version "1.1.20"
+  resolved "https://registry.yarnpkg.com/@unhead/shared/-/shared-1.1.20.tgz#a925b2185819fa24b7710d7c9f7b83f900145810"
+  integrity sha512-8fJ1hB8bRw7JM9Lq98OSmLeDmajHHA9ymg8y7aDBC/R5lq+/WWSMtmXs+JNs4rsl+1gHPdl4YbjdEHp6OvcnpA==
   dependencies:
-    "@unhead/schema" "1.0.18"
+    "@unhead/schema" "1.1.20"
 
-"@unhead/vue@^1.0.18":
-  version "1.0.18"
-  resolved "https://registry.yarnpkg.com/@unhead/vue/-/vue-1.0.18.tgz#9b00e95a62966324a8a6d4749be6883c141a85c1"
-  integrity sha512-VZ61a2pRtGXI9sj1aba5Qmm35veVvRDIE0Xsog3I0TfwavlwklZcg9bF2eT+GcDnsq1NxNO7uDyrb/+xNAzSxA==
+"@unhead/ssr@^1.1.19":
+  version "1.1.20"
+  resolved "https://registry.yarnpkg.com/@unhead/ssr/-/ssr-1.1.20.tgz#fbdf73a4b51509aa5aae45ec42343c58ba140a6e"
+  integrity sha512-h+5rH4dMe+SorWJv2JiBVE8uchdXFbuSUfXtKBw/VmlBE69DXlZMEcIa2BDmp12wRiU9W8MtWOSvvPuBQ2Hm3g==
   dependencies:
-    "@unhead/schema" "1.0.18"
+    "@unhead/schema" "1.1.20"
+    "@unhead/shared" "1.1.20"
+
+"@unhead/vue@^1.1.19":
+  version "1.1.20"
+  resolved "https://registry.yarnpkg.com/@unhead/vue/-/vue-1.1.20.tgz#3c3217ead0b1805abca4f3194fe6db66ca0947de"
+  integrity sha512-I6TaAcO+B+czD/W6I6HQ2EFu/aJ7r0/EEz4Ltlg/YrdKL1beqh2nDY+R1Xz43EqKS0yvxGTlJHJ9cBmtSP2b0g==
+  dependencies:
+    "@unhead/schema" "1.1.20"
+    "@unhead/shared" "1.1.20"
     hookable "^5.4.2"
+    unhead "1.1.20"
 
 "@vitejs/plugin-vue@^4.0.0":
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/@vitejs/plugin-vue/-/plugin-vue-4.0.0.tgz#93815beffd23db46288c787352a8ea31a0c03e5e"
   integrity sha512-e0X4jErIxAB5oLtDqbHvHpJe/uWNkdpYV83AOG2xo2tEVSzCzewgJMtREZM30wXnM5ls90hxiOtAuVU6H5JgbA==
 
-"@vitest/coverage-c8@^0.28.2":
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/@vitest/coverage-c8/-/coverage-c8-0.28.2.tgz#6fc03502b98102a568a49a357bc3fb41d10933c4"
-  integrity sha512-BWiOUk+d5LvK/9pKaYbL8eLng2EFXgTQMH9QN5nOoizWWKXGNO6LjduVpoz8ZQfb8/6tMVhae7SAS+w0zkRkNw==
+"@vitest/coverage-c8@^0.29.2":
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/@vitest/coverage-c8/-/coverage-c8-0.29.2.tgz#30b81e32ff11c20e2f3ab78c84e21b4c6c08190c"
+  integrity sha512-NmD3WirQCeQjjKfHu4iEq18DVOBFbLn9TKVdMpyi5YW2EtnS+K22/WE+9/wRrepOhyeTxuEFgxUVkCAE1GhbnQ==
   dependencies:
-    c8 "^7.12.0"
+    c8 "^7.13.0"
     picocolors "^1.0.0"
     std-env "^3.3.1"
-    vitest "0.28.2"
 
-"@vitest/expect@0.28.2":
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/@vitest/expect/-/expect-0.28.2.tgz#375af32579b3d6b972a1fe0be0e0260ffb84bc7d"
-  integrity sha512-syEAK7I24/aGR2lXma98WNnvMwAJ+fMx32yPcj8eLdCEWjZI3SH8ozMaKQMy65B/xZCZAl6MXmfjtJb2CpWPMg==
+"@vitest/expect@0.29.2":
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/@vitest/expect/-/expect-0.29.2.tgz#7503aabd72764612b0bc8258bafa3232ccb81586"
+  integrity sha512-wjrdHB2ANTch3XKRhjWZN0UueFocH0cQbi2tR5Jtq60Nb3YOSmakjdAvUa2JFBu/o8Vjhj5cYbcMXkZxn1NzmA==
   dependencies:
-    "@vitest/spy" "0.28.2"
-    "@vitest/utils" "0.28.2"
+    "@vitest/spy" "0.29.2"
+    "@vitest/utils" "0.29.2"
     chai "^4.3.7"
 
-"@vitest/runner@0.28.2":
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/@vitest/runner/-/runner-0.28.2.tgz#671c8f489ceac2bcf1bc2d993f9920da10347d3f"
-  integrity sha512-BJ9CtfPwWM8uc5p7Ty0OprwApyh8RIaSK7QeQPhwfDYA59AAE009OytqA3aX0yj1Qy5+k/mYFJS8RJZgsueSGA==
+"@vitest/runner@0.29.2":
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/@vitest/runner/-/runner-0.29.2.tgz#bbc7b239758de4158392bb343e48ee5a4aa507e1"
+  integrity sha512-A1P65f5+6ru36AyHWORhuQBJrOOcmDuhzl5RsaMNFe2jEkoj0faEszQS4CtPU/LxUYVIazlUtZTY0OEZmyZBnA==
   dependencies:
-    "@vitest/utils" "0.28.2"
+    "@vitest/utils" "0.29.2"
     p-limit "^4.0.0"
     pathe "^1.1.0"
 
-"@vitest/spy@0.28.2":
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/@vitest/spy/-/spy-0.28.2.tgz#74d970601eebc41d48e685323b2853b2c88f8db4"
-  integrity sha512-KlLzTzi5E6tHcI12VT+brlY1Pdi7sUzLf9+YXgh80+CfLu9DqPZi38doBBAUhqEnW/emoLCMinPMMoJlNAQZXA==
+"@vitest/spy@0.29.2":
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/@vitest/spy/-/spy-0.29.2.tgz#4210d844fabd9a68a1d2932d6a26c051bd089021"
+  integrity sha512-Hc44ft5kaAytlGL2PyFwdAsufjbdOvHklwjNy/gy/saRbg9Kfkxfh+PklLm1H2Ib/p586RkQeNFKYuJInUssyw==
   dependencies:
     tinyspy "^1.0.2"
 
-"@vitest/ui@^0.28.2":
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/@vitest/ui/-/ui-0.28.2.tgz#cc3e0b20c0dacbebcb6d16759664d40eed3651b5"
-  integrity sha512-haPr3i3KnhrDzw2LYbF56OuCZsui4xyDWApB+rjBoTan8F/GR0NVT98x4hog1xGID3qoEbYYjAxEl7+GFYpHTg==
+"@vitest/ui@^0.29.2":
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/@vitest/ui/-/ui-0.29.2.tgz#b5c9d6e7c98163a5136c91760a602cf61edc473b"
+  integrity sha512-GpCExCMptrS1z3Xf6kz35Xdvjc2eTBy9OIIwW3HjePVxw9Q++ZoEaIBVimRTTGzSe40XiAI/ZyR0H0Ya9brqLA==
   dependencies:
     fast-glob "^3.2.12"
     flatted "^3.2.7"
@@ -2051,10 +2162,10 @@
     picocolors "^1.0.0"
     sirv "^2.0.2"
 
-"@vitest/utils@0.28.2":
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/@vitest/utils/-/utils-0.28.2.tgz#2d79de7afb44e821a2c7e692bafb40d2cf765bb7"
-  integrity sha512-wcVTNnVdr22IGxZHDgiXrxWYcXsNg0iX2iBuOH3tVs9eme6fXJ0wxjn0/gCpp0TofQSoUwo3tX8LNACFVseDuA==
+"@vitest/utils@0.29.2":
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/@vitest/utils/-/utils-0.29.2.tgz#8990794a6855de19b59da80413dc5a1e1991da4d"
+  integrity sha512-F14/Uc+vCdclStS2KEoXJlOLAEyqRhnw0gM27iXw9bMTcyKRPJrQ+rlC6XZ125GIPvvKYMPpVxNhiou6PsEeYQ==
   dependencies:
     cli-truncate "^3.1.0"
     diff "^5.1.0"
@@ -2073,60 +2184,60 @@
   integrity sha512-oKx0YE/nfWSBI48RKHoRsUmpY0//rDPBZTGk1LxhkkUsXPwzuMlJBFrWGIswdd+3DiIE5OyiDaM45ZldYjtDIA==
 
 "@vue-leaflet/vue-leaflet@^0.8.0":
-  version "0.8.0"
-  resolved "https://registry.yarnpkg.com/@vue-leaflet/vue-leaflet/-/vue-leaflet-0.8.0.tgz#59318f9957453b4817a180200a30f0b0bc53f210"
-  integrity sha512-oHPdD4zq243NvK98T+HiRT9qf1zvRys5KO0eDdRkZKd09i9Epj9ALPoRqF2NFUPcS8G2yEO1qCLiKAgFQ26ARQ==
+  version "0.8.4"
+  resolved "https://registry.yarnpkg.com/@vue-leaflet/vue-leaflet/-/vue-leaflet-0.8.4.tgz#8a26606fd1c28e1ca8717aebd4c5c147057c6b29"
+  integrity sha512-FyD75jMKzBQCW4TrzRMrIBa8OwaUXaSeaDWJvp7FIjpZzk8niHBfpP+QirA/BT9536FJXviRkmwac3Z7YOQHKQ==
 
 "@vue/apollo-composable@^4.0.0-beta.1":
-  version "4.0.0-beta.1"
-  resolved "https://registry.yarnpkg.com/@vue/apollo-composable/-/apollo-composable-4.0.0-beta.1.tgz#ef7181503785c464bfddb8025870d24b5c8813af"
-  integrity sha512-WjyePUFYft7dZMNrO63DuP5bsl1AO1SKhfy688r2HXlyrCQAxvfRXOiPqnPzhmRn7kyWTKfrwwhkFJfnSq7vyA==
+  version "4.0.0-beta.4"
+  resolved "https://registry.yarnpkg.com/@vue/apollo-composable/-/apollo-composable-4.0.0-beta.4.tgz#a93cbccfdcf9558ada0161294b42f77bee5e6a0b"
+  integrity sha512-lErWL+9LGfWfdfrSYY3DQB/A8Asqs46MiKwmgKeKSj7fe01tx0UpH43aiwMGj+VgEzBZ9AfqEa/Bxf0Nff/NNw==
   dependencies:
     throttle-debounce "^3.0.1"
     ts-essentials "^9.1.2"
     vue-demi "^0.13.1"
 
-"@vue/compiler-core@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/compiler-core/-/compiler-core-3.2.45.tgz#d9311207d96f6ebd5f4660be129fb99f01ddb41b"
-  integrity sha512-rcMj7H+PYe5wBV3iYeUgbCglC+pbpN8hBLTJvRiK2eKQiWqu+fG9F+8sW99JdL4LQi7Re178UOxn09puSXvn4A==
+"@vue/compiler-core@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/compiler-core/-/compiler-core-3.2.47.tgz#3e07c684d74897ac9aa5922c520741f3029267f8"
+  integrity sha512-p4D7FDnQb7+YJmO2iPEv0SQNeNzcbHdGByJDsT4lynf63AFkOTFN07HsiRSvjGo0QrxR/o3d0hUyNCUnBU2Tig==
   dependencies:
     "@babel/parser" "^7.16.4"
-    "@vue/shared" "3.2.45"
+    "@vue/shared" "3.2.47"
     estree-walker "^2.0.2"
     source-map "^0.6.1"
 
-"@vue/compiler-dom@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/compiler-dom/-/compiler-dom-3.2.45.tgz#c43cc15e50da62ecc16a42f2622d25dc5fd97dce"
-  integrity sha512-tyYeUEuKqqZO137WrZkpwfPCdiiIeXYCcJ8L4gWz9vqaxzIQRccTSwSWZ/Axx5YR2z+LvpUbmPNXxuBU45lyRw==
+"@vue/compiler-dom@3.2.47", "@vue/compiler-dom@^3.0.1":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/compiler-dom/-/compiler-dom-3.2.47.tgz#a0b06caf7ef7056939e563dcaa9cbde30794f305"
+  integrity sha512-dBBnEHEPoftUiS03a4ggEig74J2YBZ2UIeyfpcRM2tavgMWo4bsEfgCGsu+uJIL/vax9S+JztH8NmQerUo7shQ==
   dependencies:
-    "@vue/compiler-core" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/compiler-core" "3.2.47"
+    "@vue/shared" "3.2.47"
 
-"@vue/compiler-sfc@3.2.45", "@vue/compiler-sfc@^3.2.37":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/compiler-sfc/-/compiler-sfc-3.2.45.tgz#7f7989cc04ec9e7c55acd406827a2c4e96872c70"
-  integrity sha512-1jXDuWah1ggsnSAOGsec8cFjT/K6TMZ0sPL3o3d84Ft2AYZi2jWJgRMjw4iaK0rBfA89L5gw427H4n1RZQBu6Q==
+"@vue/compiler-sfc@3.2.47", "@vue/compiler-sfc@^3.2.37":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/compiler-sfc/-/compiler-sfc-3.2.47.tgz#1bdc36f6cdc1643f72e2c397eb1a398f5004ad3d"
+  integrity sha512-rog05W+2IFfxjMcFw10tM9+f7i/+FFpZJJ5XHX72NP9eC2uRD+42M3pYcQqDXVYoj74kHMSEdQ/WmCjt8JFksQ==
   dependencies:
     "@babel/parser" "^7.16.4"
-    "@vue/compiler-core" "3.2.45"
-    "@vue/compiler-dom" "3.2.45"
-    "@vue/compiler-ssr" "3.2.45"
-    "@vue/reactivity-transform" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/compiler-core" "3.2.47"
+    "@vue/compiler-dom" "3.2.47"
+    "@vue/compiler-ssr" "3.2.47"
+    "@vue/reactivity-transform" "3.2.47"
+    "@vue/shared" "3.2.47"
     estree-walker "^2.0.2"
     magic-string "^0.25.7"
     postcss "^8.1.10"
     source-map "^0.6.1"
 
-"@vue/compiler-ssr@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/compiler-ssr/-/compiler-ssr-3.2.45.tgz#bd20604b6e64ea15344d5b6278c4141191c983b2"
-  integrity sha512-6BRaggEGqhWht3lt24CrIbQSRD5O07MTmd+LjAn5fJj568+R9eUD2F7wMQJjX859seSlrYog7sUtrZSd7feqrQ==
+"@vue/compiler-ssr@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/compiler-ssr/-/compiler-ssr-3.2.47.tgz#35872c01a273aac4d6070ab9d8da918ab13057ee"
+  integrity sha512-wVXC+gszhulcMD8wpxMsqSOpvDZ6xKXSVWkf50Guf/S+28hTAXPDYRTbLQ3EDkOP5Xz/+SY37YiwDquKbJOgZw==
   dependencies:
-    "@vue/compiler-dom" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/compiler-dom" "3.2.47"
+    "@vue/shared" "3.2.47"
 
 "@vue/devtools-api@^6.2.1", "@vue/devtools-api@^6.4.5":
   version "6.5.0"
@@ -2134,9 +2245,9 @@
   integrity sha512-o9KfBeaBmCKl10usN4crU53fYtC1r7jJwdGKjPT24t348rHxgfpZ0xL3Xm/gLUYnc0oTp8LAmrxOeLyu6tbk2Q==
 
 "@vue/eslint-config-prettier@^7.0.0":
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/@vue/eslint-config-prettier/-/eslint-config-prettier-7.0.0.tgz#44ab55ca22401102b57795c59428e9dade72be34"
-  integrity sha512-/CTc6ML3Wta1tCe1gUeO0EYnVXfo3nJXsIhZ8WJr3sov+cGASr6yuiibJTL6lmIBm7GobopToOuB3B6AWyV0Iw==
+  version "7.1.0"
+  resolved "https://registry.yarnpkg.com/@vue/eslint-config-prettier/-/eslint-config-prettier-7.1.0.tgz#97936379c7fb1d982b9d2c6b122306e3c2e464c8"
+  integrity sha512-Pv/lVr0bAzSIHLd9iz0KnvAr4GKyCEl+h52bc4e5yWuDVtLgFwycF7nrbWTAQAS+FU6q1geVd07lc6EWfJiWKQ==
   dependencies:
     eslint-config-prettier "^8.3.0"
     eslint-plugin-prettier "^4.0.0"
@@ -2150,98 +2261,101 @@
     "@typescript-eslint/parser" "^5.0.0"
     vue-eslint-parser "^9.0.0"
 
-"@vue/reactivity-transform@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/reactivity-transform/-/reactivity-transform-3.2.45.tgz#07ac83b8138550c83dfb50db43cde1e0e5e8124d"
-  integrity sha512-BHVmzYAvM7vcU5WmuYqXpwaBHjsS8T63jlKGWVtHxAHIoMIlmaMyurUSEs1Zcg46M4AYT5MtB1U274/2aNzjJQ==
+"@vue/reactivity-transform@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/reactivity-transform/-/reactivity-transform-3.2.47.tgz#e45df4d06370f8abf29081a16afd25cffba6d84e"
+  integrity sha512-m8lGXw8rdnPVVIdIFhf0LeQ/ixyHkH5plYuS83yop5n7ggVJU+z5v0zecwEnX7fa7HNLBhh2qngJJkxpwEEmYA==
   dependencies:
     "@babel/parser" "^7.16.4"
-    "@vue/compiler-core" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/compiler-core" "3.2.47"
+    "@vue/shared" "3.2.47"
     estree-walker "^2.0.2"
     magic-string "^0.25.7"
 
-"@vue/reactivity@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/reactivity/-/reactivity-3.2.45.tgz#412a45b574de601be5a4a5d9a8cbd4dee4662ff0"
-  integrity sha512-PRvhCcQcyEVohW0P8iQ7HDcIOXRjZfAsOds3N99X/Dzewy8TVhTCT4uXpAHfoKjVTJRA0O0K+6QNkDIZAxNi3A==
+"@vue/reactivity@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/reactivity/-/reactivity-3.2.47.tgz#1d6399074eadfc3ed35c727e2fd707d6881140b6"
+  integrity sha512-7khqQ/75oyyg+N/e+iwV6lpy1f5wq759NdlS1fpAhFXa8VeAIKGgk2E/C4VF59lx5b+Ezs5fpp/5WsRYXQiKxQ==
   dependencies:
-    "@vue/shared" "3.2.45"
+    "@vue/shared" "3.2.47"
 
-"@vue/runtime-core@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/runtime-core/-/runtime-core-3.2.45.tgz#7ad7ef9b2519d41062a30c6fa001ec43ac549c7f"
-  integrity sha512-gzJiTA3f74cgARptqzYswmoQx0fIA+gGYBfokYVhF8YSXjWTUA2SngRzZRku2HbGbjzB6LBYSbKGIaK8IW+s0A==
+"@vue/runtime-core@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/runtime-core/-/runtime-core-3.2.47.tgz#406ebade3d5551c00fc6409bbc1eeb10f32e121d"
+  integrity sha512-RZxbLQIRB/K0ev0K9FXhNbBzT32H9iRtYbaXb0ZIz2usLms/D55dJR2t6cIEUn6vyhS3ALNvNthI+Q95C+NOpA==
   dependencies:
-    "@vue/reactivity" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/reactivity" "3.2.47"
+    "@vue/shared" "3.2.47"
 
-"@vue/runtime-dom@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/runtime-dom/-/runtime-dom-3.2.45.tgz#1a2ef6ee2ad876206fbbe2a884554bba2d0faf59"
-  integrity sha512-cy88YpfP5Ue2bDBbj75Cb4bIEZUMM/mAkDMfqDTpUYVgTf/kuQ2VQ8LebuZ8k6EudgH8pYhsGWHlY0lcxlvTwA==
+"@vue/runtime-dom@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/runtime-dom/-/runtime-dom-3.2.47.tgz#93e760eeaeab84dedfb7c3eaf3ed58d776299382"
+  integrity sha512-ArXrFTjS6TsDei4qwNvgrdmHtD930KgSKGhS5M+j8QxXrDJYLqYw4RRcDy1bz1m1wMmb6j+zGLifdVHtkXA7gA==
   dependencies:
-    "@vue/runtime-core" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/runtime-core" "3.2.47"
+    "@vue/shared" "3.2.47"
     csstype "^2.6.8"
 
-"@vue/server-renderer@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/server-renderer/-/server-renderer-3.2.45.tgz#ca9306a0c12b0530a1a250e44f4a0abac6b81f3f"
-  integrity sha512-ebiMq7q24WBU1D6uhPK//2OTR1iRIyxjF5iVq/1a5I1SDMDyDu4Ts6fJaMnjrvD3MqnaiFkKQj+LKAgz5WIK3g==
+"@vue/server-renderer@3.2.47", "@vue/server-renderer@^3.0.1":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/server-renderer/-/server-renderer-3.2.47.tgz#8aa1d1871fc4eb5a7851aa7f741f8f700e6de3c0"
+  integrity sha512-dN9gc1i8EvmP9RCzvneONXsKfBRgqFeFZLurmHOveL7oH6HiFXJw5OGu294n1nHc/HMgTy6LulU/tv5/A7f/LA==
   dependencies:
-    "@vue/compiler-ssr" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/compiler-ssr" "3.2.47"
+    "@vue/shared" "3.2.47"
 
-"@vue/shared@3.2.45":
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/@vue/shared/-/shared-3.2.45.tgz#a3fffa7489eafff38d984e23d0236e230c818bc2"
-  integrity sha512-Ewzq5Yhimg7pSztDV+RH1UDKBzmtqieXQlpTVm2AwraoRL/Rks96mvd8Vgi7Lj+h+TH8dv7mXD3FRZR3TUvbSg==
+"@vue/shared@3.2.47":
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/@vue/shared/-/shared-3.2.47.tgz#e597ef75086c6e896ff5478a6bfc0a7aa4bbd14c"
+  integrity sha512-BHGyyGN3Q97EZx0taMQ+OLNuZcW3d37ZEVmEAyeoA9ERdGvm9Irc/0Fua8SNyOtV1w6BS4q25wbMzJujO9HIfQ==
 
 "@vue/test-utils@^2.0.2":
-  version "2.2.8"
-  resolved "https://registry.yarnpkg.com/@vue/test-utils/-/test-utils-2.2.8.tgz#2002a2b2c90309f66c5c175b735621438832a610"
-  integrity sha512-/R8DKzp41Ip/RqTt1jvOVi5gxby3EwNWiYHNYsG9FAjEvt0gzDvYN55lCKzX7IdnI5zVIOo5tHtts0SLT+JrWw==
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/@vue/test-utils/-/test-utils-2.3.0.tgz#0793a2bd94135c0374a720c38f76244997c4316b"
+  integrity sha512-S8/9Z+B4VSsTUNtZtzS7J1TfxJbf10n+gcH9X8cASbG0Tp7qD6vqs/sUNlmpzk6i7+pP00ptauJp9rygyW89Ww==
   dependencies:
     js-beautify "1.14.6"
+  optionalDependencies:
+    "@vue/compiler-dom" "^3.0.1"
+    "@vue/server-renderer" "^3.0.1"
 
 "@vueuse/core@^9.1.0":
-  version "9.11.1"
-  resolved "https://registry.yarnpkg.com/@vueuse/core/-/core-9.11.1.tgz#1552aef67144220da7e6b797372a194a9c7ff52e"
-  integrity sha512-E/cizD1w9ILkq4axYjZrXLkKaBfzloaby2n3NMjUfd6yI/jkfTVgc6iwy/Cw2e++Ld4LphGbO+3MhzizvwUslQ==
+  version "9.13.0"
+  resolved "https://registry.yarnpkg.com/@vueuse/core/-/core-9.13.0.tgz#2f69e66d1905c1e4eebc249a01759cf88ea00cf4"
+  integrity sha512-pujnclbeHWxxPRqXWmdkKV5OX4Wk4YeK7wusHqRwU0Q7EFusHoqNA/aPhB6KCh9hEqJkLAJo7bb0Lh9b+OIVzw==
   dependencies:
     "@types/web-bluetooth" "^0.0.16"
-    "@vueuse/metadata" "9.11.1"
-    "@vueuse/shared" "9.11.1"
+    "@vueuse/metadata" "9.13.0"
+    "@vueuse/shared" "9.13.0"
     vue-demi "*"
 
 "@vueuse/head@^1.0":
-  version "1.0.23"
-  resolved "https://registry.yarnpkg.com/@vueuse/head/-/head-1.0.23.tgz#1834f4c08fe01f970074c0af1051275473f6e696"
-  integrity sha512-CiC9VWYbvwAqjWDBJH4WfQfBk7NWMZpvmpvIUYsm3X+aa8QHMiDGzR+RFKZSUtykiCGnSZk97yIvo5eJBmSh8A==
+  version "1.1.19"
+  resolved "https://registry.yarnpkg.com/@vueuse/head/-/head-1.1.19.tgz#41d397623cb9bbbf0cf206a24aa4c1e3633ceb60"
+  integrity sha512-ow6HqD0gDfz97rsS3CSJ3lKrQjMpvzK6gy2+N5reWyk6mOYzOpVx96iLYaq7KETDxC820aqx1SDukhXgEMwqCg==
   dependencies:
-    "@unhead/dom" "^1.0.18"
-    "@unhead/schema" "^1.0.18"
-    "@unhead/ssr" "^1.0.18"
-    "@unhead/vue" "^1.0.18"
+    "@unhead/dom" "^1.1.19"
+    "@unhead/schema" "^1.1.19"
+    "@unhead/ssr" "^1.1.19"
+    "@unhead/vue" "^1.1.19"
 
-"@vueuse/metadata@9.11.1":
-  version "9.11.1"
-  resolved "https://registry.yarnpkg.com/@vueuse/metadata/-/metadata-9.11.1.tgz#f4e5fd9cb421c5a02373d034a0ce53538b370518"
-  integrity sha512-ABjkrG+VXggNhjfGyw5e/sekxTZfXTwjrYXkkWQmQ7Biyv+Gq9UD6IDNfeGvQZEINI0Qzw6nfuO2UFCd3hlrxQ==
+"@vueuse/metadata@9.13.0":
+  version "9.13.0"
+  resolved "https://registry.yarnpkg.com/@vueuse/metadata/-/metadata-9.13.0.tgz#bc25a6cdad1b1a93c36ce30191124da6520539ff"
+  integrity sha512-gdU7TKNAUVlXXLbaF+ZCfte8BjRJQWPCa2J55+7/h+yDtzw3vOoGQDRXzI6pyKyo6bXFT5/QoPE4hAknExjRLQ==
 
 "@vueuse/router@^9.0.2":
-  version "9.11.1"
-  resolved "https://registry.yarnpkg.com/@vueuse/router/-/router-9.11.1.tgz#cdf32998a8646b0fda47e52cb9b89301d392766c"
-  integrity sha512-nGmPnBZCcErEDpN2FXLcbdsHKSyRr10y+u2HzzJeDj3IutZjlCEysEOdDzlfjgUssNWao6CeSIb3sRMFZpWRsA==
+  version "9.13.0"
+  resolved "https://registry.yarnpkg.com/@vueuse/router/-/router-9.13.0.tgz#cfc757fa89c654ab749c60bc2445f945cbb86b32"
+  integrity sha512-lcL6auSUGMGZMdDzZJb02QDe909AChzMXoxqFS3gL2E8mHmIx0SrNor+33UkqvvBPi18vXpDq/R7tPd9fxWwTg==
   dependencies:
-    "@vueuse/shared" "9.11.1"
+    "@vueuse/shared" "9.13.0"
     vue-demi "*"
 
-"@vueuse/shared@9.11.1":
-  version "9.11.1"
-  resolved "https://registry.yarnpkg.com/@vueuse/shared/-/shared-9.11.1.tgz#c76805c9d86da109b132529b4745d7d706106e7f"
-  integrity sha512-UTZYGAjT96hWn4buf4wstZbeheBVNcKPQuej6qpoSkjF1atdaeCD6kqm9uGL2waHfisSgH9mq0qCRiBOk5C/2w==
+"@vueuse/shared@9.13.0":
+  version "9.13.0"
+  resolved "https://registry.yarnpkg.com/@vueuse/shared/-/shared-9.13.0.tgz#089ff4cc4e2e7a4015e57a8f32e4b39d096353b9"
+  integrity sha512-UrnhU+Cnufu4S6JLCPZnkWh0WwZGUp72ktOF2DFptMlOs3TOdVv8xJN53zhHGARmVOsz5KqOls09+J1NR6sBKw==
   dependencies:
     vue-demi "*"
 
@@ -2273,11 +2387,6 @@
   dependencies:
     tslib "^2.3.0"
 
-"@zhead/schema@^1.0.9":
-  version "1.0.9"
-  resolved "https://registry.yarnpkg.com/@zhead/schema/-/schema-1.0.9.tgz#edb74b66beda5dd4dcbe50dc351e7da4e0016d5b"
-  integrity sha512-MBubVXXEJX86ZBL6CDK0rYi1mC82zuben1MwwAEe98EFN1w4Oy0l2roJaM51MwQEvZ+WTi6o4lCxUShtLQJk8A==
-
 abab@^2.0.6:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/abab/-/abab-2.0.6.tgz#41b80f2c871d19686216b82309231cfd3cb3d291"
@@ -2325,7 +2434,7 @@ acorn@^7.0.0:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa"
   integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==
 
-acorn@^8.1.0, acorn@^8.5.0, acorn@^8.8.0, acorn@^8.8.1:
+acorn@^8.1.0, acorn@^8.5.0, acorn@^8.8.0, acorn@^8.8.1, acorn@^8.8.2:
   version "8.8.2"
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a"
   integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==
@@ -2598,9 +2707,9 @@ birpc@^0.1.1:
   integrity sha512-B64AGL4ug2IS2jvV/zjTYDD1L+2gOJTT7Rv+VaK7KVQtQOo/xZbCDsh7g727ipckmU+QJYRqo5RcifVr0Kgcmg==
 
 blurhash@^2.0.0:
-  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/blurhash/-/blurhash-2.0.4.tgz#60642a823b50acaaf3732ddb6c7dfd721bdfef2a"
-  integrity sha512-r/As72u2FbucLoK5NTegM/GucxJc3d8GvHc4ngo13IO/nt2HU4gONxNLq1XPN6EM/V8Y9URIa7PcSz2RZu553A==
+  version "2.0.5"
+  resolved "https://registry.yarnpkg.com/blurhash/-/blurhash-2.0.5.tgz#efde729fc14a2f03571a6aa91b49cba80d1abe4b"
+  integrity sha512-cRygWd7kGBQO3VEhPiTgq4Wc43ctsM+o46urrmPOiuAe+07fzlSB9OJVdpgDL0jPqXUVQ9ht7aq7kxOeJHRK+w==
 
 boolbase@^1.0.0:
   version "1.0.0"
@@ -2629,15 +2738,15 @@ braces@^3.0.2, braces@~3.0.2:
   dependencies:
     fill-range "^7.0.1"
 
-browserslist@^4.21.3, browserslist@^4.21.4:
-  version "4.21.4"
-  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.21.4.tgz#e7496bbc67b9e39dd0f98565feccdcb0d4ff6987"
-  integrity sha512-CBHJJdDmgjl3daYjN5Cp5kbTf1mUhZoS+beLklHIvkOWscs83YAhLlF3Wsh/lciQYAcbBJgTOD44VtG31ZM4Hw==
+browserslist@^4.21.3, browserslist@^4.21.4, browserslist@^4.21.5:
+  version "4.21.5"
+  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.21.5.tgz#75c5dae60063ee641f977e00edd3cfb2fb7af6a7"
+  integrity sha512-tUkiguQGW7S3IhB7N+c2MV/HZPSCPAAiYBZXLsBhFB/PCy6ZKKsZrmBayHV9fdGV/ARIfJ14NkxKzRDjvp7L6w==
   dependencies:
-    caniuse-lite "^1.0.30001400"
-    electron-to-chromium "^1.4.251"
-    node-releases "^2.0.6"
-    update-browserslist-db "^1.0.9"
+    caniuse-lite "^1.0.30001449"
+    electron-to-chromium "^1.4.284"
+    node-releases "^2.0.8"
+    update-browserslist-db "^1.0.10"
 
 buffer-from@^1.0.0:
   version "1.1.2"
@@ -2649,10 +2758,10 @@ builtin-modules@^3.1.0:
   resolved "https://registry.yarnpkg.com/builtin-modules/-/builtin-modules-3.3.0.tgz#cae62812b89801e9656336e46223e030386be7b6"
   integrity sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==
 
-c8@^7.12.0:
-  version "7.12.0"
-  resolved "https://registry.yarnpkg.com/c8/-/c8-7.12.0.tgz#402db1c1af4af5249153535d1c84ad70c5c96b14"
-  integrity sha512-CtgQrHOkyxr5koX1wEUmN/5cfDa2ckbHRA4Gy5LAL0zaCFtVWJS5++n+w4/sr2GWGerBxgTjpKeDclk/Qk6W/A==
+c8@^7.13.0:
+  version "7.13.0"
+  resolved "https://registry.yarnpkg.com/c8/-/c8-7.13.0.tgz#a2a70a851278709df5a9247d62d7f3d4bcb5f2e4"
+  integrity sha512-/NL4hQTv1gBL6J6ei80zu3IiTrmePDKXKXOTLpHvcIWZTVYQlDhVWjjWvkhICylE8EwwnMVzDZugCvdx0/DIIA==
   dependencies:
     "@bcoe/v8-coverage" "^0.2.3"
     "@istanbuljs/schema" "^0.1.3"
@@ -2698,10 +2807,10 @@ camelcase-css@^2.0.1:
   resolved "https://registry.yarnpkg.com/camelcase-css/-/camelcase-css-2.0.1.tgz#ee978f6947914cc30c6b44741b6ed1df7f043fd5"
   integrity sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==
 
-caniuse-lite@^1.0.30001400, caniuse-lite@^1.0.30001426:
-  version "1.0.30001449"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001449.tgz#a8d11f6a814c75c9ce9d851dc53eb1d1dfbcd657"
-  integrity sha512-CPB+UL9XMT/Av+pJxCKGhdx+yg1hzplvFJQlJ2n68PyQGMz9L/E2zCyLdOL8uasbouTUgnPl+y0tccI/se+BEw==
+caniuse-lite@^1.0.30001426, caniuse-lite@^1.0.30001449:
+  version "1.0.30001462"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001462.tgz#b2e801e37536d453731286857c8520d3dcee15fe"
+  integrity sha512-PDd20WuOBPiasZ7KbFnmQRyuLE7cFXW2PVd7dmALzbkUXEP46upAuCDm9eY9vho8fgNMGmbAX92QBZHzcnWIqw==
 
 capital-case@^1.0.4:
   version "1.0.4"
@@ -2712,6 +2821,11 @@ capital-case@^1.0.4:
     tslib "^2.0.3"
     upper-case-first "^2.0.2"
 
+case-anything@^2.1.10:
+  version "2.1.10"
+  resolved "https://registry.yarnpkg.com/case-anything/-/case-anything-2.1.10.tgz#d18a6ca968d54ec3421df71e3e190f3bced23410"
+  integrity sha512-JczJwVrCP0jPKh05McyVsuOg6AYosrB9XWZKbQzXeDAm2ClE/PJE/BcrrQrVyGYH7Jg8V/LDupmyL4kFlVsVFQ==
+
 chai@^4.3.7:
   version "4.3.7"
   resolved "https://registry.yarnpkg.com/chai/-/chai-4.3.7.tgz#ec63f6df01829088e8bf55fca839bcd464a8ec51"
@@ -2901,11 +3015,11 @@ convert-source-map@^1.6.0, convert-source-map@^1.7.0:
   integrity sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==
 
 core-js-compat@^3.25.1:
-  version "3.27.2"
-  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.27.2.tgz#607c50ad6db8fd8326af0b2883ebb987be3786da"
-  integrity sha512-welaYuF7ZtbYKGrIy7y3eb40d37rG1FvzEOfe7hSLd2iD6duMDqUhRfSvCGyC46HhR6Y8JXXdZ2lnRUMkPBpvg==
+  version "3.29.0"
+  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.29.0.tgz#1b8d9eb4191ab112022e7f6364b99b65ea52f528"
+  integrity sha512-ScMn3uZNAFhK2DGoEfErguoiAHhV2Ju+oJo/jK08p7B3f3UhocUrCCkTvnZaiS+edl5nlIoiBXKcwMc6elv4KQ==
   dependencies:
-    browserslist "^4.21.4"
+    browserslist "^4.21.5"
 
 core-js@2.6.0:
   version "2.6.0"
@@ -2917,7 +3031,7 @@ core-js@^2.4.0, core-js@^2.5.0:
   resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.12.tgz#d9333dfa7b065e347cc5682219d6f690859cc2ec"
   integrity sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ==
 
-crelt@^1.0.5:
+crelt@^1.0.0, crelt@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/crelt/-/crelt-1.0.5.tgz#57c0d52af8c859e354bace1883eb2e1eb182bb94"
   integrity sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==
@@ -2963,6 +3077,11 @@ csstype@^2.6.8:
   resolved "https://registry.yarnpkg.com/csstype/-/csstype-2.6.21.tgz#2efb85b7cc55c80017c66a5ad7cbd931fda3a90e"
   integrity sha512-Z1PhmomIfypOpoMjRQB70jfvy/wxT50qW08YXO5lMIJkrdq4yOTR+AW7FqutScmB9NkLwxo+jU+kZLbofZZq/w==
 
+dash-get@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/dash-get/-/dash-get-1.0.2.tgz#4c9e9ad5ef04c4bf9d3c9a451f6f7997298dcc7c"
+  integrity sha512-4FbVrHDwfOASx7uQVxeiCTo7ggSdYZbqs8lH+WU6ViypPlDbe9y6IP5VVUDQBv9DcnyaiPT5XT0UWHgJ64zLeQ==
+
 data-urls@^3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-3.0.2.tgz#9cf24a477ae22bcef5cd5f6f0bfbc1d2d3be9143"
@@ -2972,10 +3091,10 @@ data-urls@^3.0.2:
     whatwg-mimetype "^3.0.0"
     whatwg-url "^11.0.0"
 
-date-fns-tz@^1.1.6:
-  version "1.3.7"
-  resolved "https://registry.yarnpkg.com/date-fns-tz/-/date-fns-tz-1.3.7.tgz#e8e9d2aaceba5f1cc0e677631563081fdcb0e69a"
-  integrity sha512-1t1b8zyJo+UI8aR+g3iqr5fkUHWpd58VBx8J/ZSQ+w7YrGlw80Ag4sA86qkfCXRBLmMc4I2US+aPMd4uKvwj5g==
+date-fns-tz@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/date-fns-tz/-/date-fns-tz-2.0.0.tgz#1b14c386cb8bc16fc56fe333d4fc34ae1d1099d5"
+  integrity sha512-OAtcLdB9vxSXTWHdT8b398ARImVwQMyjfYGkKD2zaGpHseG2UPHbHjXELReErZFxWdSLph3c2zOaaTyHfOhERQ==
 
 date-fns@^2.16.0:
   version "2.29.3"
@@ -3021,9 +3140,9 @@ deep-is@^0.1.3, deep-is@~0.1.3:
   integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==
 
 deepmerge@^4.2.2:
-  version "4.2.2"
-  resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955"
-  integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.3.0.tgz#65491893ec47756d44719ae520e0e2609233b59b"
+  integrity sha512-z2wJZXrmeHdvYJp/Ux55wIjqo81G5Bp4c+oELTW+7ar6SogWHajt5a9gO3s3IDaGSAXjDk0vlQKN3rms8ab3og==
 
 define-lazy-prop@^2.0.0:
   version "2.0.0"
@@ -3031,9 +3150,9 @@ define-lazy-prop@^2.0.0:
   integrity sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==
 
 define-properties@^1.1.3, define-properties@^1.1.4:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.4.tgz#0b14d7bd7fbeb2f3572c3a7eda80ea5d57fb05b1"
-  integrity sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.0.tgz#52988570670c9eacedd8064f4a990f2405849bd5"
+  integrity sha512-xvqAVKGfT1+UAvPwKTVw/njhdQ8ZhXK4lI0bCIuCMrp2up9nPnaDftrLtmpTazqd1o+UY4zgzU+avtMbDP+ldA==
   dependencies:
     has-property-descriptors "^1.0.0"
     object-keys "^1.1.1"
@@ -3183,10 +3302,10 @@ ejs@^3.1.6:
   dependencies:
     jake "^10.8.5"
 
-electron-to-chromium@^1.4.251:
-  version "1.4.284"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.284.tgz#61046d1e4cab3a25238f6bf7413795270f125592"
-  integrity sha512-M8WEXFuKXMYMVr45fo8mq0wUrrJHheiKZf6BArTKk9ZBYCKJEOU5H8cdWgDT+qCVZf7Na4lVUaZsA+h6uA9+PA==
+electron-to-chromium@^1.4.284:
+  version "1.4.322"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.322.tgz#e0afa1d115b66c1d47869db40d8f2f3729cecc16"
+  integrity sha512-KovjizNC9XB7dno/2GjxX8VS0SlfPpCjtyoKft+bCO+UfD8bFy16hY4Sh9s0h9BDxbRH2U0zX5VBjpM1LTcNlg==
 
 emoji-regex@^8.0.0:
   version "8.0.0"
@@ -3213,6 +3332,11 @@ entities@~2.1.0:
   resolved "https://registry.yarnpkg.com/entities/-/entities-2.1.0.tgz#992d3129cf7df6870b96c57858c249a120f8b8b5"
   integrity sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==
 
+entities@~3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/entities/-/entities-3.0.1.tgz#2b887ca62585e96db3903482d336c1006c3001d4"
+  integrity sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==
+
 es-abstract@^1.19.0, es-abstract@^1.20.4:
   version "1.21.1"
   resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.21.1.tgz#e6105a099967c08377830a0c9cb589d570dd86c6"
@@ -3277,7 +3401,7 @@ es-to-primitive@^1.2.1:
     is-date-object "^1.0.1"
     is-symbol "^1.0.2"
 
-esbuild@^0.16.3:
+esbuild@^0.16.14:
   version "0.16.17"
   resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.16.17.tgz#fc2c3914c57ee750635fee71b89f615f25065259"
   integrity sha512-G8LEkV0XzDMNwXKgM0Jwu3nY3lSTwSGY6XbxM9cr9+s0T/qSV1q1JVPBGzm3dcjhCic9+emZDmMffkwgPeOeLg==
@@ -3338,9 +3462,9 @@ escodegen@^2.0.0:
     source-map "~0.6.1"
 
 eslint-config-prettier@^8.3.0:
-  version "8.6.0"
-  resolved "https://registry.yarnpkg.com/eslint-config-prettier/-/eslint-config-prettier-8.6.0.tgz#dec1d29ab728f4fa63061774e1672ac4e363d207"
-  integrity sha512-bAF0eLpLVqP5oEVUFKpMA+NnRFICwn9X8B5jrR9FcqnYBuPbqWEjTEspPWMj5ye6czoSLDweCzSo3Ko7gGrZaA==
+  version "8.7.0"
+  resolved "https://registry.yarnpkg.com/eslint-config-prettier/-/eslint-config-prettier-8.7.0.tgz#f1cc58a8afebc50980bd53475451df146c13182d"
+  integrity sha512-HHVXLSlVUhMSmyW4ZzEuvjpwqamgmlfkutD53cYXLikh4pt/modINRcCIApJ84czDxM4GZInwUrromsDdTImTA==
 
 eslint-import-resolver-node@^0.3.7:
   version "0.3.7"
@@ -3433,11 +3557,12 @@ eslint-visitor-keys@^3.1.0, eslint-visitor-keys@^3.3.0:
   integrity sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==
 
 eslint@^8.21.0, eslint@^8.7.0:
-  version "8.32.0"
-  resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.32.0.tgz#d9690056bb6f1a302bd991e7090f5b68fbaea861"
-  integrity sha512-nETVXpnthqKPFyuY2FNjz/bEd6nbosRgKbkgS/y1C7LJop96gYHWpiguLecMHQ2XCPxn77DS0P+68WzG6vkZSQ==
+  version "8.35.0"
+  resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.35.0.tgz#fffad7c7e326bae606f0e8f436a6158566d42323"
+  integrity sha512-BxAf1fVL7w+JLRQhWl2pzGeSiGqbWumV4WNvc9Rhp6tiCtm4oHnyPBSEtMGZwrQgudFQ+otqzWoPB7x+hxoWsw==
   dependencies:
-    "@eslint/eslintrc" "^1.4.1"
+    "@eslint/eslintrc" "^2.0.0"
+    "@eslint/js" "8.35.0"
     "@humanwhocodes/config-array" "^0.11.8"
     "@humanwhocodes/module-importer" "^1.0.1"
     "@nodelib/fs.walk" "^1.2.8"
@@ -3451,7 +3576,7 @@ eslint@^8.21.0, eslint@^8.7.0:
     eslint-utils "^3.0.0"
     eslint-visitor-keys "^3.3.0"
     espree "^9.4.0"
-    esquery "^1.4.0"
+    esquery "^1.4.2"
     esutils "^2.0.2"
     fast-deep-equal "^3.1.3"
     file-entry-cache "^6.0.1"
@@ -3491,10 +3616,10 @@ esprima@^4.0.0, esprima@^4.0.1:
   resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71"
   integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==
 
-esquery@^1.4.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.4.0.tgz#2148ffc38b82e8c7057dfed48425b3e61f0f24a5"
-  integrity sha512-cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w==
+esquery@^1.4.0, esquery@^1.4.2:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.5.0.tgz#6ce17738de8577694edd7361c57182ac8cb0db0b"
+  integrity sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==
   dependencies:
     estraverse "^5.1.0"
 
@@ -3716,7 +3841,7 @@ fs.realpath@^1.0.0:
   resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
   integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==
 
-fsevents@~2.3.2:
+fsevents@2.3.2, fsevents@~2.3.2:
   version "2.3.2"
   resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.2.tgz#8a526f78b8fdf4623b709e0b975c52c24c02fd1a"
   integrity sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==
@@ -3756,7 +3881,7 @@ get-func-name@^2.0.0:
   resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.0.tgz#ead774abee72e20409433a066366023dd6887a41"
   integrity sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==
 
-get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3:
+get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3, get-intrinsic@^1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.0.tgz#7ad1dc0535f3a2904bba075772763e5051f6d05f"
   integrity sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==
@@ -3821,9 +3946,9 @@ globals@^11.1.0:
   integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==
 
 globals@^13.19.0:
-  version "13.19.0"
-  resolved "https://registry.yarnpkg.com/globals/-/globals-13.19.0.tgz#7a42de8e6ad4f7242fbcca27ea5b23aca367b5c8"
-  integrity sha512-dkQ957uSRWHw7CFXLUtUHQI3g3aWApYhfNR2O6jn/907riyTYKVBmxYVROkBcY614FSSeSJh7Xm7SrUWCxvJMQ==
+  version "13.20.0"
+  resolved "https://registry.yarnpkg.com/globals/-/globals-13.20.0.tgz#ea276a1e508ffd4f1612888f9d1bad1e2717bf82"
+  integrity sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==
   dependencies:
     type-fest "^0.20.2"
 
@@ -3969,15 +4094,16 @@ header-case@^2.0.4:
     capital-case "^1.0.4"
     tslib "^2.0.3"
 
-histoire@^0.12.4:
-  version "0.12.4"
-  resolved "https://registry.yarnpkg.com/histoire/-/histoire-0.12.4.tgz#7c59f64d9612a6f9d40b7f479f11f22c24159942"
-  integrity sha512-q20Zncdh+GI2jDXiry1JS1DrN5qprKpl452AnS/P06Vgowqf79aG85E0XmhNpX2r8HI2HmIntwZ5FLd6hxYobQ==
+histoire@^0.15.8:
+  version "0.15.8"
+  resolved "https://registry.yarnpkg.com/histoire/-/histoire-0.15.8.tgz#ac2eebcb59b0fb739b1b22a702dcc7695603e685"
+  integrity sha512-weDuhDeguNy+9MNTm04OCk2tyJCKndzxp9pcOivxrIeuwmxA1nv7L5bye1YG7gjKWEOuifxRt9VWYAHo2Nc8VA==
   dependencies:
-    "@histoire/app" "^0.12.4"
-    "@histoire/controls" "^0.12.4"
-    "@histoire/shared" "^0.12.4"
-    "@histoire/vendors" "^0.12.4"
+    "@akryum/tinypool" "^0.3.1"
+    "@histoire/app" "^0.15.8"
+    "@histoire/controls" "^0.15.8"
+    "@histoire/shared" "^0.15.8"
+    "@histoire/vendors" "^0.15.8"
     "@types/flexsearch" "^0.7.3"
     "@types/markdown-it" "^12.2.3"
     birpc "^0.1.1"
@@ -4001,10 +4127,9 @@ histoire@^0.12.4:
     pathe "^0.2.0"
     picocolors "^1.0.0"
     sade "^1.8.1"
-    shiki-es "^0.1.2"
+    shiki-es "^0.2.0"
     sirv "^2.0.2"
-    tinypool "^0.1.2"
-    vite-node "0.26.0"
+    vite-node "0.28.4"
 
 hoist-non-react-statics@^3.3.2:
   version "3.3.2"
@@ -4075,9 +4200,9 @@ ignore@^5.2.0:
   integrity sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==
 
 immutable@^4.0.0:
-  version "4.2.2"
-  resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.2.2.tgz#2da9ff4384a4330c36d4d1bc88e90f9e0b0ccd16"
-  integrity sha512-fTMKDwtbvO5tldky9QZ2fMX7slR0mYpY5nbnFWYp0fOzDhHqhgIw9KoYgxLWsoNTS9ZHGauHj18DTyEw6BK3Og==
+  version "4.2.4"
+  resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.2.4.tgz#83260d50889526b4b531a5e293709a77f7c55a2a"
+  integrity sha512-WDxL3Hheb1JkRN3sQkyujNlL/xRjAo3rJtaU5xeufUauG66JdMr32bLj4gF+vWl84DIA3Zxw7tiAjneYzRRw+w==
 
 import-fresh@^3.0.0, import-fresh@^3.2.1:
   version "3.3.0"
@@ -4116,11 +4241,11 @@ ini@^1.3.4:
   integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 internal-slot@^1.0.3, internal-slot@^1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.4.tgz#8551e7baf74a7a6ba5f749cfb16aa60722f0d6f3"
-  integrity sha512-tA8URYccNzMo94s5MQZgH8NB/XTa6HsOo0MLfXTKKEnHVVdegzaQoFZ7Jp44bdvLvY2waT5dc+j5ICEswhi7UQ==
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.5.tgz#f2a2ee21f668f8627a4667f309dc0f4fb6674986"
+  integrity sha512-Y+R5hJrzs52QCG2laLn4udYVnxsfny9CpOhNhUvk/SSSVyF6T27FzRbF0sroPidSu3X8oEAkOn2K804mjpt6UQ==
   dependencies:
-    get-intrinsic "^1.1.3"
+    get-intrinsic "^1.2.0"
     has "^1.0.3"
     side-channel "^1.0.4"
 
@@ -4130,12 +4255,12 @@ intersection-observer@^0.12.0:
   integrity sha512-7m1vEcPCxXYI8HqnL8CKI6siDyD+eIWSwgB3DZA+ZTogxk9I4CDnj4wilt9x/+/QbHI4YG5YZNmC6458/e9Ktg==
 
 is-array-buffer@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.1.tgz#deb1db4fcae48308d54ef2442706c0393997052a"
-  integrity sha512-ASfLknmY8Xa2XtB4wmbz13Wu202baeA18cJBCeCy0wXUHZF0IPyVEXqKEcd+t2fNSLLL1vC6k7lxZEojNbISXQ==
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.2.tgz#f2653ced8412081638ecb0ebbd0c41c6e0aecbbe"
+  integrity sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==
   dependencies:
     call-bind "^1.0.2"
-    get-intrinsic "^1.1.3"
+    get-intrinsic "^1.2.0"
     is-typed-array "^1.1.10"
 
 is-bigint@^1.0.1:
@@ -4189,6 +4314,13 @@ is-extendable@^0.1.0:
   resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
   integrity sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==
 
+is-extendable@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-1.0.1.tgz#a7470f9e426733d81bd81e1155264e3a3507cab4"
+  integrity sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==
+  dependencies:
+    is-plain-object "^2.0.4"
+
 is-extglob@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2"
@@ -4243,6 +4375,13 @@ is-path-inside@^3.0.3:
   resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
   integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==
 
+is-plain-object@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
+  integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==
+  dependencies:
+    isobject "^3.0.1"
+
 is-plain-object@^5.0.0:
   version "5.0.0"
   resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-5.0.0.tgz#4427f50ab3429e9025ea7d52e9043a9ef4159344"
@@ -4327,6 +4466,11 @@ isexe@^2.0.0:
   resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
   integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
 
+isobject@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
+  integrity sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==
+
 istanbul-lib-coverage@^3.0.0, istanbul-lib-coverage@^3.2.0:
   version "3.2.0"
   resolved "https://registry.yarnpkg.com/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz#189e7909d0a39fa5a3dfad5b03f71947770191d3"
@@ -4374,9 +4518,9 @@ jest-worker@^26.2.1:
     supports-color "^7.0.0"
 
 jiti@^1.16.0:
-  version "1.16.2"
-  resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.16.2.tgz#75f7a0a8fde4a0e57e576f7d329491d588db89cf"
-  integrity sha512-OKBOVWmU3FxDt/UH4zSwiKPuc1nihFZiOD722FuJlngvLz2glX1v2/TJIgoA4+mrpnXxHV6dSAoCvPcYQtoG5A==
+  version "1.17.2"
+  resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.17.2.tgz#9e193d171c76b1c518a46c243c410c0462fe22d1"
+  integrity sha512-Xf0nU8+8wuiQpLcqdb2HRyHqYwGk2Pd+F7kstyp20ZuqTyCmB9dqpX2NxaxFc1kovraa2bG6c1RL3W7XfapiZg==
 
 js-beautify@1.14.6:
   version "1.14.6"
@@ -4507,7 +4651,7 @@ json-stable-stringify-without-jsonify@^1.0.1:
   resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651"
   integrity sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==
 
-json5@^1.0.1:
+json5@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.2.tgz#63d98d60f21b313b77c4d6da18bfa69d80e1d593"
   integrity sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==
@@ -4548,6 +4692,14 @@ kind-of@^6.0.0, kind-of@^6.0.2:
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
   integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
 
+launch-editor@^2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/launch-editor/-/launch-editor-2.6.0.tgz#4c0c1a6ac126c572bd9ff9a30da1d2cae66defd7"
+  integrity sha512-JpDCcQnyAAzZZaZ7vEiSqL690w7dAEyLao+KC96zBplnYbJS7TYNjvM3M7y3dGz+v7aIsJk3hllWuc0kWAjyRQ==
+  dependencies:
+    picocolors "^1.0.0"
+    shell-quote "^1.7.3"
+
 leaflet.locatecontrol@^0.79:
   version "0.79.0"
   resolved "https://registry.yarnpkg.com/leaflet.locatecontrol/-/leaflet.locatecontrol-0.79.0.tgz#0236b87c699a49f9ddb2f289941fbc0d3c3f8b62"
@@ -4585,9 +4737,9 @@ levn@~0.3.0:
     type-check "~0.3.2"
 
 lilconfig@^2.0.5, lilconfig@^2.0.6:
-  version "2.0.6"
-  resolved "https://registry.yarnpkg.com/lilconfig/-/lilconfig-2.0.6.tgz#32a384558bd58af3d4c6e077dd1ad1d397bc69d4"
-  integrity sha512-9JROoBW7pobfsx+Sq2JsASvCo6Pfo6WWoUW79HuB1BCoBXD4PLWJPqDF6fNj67pqBYTbAHkE57M1kS/+L1neOg==
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/lilconfig/-/lilconfig-2.1.0.tgz#78e23ac89ebb7e1bfbf25b18043de756548e7f52"
+  integrity sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==
 
 linkify-it@^3.0.1:
   version "3.0.3"
@@ -4596,10 +4748,17 @@ linkify-it@^3.0.1:
   dependencies:
     uc.micro "^1.0.1"
 
-linkifyjs@^3.0.5:
-  version "3.0.5"
-  resolved "https://registry.yarnpkg.com/linkifyjs/-/linkifyjs-3.0.5.tgz#99e51a3a0c0e232fcb63ebb89eea3ff923378f34"
-  integrity sha512-1Y9XQH65eQKA9p2xtk+zxvnTeQBG7rdAXSkUG97DmuI/Xhji9uaUzaWxRj6rf9YC0v8KKHkxav7tnLX82Sz5Fg==
+linkify-it@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-4.0.1.tgz#01f1d5e508190d06669982ba31a7d9f56a5751ec"
+  integrity sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==
+  dependencies:
+    uc.micro "^1.0.1"
+
+linkifyjs@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/linkifyjs/-/linkifyjs-4.1.0.tgz#0460bfcc37d3348fa80e078d92e7bbc82588db15"
+  integrity sha512-Ffv8VoY3+ixI1b3aZ3O+jM6x17cOsgwfB1Wq7pkytbo1WlyRp6ZO0YDMqiWT/gQPY/CmtiGuKfzDIVqxh1aCTA==
 
 local-pkg@^0.4.2:
   version "0.4.3"
@@ -4720,10 +4879,15 @@ make-dir@^3.0.0:
   dependencies:
     semver "^6.0.0"
 
+make-error@^1.3.6:
+  version "1.3.6"
+  resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2"
+  integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==
+
 markdown-it-anchor@^8.6.2:
-  version "8.6.6"
-  resolved "https://registry.yarnpkg.com/markdown-it-anchor/-/markdown-it-anchor-8.6.6.tgz#4a12e358c9c2167ee28cb7a5f10e29d6f1ffd7ca"
-  integrity sha512-jRW30YGywD2ESXDc+l17AiritL0uVaSnWsb26f+68qaW9zgbIIr1f4v2Nsvc0+s0Z2N3uX6t/yAw7BwCQ1wMsA==
+  version "8.6.7"
+  resolved "https://registry.yarnpkg.com/markdown-it-anchor/-/markdown-it-anchor-8.6.7.tgz#ee6926daf3ad1ed5e4e3968b1740eef1c6399634"
+  integrity sha512-FlCHFwNnutLgVTflOYHPW2pPcl2AACqVzExlkGQNsi4CJgqOHN7YTgDd4LuhgN1BFO3TS0vLAruV1Td6dwWPJA==
 
 markdown-it-attrs@^4.1.3:
   version "4.1.6"
@@ -4746,6 +4910,17 @@ markdown-it@^12.3.2:
     mdurl "^1.0.1"
     uc.micro "^1.0.5"
 
+markdown-it@^13.0.1:
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-13.0.1.tgz#c6ecc431cacf1a5da531423fc6a42807814af430"
+  integrity sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==
+  dependencies:
+    argparse "^2.0.1"
+    entities "~3.0.1"
+    linkify-it "^4.0.1"
+    mdurl "^1.0.1"
+    uc.micro "^1.0.5"
+
 mdurl@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/mdurl/-/mdurl-1.0.1.tgz#fe85b2ec75a59037f2adfec100fd6c601761152e"
@@ -4801,19 +4976,19 @@ minimatch@^5.0.1:
     brace-expansion "^2.0.1"
 
 minimist@^1.2.0, minimist@^1.2.6:
-  version "1.2.7"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18"
-  integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==
+  version "1.2.8"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c"
+  integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
 
-mlly@^1.0.0, mlly@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/mlly/-/mlly-1.1.0.tgz#9e23c5e675ef7b10cc47ee6281795cb1a7aa3aa2"
-  integrity sha512-cwzBrBfwGC1gYJyfcy8TcZU1f+dbH/T+TuOhtYP2wLv/Fb51/uV7HJQfBPtEupZ2ORLRU1EKFS/QfS3eo9+kBQ==
+mlly@^1.1.0, mlly@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/mlly/-/mlly-1.1.1.tgz#f1838b14795e2cc284aa4ebcc76a258a52e6f537"
+  integrity sha512-Jnlh4W/aI4GySPo6+DyTN17Q75KKbLTyFK8BrGhjNP4rxuUjbRWhE6gHg3bs33URWAF44FRm7gdQA348i3XxRw==
   dependencies:
-    acorn "^8.8.1"
-    pathe "^1.0.0"
+    acorn "^8.8.2"
+    pathe "^1.1.0"
     pkg-types "^1.0.1"
-    ufo "^1.0.1"
+    ufo "^1.1.0"
 
 mock-apollo-client@^1.1.0:
   version "1.2.1"
@@ -4873,10 +5048,10 @@ no-case@^3.0.4:
     lower-case "^2.0.2"
     tslib "^2.0.3"
 
-node-releases@^2.0.6:
-  version "2.0.8"
-  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.8.tgz#0f349cdc8fcfa39a92ac0be9bc48b7706292b9ae"
-  integrity sha512-dFSmB8fFHEH/s81Xi+Y/15DQY6VHW81nXRj86EMSL3lmuTmK1e+aT4wrFCkTbm+gSwkw4KpX+rT/pMM2c1mF+A==
+node-releases@^2.0.8:
+  version "2.0.10"
+  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.10.tgz#c311ebae3b6a148c89b1813fd7c4d3c024ef537f"
+  integrity sha512-5GFldHPXVG/YZmFzJvKK2zDSzPKhEp0+ZR5SVaoSag9fsL5YgHbUHDfnG5494ISANDcK4KwPXAx2xqVEydmd7w==
 
 nopt@^6.0.0:
   version "6.0.0"
@@ -4937,6 +5112,20 @@ object.assign@^4.1.4:
     has-symbols "^1.0.3"
     object-keys "^1.1.1"
 
+object.omit@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/object.omit/-/object.omit-3.0.0.tgz#0e3edc2fce2ba54df5577ff529f6d97bd8a522af"
+  integrity sha512-EO+BCv6LJfu+gBIF3ggLicFebFLN5zqzz/WWJlMFfkMyGth+oBkhxzDl0wx2W4GkLzuQs/FsSkXZb2IMWQqmBQ==
+  dependencies:
+    is-extendable "^1.0.0"
+
+object.pick@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/object.pick/-/object.pick-1.3.0.tgz#87a10ac4c1694bd2e1cbf53591a66141fb5dd747"
+  integrity sha512-tqa/UMy/CCoYmj+H5qc07qvSL9dqcs/WZENZ1JbtWBlATP+iVOe778gE6MSijnyCnORzDuX6hU+LA4SZ09YjFQ==
+  dependencies:
+    isobject "^3.0.1"
+
 object.values@^1.1.6:
   version "1.1.6"
   resolved "https://registry.yarnpkg.com/object.values/-/object.values-1.1.6.tgz#4abbaa71eba47d63589d402856f908243eea9b1d"
@@ -4961,9 +5150,9 @@ once@^1.3.0:
     wrappy "1"
 
 open@^8.4.0:
-  version "8.4.0"
-  resolved "https://registry.yarnpkg.com/open/-/open-8.4.0.tgz#345321ae18f8138f82565a910fdc6b39e8c244f8"
-  integrity sha512-XgFPPM+B28FtCCgSb9I+s9szOC1vZRSwgWsRUA5ylIxRTgKozqjOCrVOqGsYABPYK5qnfqClxZTFBa8PKt2v6Q==
+  version "8.4.2"
+  resolved "https://registry.yarnpkg.com/open/-/open-8.4.2.tgz#5b5ffe2a8f793dcd2aad73e550cb87b59cb084f9"
+  integrity sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==
   dependencies:
     define-lazy-prop "^2.0.0"
     is-docker "^2.1.1"
@@ -5110,7 +5299,7 @@ pathe@^0.2.0:
   resolved "https://registry.yarnpkg.com/pathe/-/pathe-0.2.0.tgz#30fd7bbe0a0d91f0e60bae621f5d19e9e225c339"
   integrity sha512-sTitTPYnn23esFR3RlqYBWn4c45WGeLcsKzQiUpXJAyfcWkolvlYpV8FLo7JishK946oQwMFUCHXQ9AjGPKExw==
 
-pathe@^1.0.0, pathe@^1.1.0:
+pathe@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/pathe/-/pathe-1.1.0.tgz#e2e13f6c62b31a3289af4ba19886c230f295ec03"
   integrity sha512-ODbEPR0KKHqECXW1GoxdDb+AZvULmXjVPy4rt+pGo2+TnjJTIPJQSVS6N63n8T2Ip+syHhbn52OewKicV0373w==
@@ -5121,9 +5310,9 @@ pathval@^1.1.1:
   integrity sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==
 
 phoenix@^1.6:
-  version "1.6.15"
-  resolved "https://registry.yarnpkg.com/phoenix/-/phoenix-1.6.15.tgz#efb2088a310cde333b3762002831b79dedf76002"
-  integrity sha512-O6AG5jTkZOOkdd/GOSCsM4v3bzBoyRnC5bEi57KhX/Daba6FvnBRzt0nhEeRRiVQGLSxDlyb0dUe9CkYWMZd8g==
+  version "1.7.1"
+  resolved "https://registry.yarnpkg.com/phoenix/-/phoenix-1.7.1.tgz#99a2f697eb8e0a95c64e5756829621c52966069c"
+  integrity sha512-DORpAOHp8XdQDs6WT2yD65fhUQXhzrD+CTZCKqWQ9g0G/fyM8EKsSDhtOwl54Nr2DDBu8JARMR97OfLYCiKAoQ==
 
 picocolors@^1.0.0:
   version "1.0.0"
@@ -5141,23 +5330,23 @@ pify@^2.3.0:
   integrity sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==
 
 pkg-types@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/pkg-types/-/pkg-types-1.0.1.tgz#25234407f9dc63409af45ced9407625ff446a761"
-  integrity sha512-jHv9HB+Ho7dj6ItwppRDDl0iZRYBD0jsakHXtFgoLr+cHSF6xC+QL54sJmWxyGxOLYSHm0afhXhXcQDQqH9z8g==
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/pkg-types/-/pkg-types-1.0.2.tgz#c233efc5210a781e160e0cafd60c0d0510a4b12e"
+  integrity sha512-hM58GKXOcj8WTqUXnsQyJYXdeAPbythQgEF3nTcEo+nkD49chjQ9IKm/QJy9xf6JakXptz86h7ecP2024rrLaQ==
   dependencies:
     jsonc-parser "^3.2.0"
-    mlly "^1.0.0"
-    pathe "^1.0.0"
+    mlly "^1.1.1"
+    pathe "^1.1.0"
 
 plausible-tracker@^0.3.4:
   version "0.3.8"
   resolved "https://registry.yarnpkg.com/plausible-tracker/-/plausible-tracker-0.3.8.tgz#9b8b322cc41e0e1d6473869ef234deea365a5a40"
   integrity sha512-lmOWYQ7s9KOUJ1R+YTOR3HrjdbxIS2Z4de0P/Jx2dQPteznJl2eX3tXxKClpvbfyGP59B5bbhW8ftN59HbbFSg==
 
-playwright-core@1.30.0:
-  version "1.30.0"
-  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.30.0.tgz#de987cea2e86669e3b85732d230c277771873285"
-  integrity sha512-7AnRmTCf+GVYhHbLJsGUtskWTE33SwMZkybJ0v6rqR1boxq2x36U7p1vDRV7HO2IwTZgmycracLxPEJI49wu4g==
+playwright-core@1.31.2:
+  version "1.31.2"
+  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.31.2.tgz#debf4b215d14cb619adb7e511c164d068075b2ed"
+  integrity sha512-a1dFgCNQw4vCsG7bnojZjDnPewZcw7tZUNFN0ZkcLYKj+mPmXvg4MpaaKZ5SgqPsOmqIf2YsVRkgqiRDxD+fDQ==
 
 postcss-import@^14.1.0:
   version "14.1.0"
@@ -5169,9 +5358,9 @@ postcss-import@^14.1.0:
     resolve "^1.1.7"
 
 postcss-js@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/postcss-js/-/postcss-js-4.0.0.tgz#31db79889531b80dc7bc9b0ad283e418dce0ac00"
-  integrity sha512-77QESFBwgX4irogGVPgQ5s07vLvFqWr228qZY+w6lW599cRlK/HmnlivnnVUxkjHnCu4J16PDMHcH+e+2HbvTQ==
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-js/-/postcss-js-4.0.1.tgz#61598186f3703bab052f1c4f7d805f3991bee9d2"
+  integrity sha512-dDLF8pEO191hJMtlHFPRa8xsizHaM82MLfNkUHdUtVEV3tgTp5oj+8qbEqYM57SLfc74KSbw//4SeJma2LRVIw==
   dependencies:
     camelcase-css "^2.0.1"
 
@@ -5198,7 +5387,7 @@ postcss-selector-parser@6.0.10:
     cssesc "^3.0.0"
     util-deprecate "^1.0.2"
 
-postcss-selector-parser@^6.0.10, postcss-selector-parser@^6.0.9:
+postcss-selector-parser@^6.0.10, postcss-selector-parser@^6.0.11, postcss-selector-parser@^6.0.9:
   version "6.0.11"
   resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.11.tgz#2e41dc39b7ad74046e1615185185cd0b17d0c8dc"
   integrity sha512-zbARubNdogI9j7WY4nQJBiNqQf3sLS3wCP4WfOidu+p28LofJqDH1tcXypGrcmMHhDk2t9wGhCsYe/+szLTy1g==
@@ -5211,7 +5400,7 @@ postcss-value-parser@^4.0.0, postcss-value-parser@^4.2.0:
   resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514"
   integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
 
-postcss@^8, postcss@^8.1.10, postcss@^8.3.11, postcss@^8.4.18, postcss@^8.4.20:
+postcss@^8, postcss@^8.0.9, postcss@^8.1.10, postcss@^8.3.11, postcss@^8.4.21:
   version "8.4.21"
   resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.21.tgz#c639b719a57efc3187b13a1d765675485f4134f4"
   integrity sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==
@@ -5258,9 +5447,9 @@ prettier-linter-helpers@^1.0.0:
     fast-diff "^1.1.2"
 
 prettier@^2.2.1, prettier@^2.5.1:
-  version "2.8.3"
-  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.8.3.tgz#ab697b1d3dd46fb4626fbe2f543afe0cc98d8632"
-  integrity sha512-tJ/oJ4amDihPoufT5sM0Z1SKEuKay8LfVAMlbbhnnkvt6BUserZylqo2PN+p9KeljLr0OHa2rXHU1T8reeoTrw==
+  version "2.8.4"
+  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.8.4.tgz#34dd2595629bfbb79d344ac4a91ff948694463c3"
+  integrity sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw==
 
 pretty-bytes@^5.3.0:
   version "5.6.0"
@@ -5268,9 +5457,9 @@ pretty-bytes@^5.3.0:
   integrity sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==
 
 pretty-bytes@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/pretty-bytes/-/pretty-bytes-6.0.0.tgz#928be2ad1f51a2e336add8ba764739f9776a8140"
-  integrity sha512-6UqkYefdogmzqAZWzJ7laYeJnaXDy2/J+ZqiiMtS7t7OfpXWTlaeGMwX8U6EFvPV/YWWEKRkS8hKS4k60WHTOg==
+  version "6.1.0"
+  resolved "https://registry.yarnpkg.com/pretty-bytes/-/pretty-bytes-6.1.0.tgz#1d1cc9aae1939012c74180b679da6684616bf804"
+  integrity sha512-Rk753HI8f4uivXi4ZCIYdhmG1V+WKzvRMg/X+M42a6t7D07RcmopXJMDNk6N++7Bl75URRGsb40ruvg7Hcp2wQ==
 
 pretty-format@^23.0.1:
   version "23.6.0"
@@ -5298,19 +5487,33 @@ prop-types@^15.7.2:
     object-assign "^4.1.1"
     react-is "^16.13.1"
 
-prosemirror-commands@^1.5.0:
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/prosemirror-commands/-/prosemirror-commands-1.5.0.tgz#d10efece1647c1d984fef6f65d52fdc77785560b"
-  integrity sha512-zL0Fxbj3fh71GPNHn5YdYgYGX2aU2XLecZYk2ekEF0oOD259HcXtM+96VjPVi5o3h4sGUdDfEEhGiREXW6U+4A==
+prosemirror-changeset@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/prosemirror-changeset/-/prosemirror-changeset-2.2.0.tgz#22c05da271a118be40d3e339fa2cace789b1254b"
+  integrity sha512-QM7ohGtkpVpwVGmFb8wqVhaz9+6IUXcIQBGZ81YNAKYuHiFJ1ShvSzab4pKqTinJhwciZbrtBEk/2WsqSt2PYg==
+  dependencies:
+    prosemirror-transform "^1.0.0"
+
+prosemirror-collab@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/prosemirror-collab/-/prosemirror-collab-1.3.0.tgz#601d33473bf72e6c43041a54b860c84c60b37769"
+  integrity sha512-+S/IJ69G2cUu2IM5b3PBekuxs94HO1CxJIWOFrLQXUaUDKL/JfBx+QcH31ldBlBXyDEUl+k3Vltfi1E1MKp2mA==
+  dependencies:
+    prosemirror-state "^1.0.0"
+
+prosemirror-commands@^1.0.0, prosemirror-commands@^1.3.1:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-commands/-/prosemirror-commands-1.5.1.tgz#89ddfa14e144dcc7fb0938aa0e2568c7fdde306f"
+  integrity sha512-ga1ga/RkbzxfAvb6iEXYmrEpekn5NCwTb8w1dr/gmhSoaGcQ0VPuCzOn5qDEpC45ql2oDkKoKQbRxLJwKLpMTQ==
   dependencies:
     prosemirror-model "^1.0.0"
     prosemirror-state "^1.0.0"
     prosemirror-transform "^1.0.0"
 
-prosemirror-dropcursor@^1.6.1:
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/prosemirror-dropcursor/-/prosemirror-dropcursor-1.6.1.tgz#31f696172105f232bd17543ccf305e0f33e59d1d"
-  integrity sha512-LtyqQpkIknaT7NnZl3vDr3TpkNcG4ABvGRXx37XJ8tJNUGtcrZBh40A0344rDwlRTfUEmynQS/grUsoSWz+HgA==
+prosemirror-dropcursor@^1.5.0:
+  version "1.7.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-dropcursor/-/prosemirror-dropcursor-1.7.1.tgz#b6921ef866ca95b6f6c8b197767f60dc39598416"
+  integrity sha512-GmWk9bAwhfHwA8xmJhBFjPcebxUG9zAPYtqpIr7NTDigWZZEJCgUYyUQeqgyscLr8ZHoh9aeprX9kW7BihUT+w==
   dependencies:
     prosemirror-state "^1.0.0"
     prosemirror-transform "^1.1.0"
@@ -5326,7 +5529,7 @@ prosemirror-gapcursor@^1.3.1:
     prosemirror-state "^1.0.0"
     prosemirror-view "^1.0.0"
 
-prosemirror-history@^1.3.0:
+prosemirror-history@^1.0.0, prosemirror-history@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/prosemirror-history/-/prosemirror-history-1.3.0.tgz#bf5a1ff7759aca759ddf0c722c2fa5b14fb0ddc1"
   integrity sha512-qo/9Wn4B/Bq89/YD+eNWFbAytu6dmIM85EhID+fz9Jcl9+DfGEo8TTSrRhP15+fFEoaPqpHSxlvSzSEbmlxlUA==
@@ -5335,21 +5538,54 @@ prosemirror-history@^1.3.0:
     prosemirror-transform "^1.0.0"
     rope-sequence "^1.3.0"
 
-prosemirror-keymap@^1.0.0, prosemirror-keymap@^1.2.0:
+prosemirror-inputrules@^1.2.0:
   version "1.2.0"
-  resolved "https://registry.yarnpkg.com/prosemirror-keymap/-/prosemirror-keymap-1.2.0.tgz#d5cc9da9b712020690a994b50b92a0e448a60bf5"
-  integrity sha512-TdSfu+YyLDd54ufN/ZeD1VtBRYpgZnTPnnbY+4R08DDgs84KrIPEPbJL8t1Lm2dkljFx6xeBE26YWH3aIzkPKg==
+  resolved "https://registry.yarnpkg.com/prosemirror-inputrules/-/prosemirror-inputrules-1.2.0.tgz#476dde2dc244050b3aca00cf58a82adfad6749e7"
+  integrity sha512-eAW/M/NTSSzpCOxfR8Abw6OagdG0MiDAiWHQMQveIsZtoKVYzm0AflSPq/ymqJd56/Su1YPbwy9lM13wgHOFmQ==
+  dependencies:
+    prosemirror-state "^1.0.0"
+    prosemirror-transform "^1.0.0"
+
+prosemirror-keymap@^1.0.0, prosemirror-keymap@^1.1.2, prosemirror-keymap@^1.2.0:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-keymap/-/prosemirror-keymap-1.2.1.tgz#3839e7db66cecddae7451f4246e73bdd8489be1d"
+  integrity sha512-kVK6WGC+83LZwuSJnuCb9PsADQnFZllt94qPP3Rx/vLcOUV65+IbBeH2nS5cFggPyEVJhGkGrgYFRrG250WhHQ==
   dependencies:
     prosemirror-state "^1.0.0"
     w3c-keyname "^2.2.0"
 
-prosemirror-model@^1.0.0, prosemirror-model@^1.16.0, prosemirror-model@^1.19.0:
+prosemirror-markdown@^1.10.1:
+  version "1.10.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-markdown/-/prosemirror-markdown-1.10.1.tgz#e20468201cda1916a6182686159398b242bb78ab"
+  integrity sha512-s7iaTLiX+qO5z8kF2NcMmy2T7mIlxzkS4Sp3vTKSYChPtbMpg6YxFkU0Y06rUg2WtKlvBu7v1bXzlGBkfjUWAA==
+  dependencies:
+    markdown-it "^13.0.1"
+    prosemirror-model "^1.0.0"
+
+prosemirror-menu@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-menu/-/prosemirror-menu-1.2.1.tgz#94d99a8547b7ba5680c20e9c497ce19846ce3b2c"
+  integrity sha512-sBirXxVfHalZO4f1ZS63WzewINK4182+7dOmoMeBkqYO8wqMBvBS7wQuwVOHnkMWPEh0+N0LJ856KYUN+vFkmQ==
+  dependencies:
+    crelt "^1.0.0"
+    prosemirror-commands "^1.0.0"
+    prosemirror-history "^1.0.0"
+    prosemirror-state "^1.0.0"
+
+prosemirror-model@^1.0.0, prosemirror-model@^1.16.0, prosemirror-model@^1.18.1, prosemirror-model@^1.19.0, prosemirror-model@^1.8.1:
   version "1.19.0"
   resolved "https://registry.yarnpkg.com/prosemirror-model/-/prosemirror-model-1.19.0.tgz#d7ad9a65ada0bb12196f64fe0dd4fc392c841c29"
   integrity sha512-/CvFGJnwc41EJSfDkQLly1cAJJJmBpZwwUJtwZPTjY2RqZJfM8HVbCreOY/jti8wTRbVyjagcylyGoeJH/g/3w==
   dependencies:
     orderedmap "^2.0.0"
 
+prosemirror-schema-basic@^1.2.0:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-schema-basic/-/prosemirror-schema-basic-1.2.1.tgz#a5a137a6399d1a829873332117d2fe8131d291d0"
+  integrity sha512-vYBdIHsYKSDIqYmPBC7lnwk9DsKn8PnVqK97pMYP5MLEDFqWIX75JiaJTzndBii4bRuNqhC2UfDOfM3FKhlBHg==
+  dependencies:
+    prosemirror-model "^1.19.0"
+
 prosemirror-schema-list@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/prosemirror-schema-list/-/prosemirror-schema-list-1.2.2.tgz#bafda37b72367d39accdcaf6ddf8fb654a16e8e5"
@@ -5359,7 +5595,7 @@ prosemirror-schema-list@^1.2.2:
     prosemirror-state "^1.0.0"
     prosemirror-transform "^1.0.0"
 
-prosemirror-state@^1.0.0, prosemirror-state@^1.2.2, prosemirror-state@^1.4.1, prosemirror-state@^1.4.2:
+prosemirror-state@^1.0.0, prosemirror-state@^1.2.2, prosemirror-state@^1.3.1, prosemirror-state@^1.4.1:
   version "1.4.2"
   resolved "https://registry.yarnpkg.com/prosemirror-state/-/prosemirror-state-1.4.2.tgz#f93bd8a33a4454efab917ba9b738259d828db7e5"
   integrity sha512-puuzLD2mz/oTdfgd8msFbe0A42j5eNudKAAPDB0+QJRw8cO1ygjLmhLrg9RvDpf87Dkd6D4t93qdef00KKNacQ==
@@ -5368,17 +5604,38 @@ prosemirror-state@^1.0.0, prosemirror-state@^1.2.2, prosemirror-state@^1.4.1, pr
     prosemirror-transform "^1.0.0"
     prosemirror-view "^1.27.0"
 
-prosemirror-transform@^1.0.0, prosemirror-transform@^1.1.0, prosemirror-transform@^1.7.1:
+prosemirror-tables@^1.3.0:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/prosemirror-tables/-/prosemirror-tables-1.3.2.tgz#ca208c6a55d510af14b652d23e800e00ba6bebd4"
+  integrity sha512-/9JTeN6s58Zq66HXaxP6uf8PAmc7XXKZFPlOGVtLvxEd6xBP6WtzaJB9wBjiGUzwbdhdMEy7V62yuHqk/3VrnQ==
+  dependencies:
+    prosemirror-keymap "^1.1.2"
+    prosemirror-model "^1.8.1"
+    prosemirror-state "^1.3.1"
+    prosemirror-transform "^1.2.1"
+    prosemirror-view "^1.13.3"
+
+prosemirror-trailing-node@^2.0.2:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/prosemirror-trailing-node/-/prosemirror-trailing-node-2.0.3.tgz#213fc0e545a434ff3c37b5218a0de69561bf3892"
+  integrity sha512-lGrjMrn97KWkjQSW/FjdvnhJmqFACmQIyr6lKYApvHitDnKsCoZz6XzrHB7RZYHni/0NxQmZ01p/2vyK2SkvaA==
+  dependencies:
+    "@babel/runtime" "^7.13.10"
+    "@remirror/core-constants" "^2.0.0"
+    "@remirror/core-helpers" "^2.0.1"
+    escape-string-regexp "^4.0.0"
+
+prosemirror-transform@^1.0.0, prosemirror-transform@^1.1.0, prosemirror-transform@^1.2.1, prosemirror-transform@^1.7.0:
   version "1.7.1"
   resolved "https://registry.yarnpkg.com/prosemirror-transform/-/prosemirror-transform-1.7.1.tgz#b516e818c3add0bdf960f4ca8ccb9d057a3ba21b"
   integrity sha512-VteoifAfpt46z0yEt6Fc73A5OID9t/y2QIeR5MgxEwTuitadEunD/V0c9jQW8ziT8pbFM54uTzRLJ/nLuQjMxg==
   dependencies:
     prosemirror-model "^1.0.0"
 
-prosemirror-view@^1.0.0, prosemirror-view@^1.1.0, prosemirror-view@^1.27.0, prosemirror-view@^1.28.2, prosemirror-view@^1.30.0:
-  version "1.30.0"
-  resolved "https://registry.yarnpkg.com/prosemirror-view/-/prosemirror-view-1.30.0.tgz#b42a1729bdbb33fce52e213e69fdabea03f898fb"
-  integrity sha512-z6RXp2GFH8mk7+LWCGWvdpOIpf5o5UwIB6SiBiTFe6eA8H8qwFDW0EkiIfohlATHoSGXvlHtD+hfpAHdfO5fvQ==
+prosemirror-view@^1.0.0, prosemirror-view@^1.1.0, prosemirror-view@^1.13.3, prosemirror-view@^1.27.0, prosemirror-view@^1.28.2:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/prosemirror-view/-/prosemirror-view-1.30.1.tgz#7cf0ae8dc8553a02c32961e82eca25079c4d8fc9"
+  integrity sha512-pZUfr7lICJkEY7XwzldAKrkflZDeIvnbfuu2RIS01N5NwJmR/dfZzDzJRzhb3SM2QtT/bM8b4Nnib8X3MGpAhA==
   dependencies:
     prosemirror-model "^1.16.0"
     prosemirror-state "^1.0.0"
@@ -5503,14 +5760,14 @@ regexpp@^3.2.0:
   resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-3.2.0.tgz#0425a2768d8f23bad70ca4b90461fa2f1213e1b2"
   integrity sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==
 
-regexpu-core@^5.2.1:
-  version "5.2.2"
-  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-5.2.2.tgz#3e4e5d12103b64748711c3aad69934d7718e75fc"
-  integrity sha512-T0+1Zp2wjF/juXMrMxHxidqGYn8U4R+zleSJhX9tQ1PUsS8a9UtYfbsF9LdiVgNX3kiX8RNaKM42nfSgvFJjmw==
+regexpu-core@^5.3.1:
+  version "5.3.1"
+  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-5.3.1.tgz#66900860f88def39a5cb79ebd9490e84f17bcdfb"
+  integrity sha512-nCOzW2V/X15XpLsK2rlgdwrysrBq+AauCn+omItIz4R1pIcmeot5zvjdmOBRLzEH/CkC6IxMJVmxDe3QcMuNVQ==
   dependencies:
+    "@babel/regjsgen" "^0.8.0"
     regenerate "^1.4.2"
     regenerate-unicode-properties "^10.1.0"
-    regjsgen "^0.7.1"
     regjsparser "^0.9.1"
     unicode-match-property-ecmascript "^2.0.0"
     unicode-match-property-value-ecmascript "^2.1.0"
@@ -5520,11 +5777,6 @@ register-service-worker@^1.7.2:
   resolved "https://registry.yarnpkg.com/register-service-worker/-/register-service-worker-1.7.2.tgz#6516983e1ef790a98c4225af1216bc80941a4bd2"
   integrity sha512-CiD3ZSanZqcMPRhtfct5K9f7i3OLCcBBWsJjLh1gW9RO/nS94sVzY59iS+fgYBOBqaBpf4EzfqUF3j9IG+xo8A==
 
-regjsgen@^0.7.1:
-  version "0.7.1"
-  resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.7.1.tgz#ee5ef30e18d3f09b7c369b76e7c2373ed25546f6"
-  integrity sha512-RAt+8H2ZEzHeYWxZ3H2z6tF18zyyOnlcdaafLrm21Bguj7uZy6ULibiAFdXEtKQY4Sy7wDTwDiOazasMLc4KPA==
-
 regjsparser@^0.9.1:
   version "0.9.1"
   resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.9.1.tgz#272d05aa10c7c1f67095b1ff0addae8442fc5709"
@@ -5610,10 +5862,10 @@ rollup@^2.43.1:
   optionalDependencies:
     fsevents "~2.3.2"
 
-rollup@^3.7.0, rollup@^3.7.2:
-  version "3.11.0"
-  resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.11.0.tgz#89c487441b18b7c689a0c9aa4221e03b87535461"
-  integrity sha512-+uWPPkpWQ2H3Qi7sNBcRfhhHJyUNgBYhG4wKe5wuGRj2m55kpo+0p5jubKNBjQODyPe6tSBE3tNpdDwEisQvAQ==
+rollup@^3.10.0, rollup@^3.7.2:
+  version "3.18.0"
+  resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.18.0.tgz#2354ba63ba66d6a09c652c3ea0dbcd9dad72bbde"
+  integrity sha512-J8C6VfEBjkvYPESMQYxKHxNOh4A5a3FlP+0BETGo34HEcE4eTlgCrO2+eWzlu2a/sHs2QUkZco+wscH7jhhgWg==
   optionalDependencies:
     fsevents "~2.3.2"
 
@@ -5663,9 +5915,9 @@ safe-regex-test@^1.0.0:
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 
 sanitize-html@^2.5.3:
-  version "2.8.1"
-  resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-2.8.1.tgz#319c4fdba67e1edf35b1fd6d9362210044826d47"
-  integrity sha512-qK5neD0SaMxGwVv5txOYv05huC3o6ZAA4h5+7nJJgWMNFUNRjcjLO6FpwAtKzfKCZ0jrG6xTk6eVFskbvOGblg==
+  version "2.10.0"
+  resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-2.10.0.tgz#74d28848dfcf72c39693139131895c78900ab452"
+  integrity sha512-JqdovUd81dG4k87vZt6uA6YhDfWkUGruUu/aPmXLxXi45gZExnt9Bnw/qeQU8oGf82vPyaE0vO4aH0PbobB9JQ==
   dependencies:
     deepmerge "^4.2.2"
     escape-string-regexp "^4.0.0"
@@ -5675,9 +5927,9 @@ sanitize-html@^2.5.3:
     postcss "^8.3.11"
 
 sass@^1.34.1:
-  version "1.57.1"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.57.1.tgz#dfafd46eb3ab94817145e8825208ecf7281119b5"
-  integrity sha512-O2+LwLS79op7GI0xZ8fqzF7X2m/m8WFfI02dHOdsK5R2ECeS5F62zrwg/relM1rjSLy7Vd/DiMNIvPrQGsA0jw==
+  version "1.58.3"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.58.3.tgz#2348cc052061ba4f00243a208b09c40e031f270d"
+  integrity sha512-Q7RaEtYf6BflYrQ+buPudKR26/lH+10EmO9bBqbmPh/KeLqv8bjpTNqxe71ocONqXq+jYiCbpPUmQMS+JJPk4A==
   dependencies:
     chokidar ">=3.0.0 <4.0.0"
     immutable "^4.0.0"
@@ -5743,10 +5995,15 @@ shebang-regex@^3.0.0:
   resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172"
   integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==
 
-shiki-es@^0.1.2:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/shiki-es/-/shiki-es-0.1.2.tgz#37176c6ff8d734f95e27560b62e1230c9a90c0cb"
-  integrity sha512-eqtfk8idlYlSLAn0gp0Ly2+FbKc2d78IddigHSS4iHAnpXoY2kdRzyFGZOdi6TvemYMnRhZBi1HsSqZc5eNKqg==
+shell-quote@^1.7.3:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.0.tgz#20d078d0eaf71d54f43bd2ba14a1b5b9bfa5c8ba"
+  integrity sha512-QHsz8GgQIGKlRi24yFc6a6lN69Idnx634w49ay6+jA5yFh7a1UY+4Rp6HPx/L/1zcEDPEij8cIsiqR6bQsE5VQ==
+
+shiki-es@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/shiki-es/-/shiki-es-0.2.0.tgz#ae5bced62dca0ba46ee81149e68d428565a3e6fb"
+  integrity sha512-RbRMD+IuJJseSZljDdne9ThrUYrwBwJR04FvN4VXpfsU3MNID5VJGHLAD5je/HGThCyEKNgH+nEkSFEWKD7C3Q==
 
 side-channel@^1.0.4:
   version "1.0.4"
@@ -5863,9 +6120,9 @@ statuses@~1.5.0:
   integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==
 
 std-env@^3.3.1:
-  version "3.3.1"
-  resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.3.1.tgz#93a81835815e618c8aa75e7c8a4dc04f7c314e29"
-  integrity sha512-3H20QlwQsSm2OvAxWIYhs+j01MzzqwMwGiiO1NQaJYZgJZFPuAbf95/DiKRBSTYIJ2FeGUc+B/6mPGcWP9dO3Q==
+  version "3.3.2"
+  resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.3.2.tgz#af27343b001616015534292178327b202b9ee955"
+  integrity sha512-uUZI65yrV2Qva5gqE0+A7uVAvO40iPo6jGhs7s8keRfHCmtg+uB2X6EiLGCI9IgL1J17xGhvoOqSz79lzICPTA==
 
 string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
   version "4.2.3"
@@ -5968,11 +6225,11 @@ strip-json-comments@^3.1.0, strip-json-comments@^3.1.1:
   integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
 
 strip-literal@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/strip-literal/-/strip-literal-1.0.0.tgz#0a484ed5a978cd9d2becf3cf8f4f2cb5ab0e1e74"
-  integrity sha512-5o4LsH1lzBzO9UFH63AJ2ad2/S2AVx6NtjOcaz+VTT2h1RiRvbipW72z8M/lxEhcPHDBQwpDrnTF7sXy/7OwCQ==
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/strip-literal/-/strip-literal-1.0.1.tgz#0115a332710c849b4e46497891fb8d585e404bd2"
+  integrity sha512-QZTsipNpa2Ppr6v1AmJHESqJ3Uz247MUS0OjrnnZjFAvEoWqxuyFuXn2xLgMtRnijJShAa1HL0gtJyUs7u7n3Q==
   dependencies:
-    acorn "^8.8.1"
+    acorn "^8.8.2"
 
 style-mod@^4.0.0:
   version "4.0.0"
@@ -6014,9 +6271,9 @@ symbol-tree@^3.2.4:
   integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==
 
 tailwindcss@^3:
-  version "3.2.4"
-  resolved "https://registry.yarnpkg.com/tailwindcss/-/tailwindcss-3.2.4.tgz#afe3477e7a19f3ceafb48e4b083e292ce0dc0250"
-  integrity sha512-AhwtHCKMtR71JgeYDaswmZXhPcW9iuI9Sp2LvZPo9upDZ7231ZJ7eA9RaURbhpXGVlrjX4cFNlB4ieTetEb7hQ==
+  version "3.2.7"
+  resolved "https://registry.yarnpkg.com/tailwindcss/-/tailwindcss-3.2.7.tgz#5936dd08c250b05180f0944500c01dce19188c07"
+  integrity sha512-B6DLqJzc21x7wntlH/GsZwEXTBttVSl1FtCzC8WP4oBc/NKef7kaax5jeihkkCEWc831/5NDJ9gRNDK6NEioQQ==
   dependencies:
     arg "^5.0.2"
     chokidar "^3.5.3"
@@ -6032,12 +6289,12 @@ tailwindcss@^3:
     normalize-path "^3.0.0"
     object-hash "^3.0.0"
     picocolors "^1.0.0"
-    postcss "^8.4.18"
+    postcss "^8.0.9"
     postcss-import "^14.1.0"
     postcss-js "^4.0.0"
     postcss-load-config "^3.1.4"
     postcss-nested "6.0.0"
-    postcss-selector-parser "^6.0.10"
+    postcss-selector-parser "^6.0.11"
     postcss-value-parser "^4.2.0"
     quick-lru "^5.1.1"
     resolve "^1.22.1"
@@ -6058,9 +6315,9 @@ tempy@^0.6.0:
     unique-string "^2.0.0"
 
 terser@^5.0.0:
-  version "5.16.1"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-5.16.1.tgz#5af3bc3d0f24241c7fb2024199d5c461a1075880"
-  integrity sha512-xvQfyfA1ayT0qdK47zskQgRZeWLoOQ8JQ6mIgRGVNwZKdQMU+5FkCBjmv4QjcrTzyZquRw2FVtlJSRUmMKQslw==
+  version "5.16.5"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.16.5.tgz#1c285ca0655f467f92af1bbab46ab72d1cb08e5a"
+  integrity sha512-qcwfg4+RZa3YvlFh0qjifnzBHjKGNbtDo9yivMqMFDy9Q6FSaQWSB/j1xKhsoUFJIqDOM3TsN6D5xbrMrFcHbg==
   dependencies:
     "@jridgewell/source-map" "^0.3.2"
     acorn "^8.5.0"
@@ -6087,24 +6344,19 @@ throttle-debounce@^3.0.1:
   integrity sha512-dTEWWNu6JmeVXY0ZYoPuH5cRIwc0MeGbJwah9KUNYSJwommQpCzTySTpEe8Gs1J23aeWEuAobe4Ag7EHVt/LOg==
 
 tinybench@^2.3.1:
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/tinybench/-/tinybench-2.3.1.tgz#14f64e6b77d7ef0b1f6ab850c7a808c6760b414d"
-  integrity sha512-hGYWYBMPr7p4g5IarQE7XhlyWveh1EKhy4wUBS1LrHXCKYgvz+4/jCqgmJqZxxldesn05vccrtME2RLLZNW7iA==
+  version "2.4.0"
+  resolved "https://registry.yarnpkg.com/tinybench/-/tinybench-2.4.0.tgz#83f60d9e5545353610fe7993bd783120bc20c7a7"
+  integrity sha512-iyziEiyFxX4kyxSp+MtY1oCH/lvjH3PxFN8PGCDeqcZWAJ/i+9y+nL85w99PxVzrIvew/GSkSbDYtiGVa85Afg==
 
-tinypool@^0.1.2:
-  version "0.1.3"
-  resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-0.1.3.tgz#b5570b364a1775fd403de5e7660b325308fee26b"
-  integrity sha512-2IfcQh7CP46XGWGGbdyO4pjcKqsmVqFAPcXfPxcPXmOWt9cYkTP9HcDmGgsfijYoAEc4z9qcpM/BaBz46Y9/CQ==
-
-tinypool@^0.3.0:
+tinypool@^0.3.1:
   version "0.3.1"
   resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-0.3.1.tgz#a99c2e446aba9be05d3e1cb756d6aed7af4723b6"
   integrity sha512-zLA1ZXlstbU2rlpA4CIeVaqvWq41MTWqLY3FfsAXgC8+f7Pk7zroaJQxDgxn1xNudKW6Kmj4808rPFShUlIRmQ==
 
 tinyspy@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/tinyspy/-/tinyspy-1.0.2.tgz#6da0b3918bfd56170fb3cd3a2b5ef832ee1dff0d"
-  integrity sha512-bSGlgwLBYf7PnUsQ6WOc6SJ3pGOcd+d8AA6EUnLDDM0kWEstC1JIlSZA3UNliDXhd9ABoS7hiRBDCu+XP/sf1Q==
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/tinyspy/-/tinyspy-1.1.1.tgz#0cb91d5157892af38cb2d217f5c7e8507a5bf092"
+  integrity sha512-UVq5AXt/gQlti7oxoIg5oi/9r0WpF7DGEVwXgqWSMmyN16+e3tl5lIvTaOpJ3TAtu5xFzWccFRM4R5NaWHF+4g==
 
 tippy.js@^6.2.3, tippy.js@^6.3.7:
   version "6.3.7"
@@ -6155,9 +6407,9 @@ tr46@^3.0.0:
     punycode "^2.1.1"
 
 ts-essentials@^9.1.2:
-  version "9.3.0"
-  resolved "https://registry.yarnpkg.com/ts-essentials/-/ts-essentials-9.3.0.tgz#7e639c1a76b1805c3c60d6e1b5178da2e70aea02"
-  integrity sha512-XeiCboEyBG8UqXZtXl59bWEi4ZgOqRsogFDI6WDGIF1LmzbYiAkIwjkXN6zZWWl4re/lsOqMlYfe8KA0XiiEPw==
+  version "9.3.1"
+  resolved "https://registry.yarnpkg.com/ts-essentials/-/ts-essentials-9.3.1.tgz#f2d1e1584ef53c0251012258338421d7cf78a4d0"
+  integrity sha512-9CChSvQMyVRo29Vb1A2jbs+LKo3d/bAf+ndSaX0T8cEiy/HChVaRN/HY5DqUryZ8hZ6uol9bEgCnGmnDbwBR9Q==
 
 ts-invariant@^0.10.3:
   version "0.10.3"
@@ -6174,12 +6426,12 @@ ts-invariant@^0.4.0:
     tslib "^1.9.3"
 
 tsconfig-paths@^3.14.1:
-  version "3.14.1"
-  resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz#ba0734599e8ea36c862798e920bcf163277b137a"
-  integrity sha512-fxDhWnFSLt3VuTwtvJt5fpwxBHg5AdKWMsgcPOOIilyjymcYVZoCQF8fvFRezCNfblEXmi+PcM1eYHeOAgXCOQ==
+  version "3.14.2"
+  resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.2.tgz#6e32f1f79412decd261f92d633a9dc1cfa99f088"
+  integrity sha512-o/9iXgCYc5L/JxCHPe3Hvh8Q/2xm5Z+p18PESBU6Ff33695QnCHBEjcytY2q19ua7Mbl/DavtBOLq+oG0RCL+g==
   dependencies:
     "@types/json5" "^0.0.29"
-    json5 "^1.0.1"
+    json5 "^1.0.2"
     minimist "^1.2.6"
     strip-bom "^3.0.0"
 
@@ -6229,6 +6481,11 @@ type-fest@^0.20.2:
   resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.20.2.tgz#1bf207f4b28f91583666cb5fbd327887301cd5f4"
   integrity sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==
 
+type-fest@^2.0.0:
+  version "2.19.0"
+  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-2.19.0.tgz#88068015bb33036a598b952e55e9311a60fd3a9b"
+  integrity sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==
+
 typed-array-length@^1.0.4:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/typed-array-length/-/typed-array-length-1.0.4.tgz#89d83785e5c4098bec72e08b319651f0eac9c1bb"
@@ -6239,19 +6496,19 @@ typed-array-length@^1.0.4:
     is-typed-array "^1.1.9"
 
 typescript@^4.5.4, typescript@~4.9.4:
-  version "4.9.4"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.4.tgz#a2a3d2756c079abda241d75f149df9d561091e78"
-  integrity sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg==
+  version "4.9.5"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.5.tgz#095979f9bcc0d09da324d58d03ce8f8374cbe65a"
+  integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==
 
 uc.micro@^1.0.1, uc.micro@^1.0.5:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/uc.micro/-/uc.micro-1.0.6.tgz#9c411a802a409a91fc6cf74081baba34b24499ac"
   integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==
 
-ufo@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.0.1.tgz#64ed43b530706bda2e4892f911f568cf4cf67d29"
-  integrity sha512-boAm74ubXHY7KJQZLlXrtMz52qFvpsbOxDcZOnw/Wf+LS4Mmyu7JxmzD4tDLtUQtmZECypJ0FrCz4QIe6dvKRA==
+ufo@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.1.1.tgz#e70265e7152f3aba425bd013d150b2cdf4056d7c"
+  integrity sha512-MvlCc4GHrmZdAllBc0iUDowff36Q9Ndw/UzqmEKyrfSzokTd9ZCy1i+IIk5hrYKkjoYVQyNbrw7/F8XJ2rEwTg==
 
 unbox-primitive@^1.0.2:
   version "1.0.2"
@@ -6268,6 +6525,16 @@ unfetch@^5.0.0:
   resolved "https://registry.yarnpkg.com/unfetch/-/unfetch-5.0.0.tgz#8a5b6e5779ebe4dde0049f7d7a81d4a1af99d142"
   integrity sha512-3xM2c89siXg0nHvlmYsQ2zkLASvVMBisZm5lF3gFDqfF2xonNStDJyMpvaOBe0a1Edxmqrf2E0HBdmy9QyZaeg==
 
+unhead@1.1.20:
+  version "1.1.20"
+  resolved "https://registry.yarnpkg.com/unhead/-/unhead-1.1.20.tgz#4b100432ab34e24f6b2b07a7dfb3db19f382b955"
+  integrity sha512-fic5YOINP2BD5PvyF05FIayIRaRYjujhuJ2uo2dIpLItAIBHYmBsTEkljsrwC+EULNfeC3Rf4UHxmr8u0EewCA==
+  dependencies:
+    "@unhead/dom" "1.1.20"
+    "@unhead/schema" "1.1.20"
+    "@unhead/shared" "1.1.20"
+    hookable "^5.4.2"
+
 unicode-canonical-property-names-ecmascript@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.0.tgz#301acdc525631670d39f6146e0e77ff6bbdebddc"
@@ -6318,7 +6585,7 @@ upath@^1.2.0:
   resolved "https://registry.yarnpkg.com/upath/-/upath-1.2.0.tgz#8f66dbcd55a883acdae4408af8b035a5044c1894"
   integrity sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg==
 
-update-browserslist-db@^1.0.9:
+update-browserslist-db@^1.0.10:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.0.10.tgz#0f54b876545726f17d00cd9a2561e6dade943ff3"
   integrity sha512-OztqDenkfFkbSG+tRxBeAnCVPckDBcvibKd35yDONx6OU8N7sqgwc7rCbkJ/WcYtVRZ4ba68d6byhC21GFh7sQ==
@@ -6366,30 +6633,18 @@ utils-merge@1.0.1:
   integrity sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==
 
 v8-to-istanbul@^9.0.0:
-  version "9.0.1"
-  resolved "https://registry.yarnpkg.com/v8-to-istanbul/-/v8-to-istanbul-9.0.1.tgz#b6f994b0b5d4ef255e17a0d17dc444a9f5132fa4"
-  integrity sha512-74Y4LqY74kLE6IFyIjPtkSTWzUZmj8tdHT9Ii/26dvQ6K9Dl2NbEfj0XgU2sHCtKgt5VupqhlO/5aWuqS+IY1w==
+  version "9.1.0"
+  resolved "https://registry.yarnpkg.com/v8-to-istanbul/-/v8-to-istanbul-9.1.0.tgz#1b83ed4e397f58c85c266a570fc2558b5feb9265"
+  integrity sha512-6z3GW9x8G1gd+JIIgQQQxXuiJtCXeAjp6RaPEPLv62mH3iPHPxV6W3robxtCzNErRo6ZwTmzWhsbNvjyEBKzKA==
   dependencies:
     "@jridgewell/trace-mapping" "^0.3.12"
     "@types/istanbul-lib-coverage" "^2.0.1"
     convert-source-map "^1.6.0"
 
-vite-node@0.26.0:
-  version "0.26.0"
-  resolved "https://registry.yarnpkg.com/vite-node/-/vite-node-0.26.0.tgz#b070b812a9e90431f48fa9c2640e3cb6f60b4cce"
-  integrity sha512-nLtHWCv6reONl1oFsKhQ/LT7n3UNLpvVARAJlmGrQV6qSElht/9AdN41Pa+WSkw2Winh682UzM0Yw0GNlfqejw==
-  dependencies:
-    debug "^4.3.4"
-    mlly "^1.0.0"
-    pathe "^0.2.0"
-    source-map "^0.6.1"
-    source-map-support "^0.5.21"
-    vite "^3.0.0 || ^4.0.0"
-
-vite-node@0.28.2:
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/vite-node/-/vite-node-0.28.2.tgz#58b52fc638f86fee9bfe4990abaea7e4d74f6514"
-  integrity sha512-zyiJ3DLs9zXign4P2MD4PQk+7rdT+JkHukgmmS0KuImbCQ7WnCdea5imQVeT6OtUsBwsLztJxQODUsinVr91tg==
+vite-node@0.28.4:
+  version "0.28.4"
+  resolved "https://registry.yarnpkg.com/vite-node/-/vite-node-0.28.4.tgz#ce709cde2200d86a2a45457fed65f453234b0261"
+  integrity sha512-KM0Q0uSG/xHHKOJvVHc5xDBabgt0l70y7/lWTR7Q0pR5/MrYxadT+y32cJOE65FfjGmJgxpVEEY+69btJgcXOQ==
   dependencies:
     cac "^6.7.14"
     debug "^4.3.4"
@@ -6400,10 +6655,22 @@ vite-node@0.28.2:
     source-map-support "^0.5.21"
     vite "^3.0.0 || ^4.0.0"
 
+vite-node@0.29.2:
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/vite-node/-/vite-node-0.29.2.tgz#463626197e248971774075faf3d6896c29cf8062"
+  integrity sha512-5oe1z6wzI3gkvc4yOBbDBbgpiWiApvuN4P55E8OI131JGrSuo4X3SOZrNmZYo4R8Zkze/dhi572blX0zc+6SdA==
+  dependencies:
+    cac "^6.7.14"
+    debug "^4.3.4"
+    mlly "^1.1.0"
+    pathe "^1.1.0"
+    picocolors "^1.0.0"
+    vite "^3.0.0 || ^4.0.0"
+
 vite-plugin-pwa@^0.14.1:
-  version "0.14.1"
-  resolved "https://registry.yarnpkg.com/vite-plugin-pwa/-/vite-plugin-pwa-0.14.1.tgz#c32905d77916aab23e86522e2d4882c652f008d5"
-  integrity sha512-5zx7yhQ8RTLwV71+GA9YsQQ63ALKG8XXIMqRJDdZkR8ZYftFcRgnzM7wOWmQZ/DATspyhPih5wCdcZnAIsM+mA==
+  version "0.14.4"
+  resolved "https://registry.yarnpkg.com/vite-plugin-pwa/-/vite-plugin-pwa-0.14.4.tgz#d83fae9e85ab4a082e11ab475b3ec124bfe49084"
+  integrity sha512-M7Ct0so8OlouMkTWgXnl8W1xU95glITSKIe7qswZf1tniAstO2idElGCnsrTJ5NPNSx1XqfTCOUj8j94S6FD7Q==
   dependencies:
     "@rollup/plugin-replace" "^5.0.1"
     debug "^4.3.4"
@@ -6414,29 +6681,29 @@ vite-plugin-pwa@^0.14.1:
     workbox-window "^6.5.4"
 
 "vite@^3.0.0 || ^4.0.0", vite@^4.0.4:
-  version "4.0.4"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-4.0.4.tgz#4612ce0b47bbb233a887a54a4ae0c6e240a0da31"
-  integrity sha512-xevPU7M8FU0i/80DMR+YhgrzR5KS2ORy1B4xcX/cXLsvnUWvfHuqMmVU6N0YiJ4JWGRJJsLCgjEzKjG9/GKoSw==
+  version "4.1.4"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-4.1.4.tgz#170d93bcff97e0ebc09764c053eebe130bfe6ca0"
+  integrity sha512-3knk/HsbSTKEin43zHu7jTwYWv81f8kgAL99G5NWBcA1LKvtvcVAC4JjBH1arBunO9kQka+1oGbrMKOjk4ZrBg==
   dependencies:
-    esbuild "^0.16.3"
-    postcss "^8.4.20"
+    esbuild "^0.16.14"
+    postcss "^8.4.21"
     resolve "^1.22.1"
-    rollup "^3.7.0"
+    rollup "^3.10.0"
   optionalDependencies:
     fsevents "~2.3.2"
 
-vitest@0.28.2, vitest@^0.28.2:
-  version "0.28.2"
-  resolved "https://registry.yarnpkg.com/vitest/-/vitest-0.28.2.tgz#952e1ad83fbd04ee1bfce634b106a371a5973603"
-  integrity sha512-HJBlRla4Mng0OiZ8aWunCecJ6BzLDA4yuzuxiBuBU2MXjGB6I4zT7QgIBL/UrwGKlNxLwaDC5P/4OpeuTlW8yQ==
+vitest@^0.29.2:
+  version "0.29.2"
+  resolved "https://registry.yarnpkg.com/vitest/-/vitest-0.29.2.tgz#0376b547169ddefbde3fbc040b48569ec61d6179"
+  integrity sha512-ydK9IGbAvoY8wkg29DQ4ivcVviCaUi3ivuPKfZEVddMTenFHUfB8EEDXQV8+RasEk1ACFLgMUqAaDuQ/Nk+mQA==
   dependencies:
     "@types/chai" "^4.3.4"
     "@types/chai-subset" "^1.3.3"
     "@types/node" "*"
-    "@vitest/expect" "0.28.2"
-    "@vitest/runner" "0.28.2"
-    "@vitest/spy" "0.28.2"
-    "@vitest/utils" "0.28.2"
+    "@vitest/expect" "0.29.2"
+    "@vitest/runner" "0.29.2"
+    "@vitest/spy" "0.29.2"
+    "@vitest/utils" "0.29.2"
     acorn "^8.8.1"
     acorn-walk "^8.2.0"
     cac "^6.7.14"
@@ -6449,10 +6716,10 @@ vitest@0.28.2, vitest@^0.28.2:
     std-env "^3.3.1"
     strip-literal "^1.0.0"
     tinybench "^2.3.1"
-    tinypool "^0.3.0"
+    tinypool "^0.3.1"
     tinyspy "^1.0.2"
     vite "^3.0.0 || ^4.0.0"
-    vite-node "0.28.2"
+    vite-node "0.29.2"
     why-is-node-running "^2.2.2"
 
 vue-demi@*, vue-demi@^0.13.1:
@@ -6508,9 +6775,9 @@ vue-i18n@9:
     "@vue/devtools-api" "^6.2.1"
 
 vue-material-design-icons@^5.1.2:
-  version "5.1.2"
-  resolved "https://registry.yarnpkg.com/vue-material-design-icons/-/vue-material-design-icons-5.1.2.tgz#d0b9227786672fc17be239fb8c1d8e22e33feb45"
-  integrity sha512-nD1qFM2qAkMlVoe23EfNKIeMfYl6YjHZjSty9q0mwc2gXmPmvEhixywJQhM+VF5KVBI1zAkVTNLoUEERPY10pA==
+  version "5.2.0"
+  resolved "https://registry.yarnpkg.com/vue-material-design-icons/-/vue-material-design-icons-5.2.0.tgz#4e0cf50a68cb6900e8bd2550acbb44fad99bbd8e"
+  integrity sha512-fcdcJHQ9fQw2CAytuLAzWSELcxH138sCdMItVhvmO7Lu9afIgojB/UCWv7XHt/lURsnq/n6O+muM4AQgw8yfig==
 
 vue-matomo@^4.1.0:
   version "4.2.0"
@@ -6552,15 +6819,15 @@ vue-use-route-query@^1.1.0:
     vue-demi "^0.13.1"
 
 vue@^3.2.37:
-  version "3.2.45"
-  resolved "https://registry.yarnpkg.com/vue/-/vue-3.2.45.tgz#94a116784447eb7dbd892167784619fef379b3c8"
-  integrity sha512-9Nx/Mg2b2xWlXykmCwiTUCWHbWIj53bnkizBxKai1g61f2Xit700A1ljowpTIM11e3uipOeiPcSqnmBg6gyiaA==
+  version "3.2.47"
+  resolved "https://registry.yarnpkg.com/vue/-/vue-3.2.47.tgz#3eb736cbc606fc87038dbba6a154707c8a34cff0"
+  integrity sha512-60188y/9Dc9WVrAZeUVSDxRQOZ+z+y5nO2ts9jWXSTkMvayiWxCWOWtBQoYjLeccfXkiiPZWAHcV+WTPhkqJHQ==
   dependencies:
-    "@vue/compiler-dom" "3.2.45"
-    "@vue/compiler-sfc" "3.2.45"
-    "@vue/runtime-dom" "3.2.45"
-    "@vue/server-renderer" "3.2.45"
-    "@vue/shared" "3.2.45"
+    "@vue/compiler-dom" "3.2.47"
+    "@vue/compiler-sfc" "3.2.47"
+    "@vue/runtime-dom" "3.2.47"
+    "@vue/server-renderer" "3.2.47"
+    "@vue/shared" "3.2.47"
 
 w3c-keyname@^2.2.0, w3c-keyname@^2.2.4:
   version "2.2.6"
@@ -6829,9 +7096,9 @@ wrappy@1:
   integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
 
 ws@^8.11.0:
-  version "8.12.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.12.0.tgz#485074cc392689da78e1828a9ff23585e06cddd8"
-  integrity sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==
+  version "8.12.1"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.12.1.tgz#c51e583d79140b5e42e39be48c934131942d4a8f"
+  integrity sha512-1qo+M9Ba+xNhPB+YTWUlK6M17brTut5EXbcBaMRN5pH5dFrXz7lzz1ChFSUq3bOUl8yEvSenhHmYUNJxFzdJew==
 
 xml-name-validator@^4.0.0:
   version "4.0.0"
@@ -6897,9 +7164,9 @@ yargs@^16.2.0:
     yargs-parser "^20.2.2"
 
 yargs@^17.5.1:
-  version "17.6.2"
-  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.6.2.tgz#2e23f2944e976339a1ee00f18c77fedee8332541"
-  integrity sha512-1/9UrdHjDZc0eOU0HxOHoS78C69UD3JRMvzlJ7S79S2nTaWRA/whGCTV8o9e/N/1Va9YIV7Q4sOxD8VV4pCWOw==
+  version "17.7.1"
+  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.1.tgz#34a77645201d1a8fc5213ace787c220eabbd0967"
+  integrity sha512-cwiTb08Xuv5fqF4AovYacTFNxk62th7LKJ6BL9IGUpTJrWoU7/7WdQGTP2SjKf1dUNBGzDd28p/Yfs/GI6JrLw==
   dependencies:
     cliui "^8.0.1"
     escalade "^3.1.1"
@@ -6944,6 +7211,11 @@ zen-observable@0.8.15, zen-observable@^0.8.0:
   resolved "https://registry.yarnpkg.com/zen-observable/-/zen-observable-0.8.15.tgz#96415c512d8e3ffd920afd3889604e30b9eaac15"
   integrity sha512-PQ2PC7R9rslx84ndNBZB/Dkv8V8fZEpk83RLgXtYd0fwUgEjseMn1Dgajh2x6S8QbZAFa9p2qVCEuYZNgve0dQ==
 
+zhead@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/zhead/-/zhead-2.0.4.tgz#42509bbe85b790de9121301eac47d440d9073876"
+  integrity sha512-V4R94t3ifk9AURym6OskbKcnowzgp5Z88tkoL/NF67vyryNxC62u6mx5F1Ux4oh4+YN7FFmKYEyWy6m5kfPH6g==
+
 zhyswan-vuedraggable@^4.1.3:
   version "4.1.3"
   resolved "https://registry.yarnpkg.com/zhyswan-vuedraggable/-/zhyswan-vuedraggable-4.1.3.tgz#0304bbf5c676f355e6052919c531802976492993"
diff --git a/lib/graphql/authorization.ex b/lib/graphql/authorization.ex
new file mode 100644
index 000000000..c0bf78224
--- /dev/null
+++ b/lib/graphql/authorization.ex
@@ -0,0 +1,86 @@
+defmodule Mobilizon.GraphQL.Authorization do
+  @moduledoc """
+  Check authorizations
+  """
+
+  use Rajska,
+    valid_roles: [:user, :moderator, :administrator],
+    super_role: :administrator,
+    default_rule: :default
+
+  alias Mobilizon.Applications.ApplicationToken
+  alias Mobilizon.GraphQL.Authorization.AppScope
+  alias Mobilizon.Users.User
+  import Mobilizon.Web.Gettext, only: [dgettext: 3]
+
+  @impl true
+  def has_user_access?(%User{}, _scope, _rule), do: true
+
+  def has_user_access?(%ApplicationToken{scope: scope} = _current_app_token, _struct, rule)
+      when rule != :forbid_app_access do
+    AppScope.has_app_access?(scope, rule)
+  end
+
+  def has_user_access?(_current_user, _scoped_struct, _rule), do: false
+
+  @impl true
+  def get_current_user(%{current_auth_app_token: app_token}), do: app_token
+  def get_current_user(%{current_user: current_user}), do: current_user
+  def get_current_user(_ctx), do: nil
+
+  @impl true
+  def role_authorized?(_user_role, :all), do: true
+  def role_authorized?(role, _allowed_role) when is_super_role(role), do: true
+
+  def role_authorized?(user_role, allowed_role) when is_atom(user_role) and is_atom(allowed_role),
+    do: user_role === allowed_role
+
+  def role_authorized?(user_role, allowed_roles)
+      when is_atom(user_role) and is_list(allowed_roles),
+      do: user_role in allowed_roles
+
+  @impl true
+  def get_user_role(%ApplicationToken{user: %{role: role}}), do: role
+  def get_user_role(%{role: role}), do: role
+  def get_user_role(nil), do: nil
+
+  @impl true
+  def unauthorized_message(resolution) do
+    case Map.get(resolution.context, :current_user) do
+      nil ->
+        "unauthenticated"
+
+      _ ->
+        "unauthorized"
+    end
+  end
+
+  @impl true
+  def unauthorized_query_scope_message(_resolution, object_type) do
+    dgettext("errors", "Not authorized to access this %{object_type}",
+      object_type: replace_underscore(object_type)
+    )
+  end
+
+  @impl true
+  def unauthorized_object_scope_message(_result_object, object) do
+    dgettext("errors", "Not authorized to access object %{object}", object: object.identifier)
+  end
+
+  @impl true
+  def unauthorized_object_message(_resolution, object) do
+    dgettext("errors", "Not authorized to access object %{object}", object: object.identifier)
+  end
+
+  @impl true
+  def unauthorized_field_message(_resolution, field),
+    do: dgettext("errors", "Not authorized to access field %{field}", field: field)
+
+  defp replace_underscore(string) when is_binary(string), do: String.replace(string, "_", " ")
+
+  defp replace_underscore(atom) when is_atom(atom) do
+    atom
+    |> Atom.to_string()
+    |> replace_underscore()
+  end
+end
diff --git a/lib/graphql/authorization/app_scope.ex b/lib/graphql/authorization/app_scope.ex
new file mode 100644
index 000000000..c162c287b
--- /dev/null
+++ b/lib/graphql/authorization/app_scope.ex
@@ -0,0 +1,118 @@
+defmodule Mobilizon.GraphQL.Authorization.AppScope do
+  @moduledoc """
+  Module referencing all scopes usable in the Mobilizon API
+  """
+
+  require Logger
+
+  @global_scope %{
+    "write" => [
+      # Media
+      :"write:media:upload",
+      :"write:media:remove",
+      # Event permissions
+      :"write:event:create",
+      :"write:event:update",
+      :"write:event:delete",
+      # Comment permissions
+      :"write:comment:create",
+      :"write:comment:update",
+      :"write:comment:delete",
+      # Event participation permission
+      :"write:participation",
+      # User account permissions
+      :"write:user:settings",
+      :"write:user:setting:activity",
+      :"write:user:setting:push",
+      # Profile permissions
+      :"write:profile:create",
+      :"write:profile:update",
+      :"write:profile:delete",
+      :"write:profile:feed_token:create",
+      :"write:feed_token:delete",
+      # Membership permissions
+      :"write:group_membership",
+      # Group permissions
+      :"write:group:create",
+      :"write:group:update",
+      :"write:group:delete",
+      # Group discussions permissions
+      :"write:group:discussion:create",
+      :"write:group:discussion:update",
+      :"write:group:discussion:delete",
+      # Group resources permissions
+      :"write:group:resources:create",
+      :"write:group:resources:update",
+      :"write:group:resources:delete",
+      # Group members
+      :"write:group:members",
+      # Post permissions
+      :"write:group:post:create",
+      :"write:group:post:update",
+      :"write:group:post:delete"
+    ],
+    "read" => [
+      :"read:event",
+      :"read:event:participants",
+      :"read:event:participants:export",
+      :"read:user:settings",
+      # Profile permissions
+      :"read:profile",
+      :"read:profile:organized_events",
+      :"read:profile:participations",
+      :"read:profile:memberships",
+      :"read:profile:follows",
+      # Group details permissions
+      :"read:group",
+      :"read:group:events",
+      :"read:group:discussions",
+      :"read:group:resources",
+      :"read:group:members",
+      :"read:group:followers",
+      :"read:group:todo_lists",
+      :"read:group:activities"
+    ]
+  }
+
+  @spec get_scopes :: list(atom())
+  def get_scopes do
+    @global_scope
+    |> Map.values()
+    |> Enum.concat()
+    |> Enum.concat([:read, :write])
+  end
+
+  @spec scopes_valid?(String.t()) :: boolean()
+  def scopes_valid?(scopes) do
+    scopes
+    |> String.split(" ")
+    |> Enum.all?(&scope_valid?/1)
+  end
+
+  @spec scope_valid?(String.t() | atom()) :: boolean()
+  def scope_valid?(scope) when is_binary(scope) do
+    scope in Enum.map(get_scopes(), &to_string/1)
+  end
+
+  def scope_valid?(scope) when is_atom(scope) do
+    scope in get_scopes()
+  end
+
+  @spec has_app_access?(binary, atom | binary) :: boolean
+  def has_app_access?(scope, rule) do
+    Logger.debug("Has app token access? scope: #{inspect(scope)}, rule: #{inspect(rule)}")
+    scope = String.split(scope, " ")
+    scope_acceptable_for_rule?(scope, rule) or global_scopes_acceptable_for_rule?(scope, rule)
+  end
+
+  @spec scope_acceptable_for_rule?(list(String.t() | atom()), String.t() | atom()) :: boolean()
+  defp scope_acceptable_for_rule?(scope, rule) when is_list(scope) do
+    to_string(rule) in Enum.map(scope, &to_string/1)
+  end
+
+  defp global_scopes_acceptable_for_rule?(scope, rule),
+    do: Enum.any?(scope, &global_scope_acceptable_for_rule?(&1, rule))
+
+  defp global_scope_acceptable_for_rule?(global_scope, rule),
+    do: scope_acceptable_for_rule?(Map.get(@global_scope, global_scope, []), rule)
+end
diff --git a/lib/graphql/error.ex b/lib/graphql/error.ex
index bcbbfc193..09b22a001 100644
--- a/lib/graphql/error.ex
+++ b/lib/graphql/error.ex
@@ -30,6 +30,17 @@ defmodule Mobilizon.GraphQL.Error do
     handle(reason)
   end
 
+  # It's unclear why returned errors are now binaries instead of atoms
+  # but we can still convert them back
+  def normalize(string) when is_binary(string) do
+    string
+    |> String.to_existing_atom()
+    |> handle()
+  rescue
+    ArgumentError ->
+      handle(string)
+  end
+
   # Unhandled errors
   def normalize(other) do
     handle(other)
@@ -65,6 +76,9 @@ defmodule Mobilizon.GraphQL.Error do
   end
 
   defp handle(reason) when is_binary(reason) do
+    Logger.debug("Unknown error")
+    Logger.debug(reason)
+
     %Error{
       code: :unknown_error,
       message: reason,
@@ -101,6 +115,11 @@ defmodule Mobilizon.GraphQL.Error do
   defp metadata(:group_not_found), do: {404, dgettext("errors", "Group not found")}
   defp metadata(:resource_not_found), do: {404, dgettext("errors", "Resource not found")}
   defp metadata(:discussion_not_found), do: {404, dgettext("errors", "Discussion not found")}
+  defp metadata(:application_not_found), do: {404, dgettext("errors", "Application not found")}
+
+  defp metadata(:application_token_not_found),
+    do: {404, dgettext("errors", "Application token not found")}
+
   defp metadata(:unknown), do: {500, dgettext("errors", "Something went wrong")}
 
   defp metadata(code) do
diff --git a/lib/graphql/resolvers/application.ex b/lib/graphql/resolvers/application.ex
index 0b17a580f..6a0addaeb 100644
--- a/lib/graphql/resolvers/application.ex
+++ b/lib/graphql/resolvers/application.ex
@@ -12,7 +12,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
   require Logger
 
   @doc """
-  Create an application
+  Authorize an application
   """
   @spec authorize(any(), map(), Absinthe.Resolution.t()) :: {:ok, map()} | {:error, String.t()}
   def authorize(
@@ -21,8 +21,16 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
         %{context: %{current_user: %User{id: user_id}}}
       ) do
     case Applications.autorize(client_id, redirect_uri, scope, user_id) do
-      {:ok, code} ->
-        {:ok, %{code: code, state: state}}
+      {:ok,
+       %ApplicationToken{
+         application: %Application{client_id: client_id},
+         scope: scope,
+         authorization_code: code
+       }} ->
+        {:ok, %{code: code, state: state, client_id: client_id, scope: scope}}
+
+      {:error, %Ecto.Changeset{} = err} ->
+        {:error, err}
 
       {:error, :application_not_found} ->
         {:error,
@@ -41,18 +49,18 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
   end
 
   def authorize(_parent, _args, _context) do
-    {:error, dgettext("errors", "You need to be logged-in to autorize applications")}
+    {:error, :unauthenticated}
   end
 
   @spec get_application(any(), map(), Absinthe.Resolution.t()) ::
-          {:ok, Application.t()} | {:error, :not_found | :unauthenticated}
+          {:ok, Application.t()} | {:error, :application_not_found | :unauthenticated}
   def get_application(_parent, %{client_id: client_id}, %{context: %{current_user: %User{}}}) do
     case ApplicationManager.get_application_by_client_id(client_id) do
       %Application{} = application ->
         {:ok, application}
 
       nil ->
-        {:error, :not_found}
+        {:error, :application_not_found}
     end
   end
 
@@ -82,7 +90,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
         end
 
       _ ->
-        {:error, :not_found}
+        {:error, :application_token_not_found}
     end
   end
 
@@ -93,29 +101,53 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
   def activate_device(_parent, %{user_code: user_code}, %{
         context: %{current_user: %User{} = user}
       }) do
-    with {:ok, %ApplicationDeviceActivation{} = app_device_activation} <-
-           Applications.activate_device(user_code, user) do
-      {:ok, app_device_activation |> Map.from_struct() |> Map.take([:application, :id, :scope])}
+    case Applications.activate_device(user_code, user) do
+      {:ok, %ApplicationDeviceActivation{} = app_device_activation} ->
+        {:ok, app_device_activation |> Map.from_struct() |> Map.take([:application, :id, :scope])}
+
+      {:error, :expired} ->
+        {:error, dgettext("errors", "The given user code has expired")}
+
+      {:error, :not_found} ->
+        {:error, dgettext("errors", "The given user code is invalid")}
     end
   end
 
+  def activate_device(_parent, _args, _resolution) do
+    {:error, :unauthenticated}
+  end
+
   @spec authorize_device_application(any(), map(), Absinthe.Resolution.t()) ::
           {:ok, map()} | {:error, String.t()}
   def authorize_device_application(
         _parent,
         %{client_id: client_id, user_code: user_code},
-        %{context: %{current_user: %User{id: user_id}}}
+        %{context: %{current_user: %User{}}}
       ) do
-    case Applications.autorize_device_application(client_id, user_code, user_id) do
-      {:ok, %Application{} = app} ->
+    case Applications.autorize_device_application(client_id, user_code) do
+      {:ok, %ApplicationDeviceActivation{application: app}} ->
         {:ok, app}
 
-      {:error, :application_not_found} ->
+      {:error, :not_confirmed} ->
         {:error,
          dgettext(
            "errors",
-           "No application with this client_id was found"
+           "The device user code was not provided before approving the application"
          )}
+
+      {:error, :not_found} ->
+        {:error,
+         dgettext(
+           "errors",
+           "The given user code is invalid"
+         )}
+
+      {:error, :expired} ->
+        {:error, dgettext("errors", "The given user code has expired")}
     end
   end
+
+  def authorize_device_application(_parent, _args, _resolution) do
+    {:error, :unauthenticated}
+  end
 end
diff --git a/lib/graphql/resolvers/media.ex b/lib/graphql/resolvers/media.ex
index 64f163e43..579403799 100644
--- a/lib/graphql/resolvers/media.ex
+++ b/lib/graphql/resolvers/media.ex
@@ -44,7 +44,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Media do
   def upload_media(
         _parent,
         %{file: %Plug.Upload{} = file} = args,
-        %{context: %{current_actor: %Actor{id: actor_id}}}
+        %{context: %{current_actor: %Actor{id: default_actor_id}}}
       ) do
     with {:ok,
           %{
@@ -62,7 +62,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Media do
          {:ok, media = %Media{}} <-
            Medias.create_media(%{
              file: args,
-             actor_id: actor_id,
+             actor_id: Map.get(args, :actor_id, default_actor_id),
              metadata: Map.take(uploaded, [:width, :height, :blurhash])
            }) do
       {:ok, transform_media(media)}
diff --git a/lib/graphql/schema.ex b/lib/graphql/schema.ex
index 0756b5637..b74385db5 100644
--- a/lib/graphql/schema.ex
+++ b/lib/graphql/schema.ex
@@ -20,8 +20,8 @@ defmodule Mobilizon.GraphQL.Schema do
   alias Mobilizon.Actors.{Actor, Follower, Member}
   alias Mobilizon.Discussions.Comment
   alias Mobilizon.Events.{Event, Participant}
+  alias Mobilizon.GraphQL.{Authorization, Schema}
   alias Mobilizon.GraphQL.Middleware.{CurrentActorProvider, ErrorHandler, OperationNameLogger}
-  alias Mobilizon.GraphQL.Schema
   alias Mobilizon.GraphQL.Schema.Custom
   alias Mobilizon.Storage.Repo
 
@@ -57,11 +57,13 @@ defmodule Mobilizon.GraphQL.Schema do
 
   @desc "A struct containing the id of the deleted object"
   object :deleted_object do
+    meta(:authorize, :all)
     field(:id, :id)
   end
 
   @desc "A JWT and the associated user ID"
   object :login do
+    meta(:authorize, :all)
     field(:access_token, non_null(:string), description: "A JWT Token for this session")
 
     field(:refresh_token, non_null(:string),
@@ -75,6 +77,7 @@ defmodule Mobilizon.GraphQL.Schema do
   Represents a notification for an user
   """
   object :notification do
+    meta(:authorize, :user)
     field(:id, :id, description: "The notification ID")
     field(:user, :user, description: "The user to transmit the notification to")
     field(:actor, :actor, description: "The notification target profile")
@@ -133,7 +136,9 @@ defmodule Mobilizon.GraphQL.Schema do
       |> Dataloader.add_source(Resources, default_source)
       |> Dataloader.add_source(Todos, default_source)
 
-    Map.put(ctx, :loader, loader)
+    ctx
+    |> Map.put(:loader, loader)
+    |> Map.put(:authorization, Authorization)
   end
 
   def plugins do
@@ -201,11 +206,19 @@ defmodule Mobilizon.GraphQL.Schema do
   end
 
   @spec middleware(list(module()), any(), map()) :: list(module())
-  def middleware(middleware, _field, %{identifier: type}) when type in [:query, :mutation] do
-    [CurrentActorProvider] ++ middleware ++ [ErrorHandler, OperationNameLogger]
+  def middleware(middleware, field, %{identifier: type}) when type in [:query, :mutation] do
+    [CurrentActorProvider | middleware]
+    |> Enum.map(&fix_middleware_format_for_rajska/1)
+    |> Rajska.add_query_authorization(field, Authorization)
+    |> Rajska.add_object_authorization()
+    |> List.insert_at(-1, ErrorHandler)
+    |> List.insert_at(-1, OperationNameLogger)
   end
 
-  def middleware(middleware, _field, _object) do
-    middleware
+  def middleware(middleware, field, object) do
+    Rajska.add_field_authorization(middleware, field, object)
   end
+
+  defp fix_middleware_format_for_rajska({mod, config}), do: {mod, config}
+  defp fix_middleware_format_for_rajska(mod), do: {mod, nil}
 end
diff --git a/lib/graphql/schema/activity.ex b/lib/graphql/schema/activity.ex
index f43ec75f7..335b2dfd7 100644
--- a/lib/graphql/schema/activity.ex
+++ b/lib/graphql/schema/activity.ex
@@ -25,11 +25,13 @@ defmodule Mobilizon.GraphQL.Schema.ActivityType do
   end
 
   object :activity_param_item do
+    meta(:authorize, :user)
     field(:key, :string)
     field(:value, :string)
   end
 
   interface :activity_object do
+    meta(:authorize, :user)
     field(:id, :id)
 
     resolve_type(fn
@@ -66,11 +68,13 @@ defmodule Mobilizon.GraphQL.Schema.ActivityType do
   A paginated list of activity items
   """
   object :paginated_activity_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:activity), description: "A list of activities")
     field(:total, :integer, description: "The total number of elements in the list")
   end
 
   object :activity do
+    meta(:authorize, :user)
     field(:id, :id, description: "The activity item ID")
     field(:inserted_at, :datetime, description: "When was the activity inserted")
     field(:priority, :integer)
diff --git a/lib/graphql/schema/actor.ex b/lib/graphql/schema/actor.ex
index cc28cbe2a..2d271eb9a 100644
--- a/lib/graphql/schema/actor.ex
+++ b/lib/graphql/schema/actor.ex
@@ -13,6 +13,7 @@ defmodule Mobilizon.GraphQL.Schema.ActorInterface do
 
   @desc "An ActivityPub actor"
   interface :actor do
+    meta(:authorize, :all)
     field(:id, :id, description: "Internal ID for this actor")
     field(:url, :string, description: "The ActivityPub actor's URL")
     field(:type, :actor_type, description: "The type of Actor (Person, Group,…)")
@@ -65,18 +66,21 @@ defmodule Mobilizon.GraphQL.Schema.ActorInterface do
     @desc "Suspend an actor"
     field :suspend_profile, :deleted_object do
       arg(:id, non_null(:id), description: "The remote profile ID to suspend")
+      middleware(Rajska.QueryAuthorization, permit: :moderator, scope: false)
       resolve(&ActorResolver.suspend_profile/3)
     end
 
     @desc "Unsuspend an actor"
     field :unsuspend_profile, :actor do
       arg(:id, non_null(:id), description: "The remote profile ID to unsuspend")
+      middleware(Rajska.QueryAuthorization, permit: :moderator, scope: false)
       resolve(&ActorResolver.unsuspend_profile/3)
     end
 
     @desc "Refresh a profile"
     field :refresh_profile, :actor do
       arg(:id, non_null(:id), description: "The remote profile ID to refresh")
+      middleware(Rajska.QueryAuthorization, permit: :moderator, scope: false)
       resolve(&ActorResolver.refresh_profile/3)
     end
   end
diff --git a/lib/graphql/schema/actors/application.ex b/lib/graphql/schema/actors/application.ex
index 87774005a..f1cd88f81 100644
--- a/lib/graphql/schema/actors/application.ex
+++ b/lib/graphql/schema/actors/application.ex
@@ -10,6 +10,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.ApplicationType do
   Represents an application
   """
   object :application do
+    meta(:authorize, :all)
     interfaces([:actor])
 
     field(:id, :id, description: "Internal ID for this application")
diff --git a/lib/graphql/schema/actors/follower.ex b/lib/graphql/schema/actors/follower.ex
index fcfff2840..b019f0c71 100644
--- a/lib/graphql/schema/actors/follower.ex
+++ b/lib/graphql/schema/actors/follower.ex
@@ -9,6 +9,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.FollowerType do
   Represents an actor's follower
   """
   object :follower do
+    meta(:authorize, :user)
     field(:id, :id, description: "The follow ID")
     field(:target_actor, :actor, description: "What or who the profile follows")
     field(:actor, :actor, description: "Which profile follows")
@@ -30,6 +31,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.FollowerType do
   A paginated list of follower objects
   """
   object :paginated_follower_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:follower), description: "A list of followers")
     field(:total, :integer, description: "The total number of elements in the list")
   end
@@ -43,6 +45,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.FollowerType do
         description: "Whether the follower has been approved by the target actor or not"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
+
       resolve(&Followers.update_follower/3)
     end
   end
diff --git a/lib/graphql/schema/actors/group.ex b/lib/graphql/schema/actors/group.ex
index 2f2ca7e1c..804c3fda9 100644
--- a/lib/graphql/schema/actors/group.ex
+++ b/lib/graphql/schema/actors/group.ex
@@ -29,6 +29,9 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
   Represents a group of actors
   """
   object :group do
+    meta(:authorize, :all)
+    meta(:scope_field?, true)
+
     interfaces([:actor, :interactable, :activity_object, :action_log_object, :group_search_result])
 
     field(:id, :id, description: "Internal ID for this group")
@@ -77,7 +80,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
     )
 
     # This one should have a privacy setting
-    field :organized_events, :paginated_event_list do
+    field :organized_events, :paginated_event_list,
+      meta: [private: true, rule: :"read:group:events"] do
       arg(:after_datetime, :datetime,
         default_value: nil,
         description: "Filter events that begin after this datetime"
@@ -94,7 +98,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       description("A list of the events this actor has organized")
     end
 
-    field :discussions, :paginated_discussion_list do
+    field :discussions, :paginated_discussion_list,
+      meta: [private: true, rule: :"read:group:discussions"] do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated discussion list"
@@ -111,7 +116,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       description: "Whether the group is opened to all or has restricted access"
     )
 
-    field :members, :paginated_member_list do
+    field :members, :paginated_member_list, meta: [private: true, rule: :"read:group:members"] do
       arg(:name, :string, description: "A name to filter members by")
       arg(:page, :integer, default_value: 1, description: "The page in the paginated member list")
       arg(:limit, :integer, default_value: 10, description: "The limit of members per page")
@@ -120,7 +125,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       description("A paginated list of group members")
     end
 
-    field :resources, :paginated_resource_list do
+    field :resources, :paginated_resource_list,
+      meta: [private: true, rule: :"read:group:resources"] do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated resource list"
@@ -138,7 +144,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       description("A paginated list of the posts this group has")
     end
 
-    field :todo_lists, :paginated_todo_list_list do
+    field :todo_lists, :paginated_todo_list_list,
+      meta: [private: true, rule: :"read:group:todo_lists"] do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated todo-lists list"
@@ -149,7 +156,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       description("A paginated list of the todo lists this group has")
     end
 
-    field :followers, :paginated_follower_list do
+    field :followers, :paginated_follower_list,
+      meta: [private: true, rule: :"read:group:followers"] do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated followers list"
@@ -166,7 +174,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       description("A paginated list of the followers this group has")
     end
 
-    field :activity, :paginated_activity_list do
+    field :activity, :paginated_activity_list,
+      meta: [private: true, rule: :"read:group:activities"] do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated activity items list"
@@ -204,6 +213,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
   A paginated list of groups
   """
   object :paginated_group_list do
+    meta(:authorize, :all)
     field(:elements, list_of(:group), description: "A list of groups")
     field(:total, :integer, description: "The total number of groups in the list")
   end
@@ -215,12 +225,6 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
     value(:private, description: "Visible only to people with the link - or invited")
   end
 
-  object :group_follow do
-    field(:group, :group, description: "The group followed")
-    field(:profile, :group, description: "The group followed")
-    field(:notify, :boolean, description: "Whether to notify profile from group activity")
-  end
-
   object :group_queries do
     @desc "Get all groups"
     field :groups, :paginated_group_list do
@@ -236,12 +240,25 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       arg(:suspended, :boolean, default_value: false, description: "Filter by suspended status")
       arg(:page, :integer, default_value: 1, description: "The page in the paginated group list")
       arg(:limit, :integer, default_value: 10, description: "The limit of groups per page")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: [:administrator, :moderator],
+        scope: Mobilizon.Actors.Actor,
+        args: %{}
+      )
+
       resolve(&Group.list_groups/3)
     end
 
     @desc "Get a group by its ID"
     field :get_group, :group do
       arg(:id, non_null(:id), description: "The group ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: [:administrator, :moderator],
+        scope: Mobilizon.Actors.Actor
+      )
+
       resolve(&Group.get_group/3)
     end
 
@@ -251,15 +268,9 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
         description: "The group preferred_username, eventually containing their domain if remote"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Group.find_group/3)
     end
-
-    @desc "Get a group by its preferred username"
-    field :group_by_id, :group do
-      arg(:id, non_null(:id), description: "The group local ID")
-
-      resolve(&Group.find_group_by_id/3)
-    end
   end
 
   object :group_mutations do
@@ -291,7 +302,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       )
 
       arg(:physical_address, :address_input, description: "The physical address for the group")
-
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Group.create_group/3)
     end
 
@@ -323,14 +334,14 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
       )
 
       arg(:physical_address, :address_input, description: "The physical address for the group")
-
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Group.update_group/3)
     end
 
     @desc "Delete a group"
     field :delete_group, :deleted_object do
       arg(:group_id, non_null(:id), description: "The group ID")
-
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Group.delete_group/3)
     end
 
@@ -343,6 +354,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
         default_value: true
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Group.follow_group/3)
     end
 
@@ -355,13 +367,14 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
         default_value: true
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Group.update_group_follow/3)
     end
 
     @desc "Unfollow a group"
     field :unfollow_group, :follower do
       arg(:group_id, non_null(:id), description: "The group ID")
-
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Group.unfollow_group/3)
     end
   end
diff --git a/lib/graphql/schema/actors/member.ex b/lib/graphql/schema/actors/member.ex
index 963601f28..a8efe191e 100644
--- a/lib/graphql/schema/actors/member.ex
+++ b/lib/graphql/schema/actors/member.ex
@@ -10,6 +10,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
   Represents a member of a group
   """
   object :member do
+    meta(:authorize, :user)
     interfaces([:activity_object])
     field(:id, :id, description: "The member's ID")
     field(:parent, :group, description: "Of which the profile is member")
@@ -37,6 +38,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
   A paginated list of members
   """
   object :paginated_member_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:member), description: "A list of members")
     field(:total, :integer, description: "The total number of elements in the list")
   end
@@ -46,6 +48,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
     field :join_group, :member do
       arg(:group_id, non_null(:id), description: "The group ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group_membership",
+        args: %{parent_id: :group_id}
+      )
+
       resolve(&Group.join_group/3)
     end
 
@@ -53,9 +62,42 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
     field :leave_group, :deleted_object do
       arg(:group_id, non_null(:id), description: "The group ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group_membership",
+        args: %{parent_id: :group_id}
+      )
+
       resolve(&Group.leave_group/3)
     end
 
+    @desc "Accept an invitation to a group"
+    field :accept_invitation, :member do
+      arg(:id, non_null(:id), description: "The member ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group_membership"
+      )
+
+      resolve(&Member.accept_invitation/3)
+    end
+
+    @desc "Reject an invitation to a group"
+    field :reject_invitation, :member do
+      arg(:id, non_null(:id), description: "The member ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group_membership"
+      )
+
+      resolve(&Member.reject_invitation/3)
+    end
+
     @desc "Invite an actor to join the group"
     field :invite_member, :member do
       arg(:group_id, non_null(:id), description: "The group ID")
@@ -64,29 +106,29 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
         description: "The targeted person's federated username"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group:members",
+        args: %{parent_id: :group_id}
+      )
+
       resolve(&Member.invite_member/3)
     end
 
-    @desc "Accept an invitation to a group"
-    field :accept_invitation, :member do
-      arg(:id, non_null(:id), description: "The member ID")
-
-      resolve(&Member.accept_invitation/3)
-    end
-
-    @desc "Reject an invitation to a group"
-    field :reject_invitation, :member do
-      arg(:id, non_null(:id), description: "The member ID")
-
-      resolve(&Member.reject_invitation/3)
-    end
-
     @desc """
     Approve a membership request
     """
     field :approve_member, :member do
       arg(:member_id, non_null(:id), description: "The member ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group:members",
+        args: %{parent_id: :member_id}
+      )
+
       resolve(&Member.approve_member/3)
     end
 
@@ -96,6 +138,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
     field :reject_member, :member do
       arg(:member_id, non_null(:id), description: "The member ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group:members",
+        args: %{parent_id: :member_id}
+      )
+
       resolve(&Member.reject_member/3)
     end
 
@@ -106,6 +155,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
       arg(:member_id, non_null(:id), description: "The member ID")
       arg(:role, non_null(:member_role_enum), description: "The new member role")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group:members",
+        args: %{parent_id: :member_id}
+      )
+
       resolve(&Member.update_member/3)
     end
 
@@ -118,6 +174,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
         description: "Whether the member should be excluded from the group"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Member,
+        rule: :"write:group:members",
+        args: %{parent_id: :member_id}
+      )
+
       resolve(&Member.remove_member/3)
     end
   end
diff --git a/lib/graphql/schema/actors/person.ex b/lib/graphql/schema/actors/person.ex
index eda059000..d4207a741 100644
--- a/lib/graphql/schema/actors/person.ex
+++ b/lib/graphql/schema/actors/person.ex
@@ -16,6 +16,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
   Represents a person identity
   """
   object :person do
+    meta(:authorize, :all)
+    meta(:scope_field?, true)
     interfaces([:actor, :action_log_object])
     field(:id, :id, description: "Internal ID for this person")
 
@@ -72,7 +74,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
 
     # This one should have a privacy setting
     field(:organized_events, :paginated_event_list,
-      description: "A list of the events this actor has organized"
+      description: "A list of the events this actor has organized",
+      meta: [private: true, rule: :"read:profile:organized_events"]
     ) do
       arg(:page, :integer, default_value: 1, description: "The page in the paginated event list")
       arg(:limit, :integer, default_value: 10, description: "The limit of events per page")
@@ -81,7 +84,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
 
     @desc "The list of events this person goes to"
     field(:participations, :paginated_participant_list,
-      description: "The list of events this person goes to"
+      description: "The list of events this person goes to",
+      meta: [private: true, rule: :"read:profile:participations"]
     ) do
       arg(:event_id, :id, description: "Filter by event ID")
 
@@ -97,7 +101,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
 
     @desc "The list of groups this person is member of"
     field(:memberships, :paginated_member_list,
-      description: "The list of group this person is member of"
+      description: "The list of group this person is member of",
+      meta: [private: true, rule: :"read:profile:memberships"]
     ) do
       arg(:group, :string, description: "Filter by group federated username")
       arg(:group_id, :id, description: "Filter by group ID")
@@ -113,7 +118,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
 
     @desc "The list of groups this person follows"
     field(:follows, :paginated_follower_list,
-      description: "The list of groups this person follows"
+      description: "The list of groups this person follows",
+      meta: [private: true, rule: :"read:profile:follows"]
     ) do
       arg(:group, :string, description: "Filter by group federated username")
 
@@ -131,6 +137,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
   A paginated list of persons
   """
   object :paginated_person_list do
+    meta(:authorize, :all)
     field(:elements, list_of(:person), description: "A list of persons")
     field(:total, :integer, description: "The total number of persons in the list")
   end
@@ -138,23 +145,46 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
   object :person_queries do
     @desc "Get the current actor for the logged-in user"
     field :logged_person, :person do
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        args: %{}
+      )
+
       resolve(&Person.get_current_person/3)
     end
 
     @desc "Get a person by its (federated) username"
     field :fetch_person, :person do
       arg(:preferred_username, non_null(:string), description: "The person's federated username")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        args: %{preferred_username: :preferred_username}
+      )
+
       resolve(&Person.fetch_person/3)
     end
 
     @desc "Get a person by its ID"
     field :person, :person do
       arg(:id, non_null(:id), description: "The person ID")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Person.get_person/3)
     end
 
     @desc "Get the persons for an user"
     field :identities, list_of(:person) do
+      deprecate("Use the loggedUser query instead")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: [:user, :moderator, :administrator],
+        scope: Mobilizon.Actors.Actor,
+        args: %{},
+        rule: :user_self_identities
+      )
+
       resolve(&Person.identities/3)
     end
 
@@ -172,6 +202,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
       arg(:suspended, :boolean, default_value: false, description: "Filter by suspended status")
       arg(:page, :integer, default_value: 1, description: "The page in the paginated person list")
       arg(:limit, :integer, default_value: 10, description: "The limit of persons per page")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: [:administrator, :moderator],
+        scope: Mobilizon.Actors.Actor,
+        args: %{}
+      )
+
       resolve(&Person.list_persons/3)
     end
   end
@@ -195,6 +232,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
           "The banner for the profile, either as an object or directly the ID of an existing media"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        args: %{},
+        rule: :"write:profile:create"
+      )
+
       resolve(&Person.create_person/3)
     end
 
@@ -216,6 +260,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
           "The banner for the profile, either as an object or directly the ID of an existing media"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        rule: :"write:profile:update"
+      )
+
       resolve(&Person.update_person/3)
     end
 
@@ -223,6 +273,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
     field :delete_person, :person do
       arg(:id, non_null(:id), description: "The person's ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        rule: :"write:profile:delete"
+      )
+
       resolve(&Person.delete_person/3)
     end
 
@@ -245,6 +301,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
           "The banner for the profile, either as an object or directly the ID of an existing media"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all, scope: Mobilizon.Actors.Actor, args: %{})
+
       resolve(&Person.register_person/3)
     end
   end
@@ -254,6 +312,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
     field :event_person_participation_changed, :person do
       arg(:person_id, non_null(:id), description: "The person's ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        args: %{id: :person_id}
+      )
+
       config(fn args, _ ->
         {:ok, topic: args.person_id}
       end)
@@ -264,6 +328,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
       arg(:person_id, non_null(:id), description: "The person's ID")
       arg(:group, non_null(:string), description: "The group's federated username")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Actors.Actor,
+        args: %{id: :person_id}
+      )
+
       config(fn args, _ ->
         {:ok, topic: [args.group, args.person_id]}
       end)
diff --git a/lib/graphql/schema/address.ex b/lib/graphql/schema/address.ex
index 9b797d9ef..0ca407f13 100644
--- a/lib/graphql/schema/address.ex
+++ b/lib/graphql/schema/address.ex
@@ -10,6 +10,7 @@ defmodule Mobilizon.GraphQL.Schema.AddressType do
   An address object
   """
   object :address do
+    meta(:authorize, :all)
     field(:geom, :point, description: "The geocoordinates for the point where this address is")
     field(:street, :string, description: "The address's street name (with number)")
     field(:locality, :string, description: "The address's locality")
@@ -29,6 +30,7 @@ defmodule Mobilizon.GraphQL.Schema.AddressType do
   A phone address
   """
   object :phone_address do
+    meta(:authorize, :all)
     field(:phone, :string, description: "The phone number")
     field(:info, :string, description: "Additional information about the phone number")
   end
@@ -37,11 +39,13 @@ defmodule Mobilizon.GraphQL.Schema.AddressType do
   An online address
   """
   object :online_address do
+    meta(:authorize, :all)
     field(:url, :string)
     field(:info, :string)
   end
 
   object :picture_info_element do
+    meta(:authorize, :all)
     field(:name, :string)
     field(:url, :string)
   end
@@ -50,6 +54,7 @@ defmodule Mobilizon.GraphQL.Schema.AddressType do
   A picture associated with an address
   """
   object :picture_info do
+    meta(:authorize, :all)
     field(:url, :string)
     field(:author, :picture_info_element)
     field(:source, :picture_info_element)
@@ -100,7 +105,7 @@ defmodule Mobilizon.GraphQL.Schema.AddressType do
       arg(:limit, :integer, default_value: 10, description: "The limit of search results per page")
 
       arg(:type, :address_search_type, description: "Filter by type of results")
-
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Address.search/3)
     end
 
@@ -115,6 +120,7 @@ defmodule Mobilizon.GraphQL.Schema.AddressType do
         description: "The user's locale. Geocoding backends will make use of this value."
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Address.reverse_geocode/3)
     end
   end
diff --git a/lib/graphql/schema/admin.ex b/lib/graphql/schema/admin.ex
index ddd287e97..ec432a08a 100644
--- a/lib/graphql/schema/admin.ex
+++ b/lib/graphql/schema/admin.ex
@@ -15,6 +15,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
 
   @desc "An action log"
   object :action_log do
+    meta(:authorize, :moderator)
     field(:id, :id, description: "Internal ID for this comment")
     field(:actor, :actor, description: "The actor that acted")
     field(:object, :action_log_object, description: "The object that was acted upon")
@@ -26,6 +27,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   A paginated list of action logs
   """
   object :paginated_action_log_list do
+    meta(:authorize, :moderator)
     field(:elements, list_of(:action_log), description: "A list of action logs")
     field(:total, :integer, description: "The total number of action logs in the list")
   end
@@ -49,6 +51,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
 
   @desc "The objects that can be in an action log"
   interface :action_log_object do
+    meta(:authorize, [:moderator, :administrator])
     field(:id, :id, description: "Internal ID for this object")
 
     resolve_type(fn
@@ -82,6 +85,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   Language information
   """
   object :language do
+    meta(:authorize, :administrator)
     field(:code, :string, description: "The iso-639-3 language code")
     field(:name, :string, description: "The language name")
   end
@@ -90,6 +94,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   Dashboard information
   """
   object :dashboard do
+    meta(:authorize, :administrator)
     field(:last_public_event_published, :event, description: "Last public event published")
     field(:last_group_created, :group, description: "Last public group created")
     field(:number_of_users, :integer, description: "The number of local users")
@@ -109,6 +114,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   Admin settings
   """
   object :admin_settings do
+    meta(:authorize, :administrator)
     field(:instance_name, :string, description: "The instance's name")
     field(:instance_description, :string, description: "The instance's description")
     field(:instance_long_description, :string, description: "The instance's long description")
@@ -184,6 +190,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   An instance representation
   """
   object :instance do
+    meta(:authorize, :administrator)
     field(:domain, :id, description: "The domain name of the instance")
     field(:follower_status, :instance_follow_status, description: "Do we follow this instance")
     field(:followed_status, :instance_follow_status, description: "Does this instance follow us?")
@@ -226,6 +233,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   A paginated list of instances
   """
   object :paginated_instance_list do
+    meta(:authorize, :administrator)
     field(:elements, list_of(:instance), description: "A list of instances")
     field(:total, :integer, description: "The total number of instances in the list")
   end
@@ -235,6 +243,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
     field :action_logs, type: :paginated_action_log_list do
       arg(:page, :integer, default_value: 1)
       arg(:limit, :integer, default_value: 10)
+      middleware(Rajska.QueryAuthorization, permit: :moderator, scope: false)
       resolve(&Admin.list_action_logs/3)
     end
 
@@ -247,6 +256,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
           "The user's locale. The list of languages will be translated with this locale"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Admin.get_list_of_languages/3)
     end
 
@@ -254,6 +264,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
     Get dashboard information
     """
     field :dashboard, type: :dashboard do
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.get_dashboard/3)
     end
 
@@ -261,6 +272,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
     Get admin settings
     """
     field :admin_settings, type: :admin_settings do
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.get_settings/3)
     end
 
@@ -278,6 +290,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
         description: "The limit of relay followers per page"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.list_relay_followers/3)
     end
 
@@ -301,6 +314,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
       )
 
       arg(:direction, :string, default_value: :desc, description: "The sorting direction")
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.list_relay_followings/3)
     end
 
@@ -336,6 +350,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
       )
 
       arg(:direction, :string, default_value: :desc, description: "The sorting direction")
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.get_instances/3)
     end
 
@@ -344,6 +359,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
     """
     field :instance, :instance do
       arg(:domain, non_null(:id), description: "The instance domain")
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.get_instance/3)
     end
   end
@@ -352,28 +368,28 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
     @desc "Add an instance subscription"
     field :add_instance, type: :instance do
       arg(:domain, non_null(:string), description: "The instance domain to add")
-
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.create_instance/3)
     end
 
     @desc "Delete a relay subscription"
     field :remove_relay, type: :follower do
       arg(:address, non_null(:string), description: "The relay hostname to delete")
-
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.remove_relay/3)
     end
 
     @desc "Accept a relay subscription"
     field :accept_relay, type: :follower do
       arg(:address, non_null(:string), description: "The accepted relay hostname")
-
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.accept_subscription/3)
     end
 
     @desc "Reject a relay subscription"
     field :reject_relay, type: :follower do
       arg(:address, non_null(:string), description: "The rejected relay hostname")
-
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.reject_subscription/3)
     end
 
@@ -402,7 +418,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
       arg(:instance_rules, :string, description: "The instance's rules")
       arg(:registrations_open, :boolean, description: "Whether the registrations are opened")
       arg(:instance_languages, list_of(:string), description: "The instance's languages")
-
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.save_settings/3)
     end
 
@@ -420,6 +436,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
         description: "Whether or not to notify the user of the change"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :administrator)
       resolve(&Admin.update_user/3)
     end
   end
diff --git a/lib/graphql/schema/auth_application.ex b/lib/graphql/schema/auth_application.ex
index 37fba37a9..f98489519 100644
--- a/lib/graphql/schema/auth_application.ex
+++ b/lib/graphql/schema/auth_application.ex
@@ -7,15 +7,17 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
 
   @desc "An application"
   object :auth_application do
+    meta(:authorize, :user)
     field(:id, :id)
     field(:name, :string)
     field(:client_id, :string)
-    field(:scopes, :string)
+    field(:scope, :string)
     field(:website, :string)
   end
 
   @desc "An application"
   object :auth_application_token do
+    meta(:authorize, :user)
     field(:id, :id)
     field(:inserted_at, :string)
     field(:last_used_at, :string)
@@ -24,11 +26,15 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
 
   @desc "The informations returned after authorization"
   object :application_code_and_state do
+    meta(:authorize, :user)
     field(:code, :string)
     field(:state, :string)
+    field(:client_id, :string)
+    field(:scope, :string)
   end
 
   object :application_device_activation do
+    meta(:authorize, :user)
     field(:id, :id)
     field(:application, :auth_application)
     field(:scope, :string)
@@ -38,6 +44,14 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
     @desc "Get an application"
     field :auth_application, :auth_application do
       arg(:client_id, non_null(:string), description: "The application's client_id")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Applications.Application,
+        rule: :forbid_app_access,
+        args: %{client_id: :client_id}
+      )
+
       resolve(&Application.get_application/3)
     end
   end
@@ -51,18 +65,33 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
         description: "The URI to redirect to with the code and state"
       )
 
-      arg(:scope, :string, description: "The scope for the authorization")
+      arg(:scope, non_null(:string), description: "The scope for the authorization")
 
       arg(:state, :string,
         description: "A state parameter to check that the request wasn't altered"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Applications.Application,
+        rule: :forbid_app_access,
+        args: %{client_id: :client_id}
+      )
+
       resolve(&Application.authorize/3)
     end
 
     @desc "Revoke an authorized application"
     field :revoke_application_token, :deleted_object do
       arg(:app_token_id, non_null(:string), description: "The application token's ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Applications.ApplicationToken,
+        rule: :forbid_app_access,
+        args: %{id: :app_token_id}
+      )
+
       resolve(&Application.revoke_application_token/3)
     end
 
@@ -72,13 +101,30 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
         description: "The code provided by the application entered by the user"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Applications.ApplicationDeviceActivation,
+        rule: :forbid_app_access,
+        args: %{id: :user_code}
+      )
+
       resolve(&Application.activate_device/3)
     end
 
     @desc "Activate an user device"
     field :authorize_device_application, :auth_application do
       arg(:client_id, non_null(:string), description: "The application's client_id")
-      arg(:scope, :string, description: "The scope for the authorization")
+
+      arg(:user_code, non_null(:string),
+        description: "The code provided by the application entered by the user"
+      )
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Applications.ApplicationDeviceActivation,
+        rule: :forbid_app_access,
+        args: %{id: :client_id}
+      )
 
       resolve(&Application.authorize_device_application/3)
     end
diff --git a/lib/graphql/schema/config.ex b/lib/graphql/schema/config.ex
index ca8880d07..19c2fbec5 100644
--- a/lib/graphql/schema/config.ex
+++ b/lib/graphql/schema/config.ex
@@ -8,6 +8,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
 
   @desc "A config object"
   object :config do
+    meta(:authorize, :all)
     # Instance name
     field(:name, :string, description: "The instance's name")
     field(:description, :string, description: "The instance's short description")
@@ -87,6 +88,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   The instance's terms configuration
   """
   object :terms do
+    meta(:authorize, :all)
     field(:url, :string, description: "The instance's terms URL.")
     field(:type, :instance_terms_type, description: "The instance's terms type")
     field(:body_html, :string, description: "The instance's terms body text")
@@ -96,6 +98,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   The instance's privacy policy configuration
   """
   object :privacy do
+    meta(:authorize, :all)
     field(:url, :string, description: "The instance's privacy policy URL")
     field(:type, :instance_privacy_type, description: "The instance's privacy policy type")
     field(:body_html, :string, description: "The instance's privacy policy body text")
@@ -105,6 +108,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Geographic coordinates
   """
   object :lonlat do
+    meta(:authorize, :all)
     field(:longitude, :float, description: "The coordinates longitude")
     field(:latitude, :float, description: "The coordinates latitude")
     # field(:accuracy_radius, :integer)
@@ -114,6 +118,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance geocoding configuration
   """
   object :geocoding do
+    meta(:authorize, :all)
+
     field(:autocomplete, :boolean,
       description: "Whether autocomplete in address fields can be enabled"
     )
@@ -125,6 +131,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance maps configuration
   """
   object :maps do
+    meta(:authorize, :all)
     field(:tiles, :tiles, description: "The instance's maps tiles configuration")
     field(:routing, :routing, description: "The instance's maps routing configuration")
   end
@@ -133,6 +140,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance map tiles configuration
   """
   object :tiles do
+    meta(:authorize, :all)
     field(:endpoint, :string, description: "The instance's tiles endpoint")
     field(:attribution, :string, description: "The instance's tiles attribution text")
   end
@@ -141,6 +149,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance map routing configuration
   """
   object :routing do
+    meta(:authorize, :all)
     field(:type, :routing_type, description: "The instance's routing type")
   end
 
@@ -153,6 +162,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous configuration
   """
   object :anonymous do
+    meta(:authorize, :all)
+
     field(:participation, :anonymous_participation,
       description: "The instance's anonymous participation settings"
     )
@@ -172,6 +183,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous participation configuration
   """
   object :anonymous_participation do
+    meta(:authorize, :all)
     field(:allowed, :boolean, description: "Whether anonymous participations are allowed")
 
     field(:validation, :anonymous_participation_validation,
@@ -183,6 +195,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous participation validation configuration
   """
   object :anonymous_participation_validation do
+    meta(:authorize, :all)
+
     field(:email, :anonymous_participation_validation_email,
       description: "The policy to validate anonymous participations by email"
     )
@@ -196,6 +210,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous participation with validation by email configuration
   """
   object :anonymous_participation_validation_email do
+    meta(:authorize, :all)
+
     field(:enabled, :boolean,
       description: "Whether anonymous participation validation by email is enabled"
     )
@@ -209,6 +225,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous participation with validation by captcha configuration
   """
   object :anonymous_participation_validation_captcha do
+    meta(:authorize, :all)
+
     field(:enabled, :boolean,
       description: "Whether anonymous participation validation by captcha is enabled"
     )
@@ -218,6 +236,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous event creation configuration
   """
   object :anonymous_event_creation do
+    meta(:authorize, :all)
     field(:allowed, :boolean, description: "Whether anonymous event creation is enabled")
 
     field(:validation, :anonymous_event_creation_validation,
@@ -229,6 +248,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous event creation validation configuration
   """
   object :anonymous_event_creation_validation do
+    meta(:authorize, :all)
+
     field(:email, :anonymous_event_creation_validation_email,
       description: "The policy to validate anonymous event creations by email"
     )
@@ -242,6 +263,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous event creation email validation configuration
   """
   object :anonymous_event_creation_validation_email do
+    meta(:authorize, :all)
+
     field(:enabled, :boolean,
       description: "Whether anonymous event creation with email validation is enabled"
     )
@@ -255,6 +278,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous event creation captcha validation configuration
   """
   object :anonymous_event_creation_validation_captcha do
+    meta(:authorize, :all)
+
     field(:enabled, :boolean,
       description: "Whether anonymous event creation with validation by captcha is enabled"
     )
@@ -264,6 +289,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Instance anonymous reports
   """
   object :anonymous_reports do
+    meta(:authorize, :all)
     field(:allowed, :boolean, description: "Whether anonymous reports are allowed")
   end
 
@@ -271,6 +297,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   A resource provider details
   """
   object :resource_provider do
+    meta(:authorize, :all)
     field(:type, :string, description: "The resource provider's type")
     field(:endpoint, :string, description: "The resource provider's endpoint")
     field(:software, :string, description: "The resource provider's software")
@@ -280,17 +307,22 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   The instance's features
   """
   object :features do
+    meta(:authorize, :all)
     field(:groups, :boolean, description: "Whether groups are activated on this instance")
 
     field(:event_creation, :boolean,
       description: "Whether event creation is allowed on this instance"
     )
+
+    field(:antispam, :boolean, description: "Whether anti-spam is activated on this instance")
   end
 
   @desc """
   The instance's restrictions
   """
   object :restrictions do
+    meta(:authorize, :all)
+
     field(:only_admin_can_create_groups, :boolean,
       description: "Whether groups creation is allowed only for admin, not for all users"
     )
@@ -304,6 +336,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   The instance's auth configuration
   """
   object :auth do
+    meta(:authorize, :all)
     field(:ldap, :boolean, description: "Whether or not LDAP auth is enabled")
     field(:database_login, :boolean, description: "Whether or not database login is enabled")
     field(:oauth_providers, list_of(:oauth_provider), description: "List of oauth providers")
@@ -313,6 +346,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   An oAuth Provider
   """
   object :oauth_provider do
+    meta(:authorize, :all)
     field(:id, :string, description: "The provider ID")
     field(:label, :string, description: "The label for the auth provider")
   end
@@ -321,21 +355,25 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   An upload limits configuration
   """
   object :upload_limits do
+    meta(:authorize, :all)
     field(:default, :integer, description: "The default limitation, in bytes")
     field(:avatar, :integer, description: "The avatar limitation, in bytes")
     field(:banner, :integer, description: "The banner limitation, in bytes")
   end
 
   object :instance_feeds do
+    meta(:authorize, :all)
     field(:enabled, :boolean, description: "Whether the instance-wide feeds are enabled")
   end
 
   object :web_push do
+    meta(:authorize, :all)
     field(:enabled, :boolean, description: "Whether the WebPush feature is enabled")
     field(:public_key, :string, description: "The server's public WebPush VAPID key")
   end
 
   object :analytics do
+    meta(:authorize, :all)
     field(:id, :string, description: "ID of the analytics service")
     field(:enabled, :boolean, description: "Whether the service is activated or not")
 
@@ -352,16 +390,19 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   end
 
   object :analytics_configuration do
+    meta(:authorize, :all)
     field(:key, :string, description: "The key for the analytics configuration element")
     field(:value, :string, description: "The value for the analytics configuration element")
     field(:type, :analytics_configuration_type, description: "The analytics configuration type")
   end
 
   object :search_settings do
+    meta(:authorize, :all)
     field(:global, :global_search_settings, description: "The instance's global search settings")
   end
 
   object :global_search_settings do
+    meta(:authorize, :all)
     field(:is_enabled, :boolean, description: "Whether global search is enabled")
     field(:is_default, :boolean, description: "Whether global search is the default")
   end
@@ -370,6 +411,8 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Export formats configuration
   """
   object :export_formats do
+    meta(:authorize, :all)
+
     field(:event_participants, list_of(:string),
       description: "The list of formats the event participants can be exported to"
     )
@@ -379,6 +422,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   Event categories list configuration
   """
   object :event_category_option do
+    meta(:authorize, :all)
     field(:id, :string, description: "The ID of the event category")
     field(:label, :string, description: "The translated name of the event category")
   end
@@ -386,6 +430,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
   object :config_queries do
     @desc "Get the instance config"
     field :config, :config do
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Config.get_config/3)
     end
   end
diff --git a/lib/graphql/schema/discussions/comment.ex b/lib/graphql/schema/discussions/comment.ex
index d8384e4ad..9b9728273 100644
--- a/lib/graphql/schema/discussions/comment.ex
+++ b/lib/graphql/schema/discussions/comment.ex
@@ -11,6 +11,7 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
 
   @desc "A comment"
   object :comment do
+    meta(:authorize, :all)
     interfaces([:action_log_object, :activity_object])
     field(:id, :id, description: "Internal ID for this comment")
     field(:uuid, :uuid, description: "An UUID for this comment")
@@ -73,6 +74,7 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
 
   @desc "A paginated list of comments"
   object :paginated_comment_list do
+    meta(:authorize, :all)
     field(:elements, list_of(:comment), description: "A list of comments")
     field(:total, :integer, description: "The total number of comments in the list")
   end
@@ -81,6 +83,7 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
     @desc "Get replies for thread"
     field :thread, type: list_of(:comment) do
       arg(:id, non_null(:id), description: "The comment ID")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Comment.get_thread/3)
     end
   end
@@ -95,6 +98,13 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
 
       arg(:is_announcement, :boolean, description: "Should this comment be announced to everyone?")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Comment,
+        rule: :"write:comment:create",
+        args: %{event_id: :event_id}
+      )
+
       resolve(&Comment.create_comment/3)
     end
 
@@ -106,6 +116,13 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
 
       arg(:is_announcement, :boolean, description: "Should this comment be announced to everyone?")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Comment,
+        rule: :"write:comment:update",
+        args: %{id: :comment_id}
+      )
+
       resolve(&Comment.update_comment/3)
     end
 
@@ -113,6 +130,13 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
     field :delete_comment, type: :comment do
       arg(:comment_id, non_null(:id), description: "The comment ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: [:user, :moderator],
+        scope: Mobilizon.Discussions.Comment,
+        rule: :"write:comment:delete",
+        args: %{id: :comment_id}
+      )
+
       resolve(&Comment.delete_comment/3)
     end
   end
diff --git a/lib/graphql/schema/discussions/discussion.ex b/lib/graphql/schema/discussions/discussion.ex
index 849d6e4c5..b13ae6a9d 100644
--- a/lib/graphql/schema/discussions/discussion.ex
+++ b/lib/graphql/schema/discussions/discussion.ex
@@ -11,6 +11,7 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
 
   @desc "A discussion"
   object :discussion do
+    meta(:authorize, :user)
     interfaces([:activity_object])
     field(:id, :id, description: "Internal ID for this discussion")
     field(:title, :string, description: "The title for this discussion")
@@ -36,6 +37,7 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
 
   @desc "A paginated list of discussions"
   object :paginated_discussion_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:discussion), description: "A list of discussion")
     field(:total, :integer, description: "The total number of discussions in the list")
   end
@@ -45,6 +47,13 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
     field :discussion, type: :discussion do
       arg(:id, :id, description: "The discussion's ID")
       arg(:slug, :string, description: "The discussion's slug")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Discussion,
+        rule: :"read:group:discussions"
+      )
+
       resolve(&Discussion.get_discussion/3)
     end
   end
@@ -56,6 +65,13 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
       arg(:text, non_null(:string), description: "The discussion's first comment body")
       arg(:actor_id, non_null(:id), description: "The discussion's group ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Discussion,
+        rule: :"write:group:discussion:create",
+        args: %{actor_id: :actor_id}
+      )
+
       resolve(&Discussion.create_discussion/3)
     end
 
@@ -63,6 +79,14 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
     field :reply_to_discussion, type: :discussion do
       arg(:discussion_id, non_null(:id), description: "The discussion's ID")
       arg(:text, non_null(:string), description: "The discussion's reply body")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Discussion,
+        rule: :"write:group:discussion:update",
+        args: %{id: :discussion_id}
+      )
+
       resolve(&Discussion.reply_to_discussion/3)
     end
 
@@ -70,6 +94,14 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
     field :update_discussion, type: :discussion do
       arg(:title, non_null(:string), description: "The updated discussion's title")
       arg(:discussion_id, non_null(:id), description: "The discussion's ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Discussion,
+        rule: :"write:group:discussion:update",
+        args: %{id: :discussion_id}
+      )
+
       resolve(&Discussion.update_discussion/3)
     end
 
@@ -77,6 +109,13 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
     field :delete_discussion, type: :discussion do
       arg(:discussion_id, non_null(:id), description: "The discussion's ID")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Discussions.Discussion,
+        rule: :"write:group:discussion:delete",
+        args: %{id: :discussion_id}
+      )
+
       resolve(&Discussion.delete_discussion/3)
     end
   end
diff --git a/lib/graphql/schema/event.ex b/lib/graphql/schema/event.ex
index febfffd9c..efea17154 100644
--- a/lib/graphql/schema/event.ex
+++ b/lib/graphql/schema/event.ex
@@ -17,6 +17,8 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
 
   @desc "An event"
   object :event do
+    meta(:authorize, :all)
+    meta(:scope_field?, true)
     interfaces([:action_log_object, :interactable, :activity_object, :event_search_result])
     field(:id, :id, description: "Internal ID for this event")
     field(:uuid, :uuid, description: "The Event UUID")
@@ -61,10 +63,9 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
       description: "The event's organizer (as a person)"
     )
 
-    field(:tags, list_of(:tag),
-      resolve: &Tag.list_tags_for_event/3,
-      description: "The event's tags"
-    )
+    field(:tags, list_of(:tag), description: "The event's tags") do
+      resolve(&Tag.list_tags_for_event/3)
+    end
 
     field(:category, :event_category, description: "The event's category")
 
@@ -75,7 +76,10 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
       resolve: &Event.stats_participants/3
     )
 
-    field(:participants, :paginated_participant_list, description: "The event's participants") do
+    field(:participants, :paginated_participant_list,
+      description: "The event's participants",
+      meta: [private: true, rule: :"read:event:participants"]
+    ) do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated participants list"
@@ -134,12 +138,14 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
 
   @desc "A paginated list of events"
   object :paginated_event_list do
+    meta(:authorize, :all)
     field(:elements, list_of(:event), description: "A list of events")
     field(:total, :integer, description: "The total number of events in the list")
   end
 
   @desc "Participation statistics"
   object :participant_stats do
+    meta(:authorize, :all)
     field(:going, :integer, description: "The number of approved participants")
     field(:not_approved, :integer, description: "The number of not approved participants")
     field(:not_confirmed, :integer, description: "The number of not confirmed participants")
@@ -158,6 +164,7 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
   An event offer
   """
   object :event_offer do
+    meta(:authorize, :all)
     field(:price, :float, description: "The price amount for this offer")
     field(:price_currency, :string, description: "The currency for this price offer")
     field(:url, :string, description: "The URL to access to this offer")
@@ -167,6 +174,7 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
   An event participation condition
   """
   object :event_participation_condition do
+    meta(:authorize, :all)
     field(:title, :string, description: "The title for this condition")
     field(:content, :string, description: "The content for this condition")
     field(:url, :string, description: "The URL to access this condition")
@@ -201,6 +209,8 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
   Event options
   """
   object :event_options do
+    meta(:authorize, :all)
+
     field(:maximum_attendee_capacity, :integer,
       description: "The maximum attendee capacity for this event"
     )
@@ -307,6 +317,7 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
   end
 
   object :event_metadata do
+    meta(:authorize, :all)
     field(:key, :string, description: "The key for the metadata")
     field(:title, :string, description: "The title for the metadata")
     field(:value, :string, description: "The value for the metadata")
@@ -350,12 +361,15 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
         description: "Direction for the sort"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
+
       resolve(&Event.list_events/3)
     end
 
     @desc "Get an event by uuid"
     field :event, :event do
       arg(:uuid, non_null(:uuid), description: "The event's UUID")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Event.find_event/3)
     end
   end
@@ -416,6 +430,13 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
       arg(:contacts, list_of(:contact), default_value: [], description: "The events contacts")
       arg(:language, :string, description: "The event language", default_value: "und")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Events.Event,
+        rule: :"write:event:create",
+        args: %{organizer_actor_id: :organizer_actor_id}
+      )
+
       resolve(&Event.create_event/3)
     end
 
@@ -460,6 +481,13 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
       arg(:contacts, list_of(:contact), default_value: [], description: "The events contacts")
       arg(:language, :string, description: "The event language", default_value: "und")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Events.Event,
+        args: %{id: :event_id},
+        rule: :"write:event:update"
+      )
+
       resolve(&Event.update_event/3)
     end
 
@@ -467,6 +495,13 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
     field :delete_event, :deleted_object do
       arg(:event_id, non_null(:id), description: "The event ID to delete")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: [:user, :moderator, :administrator],
+        scope: Mobilizon.Events.Event,
+        rule: :"write:event:delete",
+        args: %{id: :event_id}
+      )
+
       resolve(&Event.delete_event/3)
     end
   end
diff --git a/lib/graphql/schema/events/feed_token.ex b/lib/graphql/schema/events/feed_token.ex
index c50880574..e0d4f4201 100644
--- a/lib/graphql/schema/events/feed_token.ex
+++ b/lib/graphql/schema/events/feed_token.ex
@@ -17,6 +17,8 @@ defmodule Mobilizon.GraphQL.Schema.Events.FeedTokenType do
   or an Atom feed for just a profile.
   """
   object :feed_token do
+    meta(:authorize, :user)
+
     field(
       :actor,
       :actor,
@@ -36,6 +38,7 @@ defmodule Mobilizon.GraphQL.Schema.Events.FeedTokenType do
 
   @desc "Represents a deleted feed_token"
   object :deleted_feed_token do
+    meta(:authorize, :user)
     field(:user, :deleted_object, description: "The user that owned the deleted feed token")
     field(:actor, :deleted_object, description: "The actor that owned the deleted feed token")
   end
@@ -45,6 +48,13 @@ defmodule Mobilizon.GraphQL.Schema.Events.FeedTokenType do
     field :create_feed_token, :feed_token do
       arg(:actor_id, :id, description: "The actor ID for the feed token")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Events.FeedToken,
+        rule: :"write:profile:feed_token:create",
+        args: %{}
+      )
+
       resolve(&FeedToken.create_feed_token/3)
     end
 
@@ -52,6 +62,13 @@ defmodule Mobilizon.GraphQL.Schema.Events.FeedTokenType do
     field :delete_feed_token, :deleted_feed_token do
       arg(:token, non_null(:string), description: "The token to delete")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Events.FeedToken,
+        rule: :"write:feed_token:delete",
+        args: %{token: :token}
+      )
+
       resolve(&FeedToken.delete_feed_token/3)
     end
   end
diff --git a/lib/graphql/schema/events/participant.ex b/lib/graphql/schema/events/participant.ex
index d34d1c64a..6e61af84c 100644
--- a/lib/graphql/schema/events/participant.ex
+++ b/lib/graphql/schema/events/participant.ex
@@ -12,6 +12,7 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
 
   @desc "Represents a participant to an event"
   object :participant do
+    meta(:authorize, :all)
     field(:id, :id, description: "The participation ID")
 
     field(
@@ -41,6 +42,8 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
   Metadata about a participant
   """
   object :participant_metadata do
+    meta(:authorize, :all)
+
     field(:cancellation_token, :string,
       description: "The eventual token to leave an event when user is anonymous"
     )
@@ -53,6 +56,7 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
   A paginated list of participants
   """
   object :paginated_participant_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:participant), description: "A list of participants")
     field(:total, :integer, description: "The total number of participants in the list")
   end
@@ -78,6 +82,7 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
 
   @desc "Represents a deleted participant"
   object :deleted_participant do
+    meta(:authorize, :all)
     field(:id, :id, description: "The participant ID")
     field(:event, :deleted_object, description: "The participant's event")
     field(:actor, :deleted_object, description: "The participant's actor")
@@ -92,7 +97,7 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
       arg(:message, :string, description: "The anonymous participant's message")
       arg(:locale, :string, description: "The anonymous participant's locale")
       arg(:timezone, :string, description: "The anonymous participant's timezone")
-
+      middleware(Rajska.QueryAuthorization, permit: :all, rule: :"write:participation")
       resolve(&Participant.actor_join_event/3)
     end
 
@@ -101,7 +106,7 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
       arg(:event_id, non_null(:id), description: "The event ID the participant left")
       arg(:actor_id, non_null(:id), description: "The actor ID for the participant")
       arg(:token, :string, description: "The anonymous participant participation token")
-
+      middleware(Rajska.QueryAuthorization, permit: :all, rule: :"write:participation")
       resolve(&Participant.actor_leave_event/3)
     end
 
@@ -110,12 +115,19 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
       arg(:id, non_null(:id), description: "The participant ID")
       arg(:role, non_null(:participant_role_enum), description: "The participant new role")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Events.Participant,
+        rule: :"write:participation"
+      )
+
       resolve(&Participant.update_participation/3)
     end
 
     @desc "Confirm a participation"
     field :confirm_participation, :participant do
       arg(:confirmation_token, non_null(:string), description: "The participation token")
+      middleware(Rajska.QueryAuthorization, permit: :all, rule: :"write:participation")
       resolve(&Participant.confirm_participation_from_token/3)
     end
 
@@ -131,6 +143,14 @@ defmodule Mobilizon.GraphQL.Schema.Events.ParticipantType do
       )
 
       arg(:format, :export_format_enum, description: "The format in which to return the file")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Events.Event,
+        rule: :"read:event:participants:export",
+        args: %{id: :event_id}
+      )
+
       resolve(&Participant.export_event_participants/3)
     end
   end
diff --git a/lib/graphql/schema/followed_group_activity.ex b/lib/graphql/schema/followed_group_activity.ex
index 7d45136ee..c8d18b645 100644
--- a/lib/graphql/schema/followed_group_activity.ex
+++ b/lib/graphql/schema/followed_group_activity.ex
@@ -6,12 +6,14 @@ defmodule Mobilizon.GraphQL.Schema.FollowedGroupActivityType do
 
   @desc "A paginated list of follow group events"
   object :paginated_followed_group_events do
+    meta(:authorize, :user)
     field(:elements, list_of(:followed_group_event), description: "A list of follow group events")
     field(:total, :integer, description: "The total number of follow group events in the list")
   end
 
   @desc "A follow group event"
   object :followed_group_event do
+    meta(:authorize, :user)
     field(:user, :user)
     field(:profile, :person)
     field(:group, :group)
diff --git a/lib/graphql/schema/media.ex b/lib/graphql/schema/media.ex
index 4674f89fe..72a1f5e4b 100644
--- a/lib/graphql/schema/media.ex
+++ b/lib/graphql/schema/media.ex
@@ -8,6 +8,7 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
 
   @desc "A media"
   object :media do
+    meta(:authorize, :all)
     field(:id, :id, description: "The media's ID")
     field(:alt, :string, description: "The media's alternative text")
     field(:name, :string, description: "The media's name")
@@ -21,6 +22,7 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
   A paginated list of medias
   """
   object :paginated_media_list do
+    meta(:authorize, :all)
     field(:elements, list_of(:media), description: "The list of medias")
     field(:total, :integer, description: "The total number of medias in the list")
   end
@@ -29,6 +31,7 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
   Some metadata associated with a media
   """
   object :media_metadata do
+    meta(:authorize, :all)
     field(:width, :integer, description: "The media width (if a picture)")
     field(:height, :integer, description: "The media width (if a height)")
     field(:blurhash, :string, description: "The media blurhash (if a picture")
@@ -54,6 +57,7 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
     @desc "Get a media"
     field :media, :media do
       arg(:id, non_null(:id), description: "The media ID")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Media.media/3)
     end
   end
@@ -64,6 +68,15 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
       arg(:name, non_null(:string), description: "The media's name")
       arg(:alt, :string, description: "The media's alternative text")
       arg(:file, non_null(:upload), description: "The media file")
+      arg(:actor_id, :id, description: "The actor that uploads the media")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Medias.Media,
+        rule: :"write:media:upload",
+        args: %{}
+      )
+
       resolve(&Media.upload_media/3)
     end
 
@@ -72,6 +85,13 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
     """
     field :remove_media, :deleted_object do
       arg(:id, non_null(:id), description: "The media's ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Medias.Media,
+        rule: :"write:media:remove"
+      )
+
       resolve(&Media.remove_media/3)
     end
   end
diff --git a/lib/graphql/schema/post.ex b/lib/graphql/schema/post.ex
index a354843b6..a41dc7347 100644
--- a/lib/graphql/schema/post.ex
+++ b/lib/graphql/schema/post.ex
@@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Schema.PostType do
 
   @desc "A post"
   object :post do
+    meta(:authorize, :all)
     interfaces([:activity_object])
     field(:id, :id, description: "The post's ID")
     field(:title, :string, description: "The post's title")
@@ -22,21 +23,20 @@ defmodule Mobilizon.GraphQL.Schema.PostType do
     field(:updated_at, :datetime, description: "The post's last update date")
     field(:language, :string, description: "The post language")
 
-    field(:tags, list_of(:tag),
-      resolve: &Tag.list_tags_for_post/3,
-      description: "The post's tags"
-    )
+    field(:tags, list_of(:tag), description: "The post's tags") do
+      resolve(&Tag.list_tags_for_post/3)
+    end
 
-    field(:picture, :media,
-      description: "The posts's media",
-      resolve: &Media.media/3
-    )
+    field(:picture, :media, description: "The posts's media") do
+      resolve(&Media.media/3)
+    end
   end
 
   @desc """
   A paginated list of posts
   """
   object :paginated_post_list do
+    meta(:authorize, :all)
     field(:elements, list_of(:post), description: "A list of posts")
     field(:total, :integer, description: "The total number of posts in the list")
   end
@@ -56,6 +56,7 @@ defmodule Mobilizon.GraphQL.Schema.PostType do
     @desc "Get a post"
     field :post, :post do
       arg(:slug, non_null(:string), description: "The post's slug")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Post.get_post/3)
     end
   end
@@ -84,6 +85,13 @@ defmodule Mobilizon.GraphQL.Schema.PostType do
           "The banner for the post, either as an object or directly the ID of an existing media"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Posts.Post,
+        rule: :"write:group:post:create",
+        args: %{}
+      )
+
       resolve(&Post.create_post/3)
     end
 
@@ -108,12 +116,25 @@ defmodule Mobilizon.GraphQL.Schema.PostType do
           "The banner for the post, either as an object or directly the ID of an existing media"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Posts.Post,
+        rule: :"write:group:post:update"
+      )
+
       resolve(&Post.update_post/3)
     end
 
     @desc "Delete a post"
     field :delete_post, :deleted_object do
       arg(:id, non_null(:id), description: "The post's ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Posts.Post,
+        rule: :"write:group:post:delete"
+      )
+
       resolve(&Post.delete_post/3)
     end
   end
diff --git a/lib/graphql/schema/report.ex b/lib/graphql/schema/report.ex
index f3f5a73b8..43451776e 100644
--- a/lib/graphql/schema/report.ex
+++ b/lib/graphql/schema/report.ex
@@ -11,11 +11,12 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
 
   @desc "A report object"
   object :report do
+    meta(:authorize, :all)
     interfaces([:action_log_object])
     field(:id, :id, description: "The internal ID of the report")
     field(:content, :string, description: "The comment the reporter added about this report")
     field(:status, :report_status, description: "Whether the report is still active")
-    field(:uri, :string, description: "The URI of the report")
+    field(:uri, :string, description: "The URI of the report", meta: [private: true])
     field(:reported, :actor, description: "The actor that is being reported")
     field(:reporter, :actor, description: "The actor that created the report")
     field(:event, :event, description: "The event that is being reported")
@@ -23,6 +24,7 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
 
     field(:notes, list_of(:report_note),
       description: "The notes made on the event",
+      meta: [private: true],
       resolve: dataloader(Reports)
     )
 
@@ -31,12 +33,14 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
   end
 
   object :paginated_report_list do
+    meta(:authorize, :moderator)
     field(:elements, list_of(:report), description: "A list of reports")
     field(:total, :integer, description: "The total number of reports in the list")
   end
 
   @desc "A report note object"
   object :report_note do
+    meta(:authorize, :moderator)
     interfaces([:action_log_object])
     field(:id, :id, description: "The internal ID of the report note")
     field(:content, :string, description: "The content of the note")
@@ -73,12 +77,20 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
       arg(:limit, :integer, default_value: 10, description: "The limit of reports per page")
       arg(:status, :report_status, default_value: :open, description: "Filter reports by status")
       arg(:domain, :string, default_value: nil, description: "Filter reports by domain name")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :moderator,
+        scope: Mobilizon.Reports.Report,
+        args: %{}
+      )
+
       resolve(&Report.list_reports/3)
     end
 
     @desc "Get a report by id"
     field :report, :report do
       arg(:id, non_null(:id), description: "The report ID")
+      middleware(Rajska.QueryAuthorization, permit: :moderator, scope: Mobilizon.Reports.Report)
       resolve(&Report.get_report/3)
     end
   end
@@ -101,6 +113,8 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
           "Whether to forward the report to the original instance if the content is remote"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
+
       resolve(&Report.create_report/3)
     end
 
@@ -113,6 +127,12 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
         description: "The feedback to send to the anti-spam system"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :moderator,
+        scope: Mobilizon.Reports.Report,
+        args: %{id: :report_id}
+      )
+
       resolve(&Report.update_report/3)
     end
 
@@ -120,12 +140,26 @@ defmodule Mobilizon.GraphQL.Schema.ReportType do
     field :create_report_note, type: :report_note do
       arg(:content, :string, description: "The note's content")
       arg(:report_id, non_null(:id), description: "The report's ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :moderator,
+        scope: Mobilizon.Reports.Report,
+        args: %{id: :report_id}
+      )
+
       resolve(&Report.create_report_note/3)
     end
 
     @desc "Delete a note on a report"
     field :delete_report_note, type: :deleted_object do
       arg(:note_id, non_null(:id), description: "The note's ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :moderator,
+        scope: Mobilizon.Reports.Note,
+        args: %{id: :note_id}
+      )
+
       resolve(&Report.delete_report_note/3)
     end
   end
diff --git a/lib/graphql/schema/resource.ex b/lib/graphql/schema/resource.ex
index 0ff955a11..8e48927ee 100644
--- a/lib/graphql/schema/resource.ex
+++ b/lib/graphql/schema/resource.ex
@@ -9,6 +9,7 @@ defmodule Mobilizon.GraphQL.Schema.ResourceType do
 
   @desc "A resource"
   object :resource do
+    meta(:authorize, :user)
     interfaces([:activity_object])
     field(:id, :id, description: "The resource's ID")
     field(:title, :string, description: "The resource's title")
@@ -44,6 +45,7 @@ defmodule Mobilizon.GraphQL.Schema.ResourceType do
   A paginated list of resources
   """
   object :paginated_resource_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:resource), description: "A list of resources")
     field(:total, :integer, description: "The total number of resources in the list")
   end
@@ -52,6 +54,7 @@ defmodule Mobilizon.GraphQL.Schema.ResourceType do
   The metadata associated to the resource
   """
   object :resource_metadata do
+    meta(:authorize, :user)
     field(:type, :string, description: "The type of the resource")
     field(:title, :string, description: "The resource's metadata title")
     field(:description, :string, description: "The resource's metadata description")
@@ -84,6 +87,13 @@ defmodule Mobilizon.GraphQL.Schema.ResourceType do
         description: "The federated username for the group resource"
       )
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Resources.Resource,
+        rule: :"read:group:resources",
+        args: %{path: :path}
+      )
+
       resolve(&Resource.get_resource/3)
     end
   end
@@ -101,6 +111,13 @@ defmodule Mobilizon.GraphQL.Schema.ResourceType do
       arg(:resource_url, :string, description: "This resource's own original URL")
       arg(:type, :string, default_value: "link", description: "The type for this resource")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Resources.Resource,
+        rule: :"write:group:resources:create",
+        args: %{actor_id: :actor_id}
+      )
+
       resolve(&Resource.create_resource/3)
     end
 
@@ -112,18 +129,39 @@ defmodule Mobilizon.GraphQL.Schema.ResourceType do
       arg(:parent_id, :id, description: "The new resource parent ID (if the resource is moved)")
       arg(:resource_url, :string, description: "The new resource URL")
 
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Resources.Resource,
+        rule: :"write:group:resources:update"
+      )
+
       resolve(&Resource.update_resource/3)
     end
 
     @desc "Delete a resource"
     field :delete_resource, :deleted_object do
       arg(:id, non_null(:id), description: "The resource ID")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Resources.Resource,
+        rule: :"write:group:resources:delete"
+      )
+
       resolve(&Resource.delete_resource/3)
     end
 
     @desc "Get a preview for a resource link"
     field :preview_resource_link, :resource_metadata do
       arg(:resource_url, non_null(:string), description: "The link to crawl to get of preview of")
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: Mobilizon.Resources.Resource,
+        rule: :"read:group:resources",
+        args: %{}
+      )
+
       resolve(&Resource.preview_resource_link/3)
     end
   end
diff --git a/lib/graphql/schema/search.ex b/lib/graphql/schema/search.ex
index 2cc36e509..57d355ac4 100644
--- a/lib/graphql/schema/search.ex
+++ b/lib/graphql/schema/search.ex
@@ -10,6 +10,7 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
   alias Mobilizon.Service.GlobalSearch.{EventResult, GroupResult}
 
   interface :event_search_result do
+    meta(:authorize, :all)
     field(:id, :id, description: "Internal ID for this event")
     field(:uuid, :uuid, description: "The Event UUID")
     field(:url, :string, description: "The ActivityPub Event URL")
@@ -43,6 +44,7 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
 
   @desc "Search event result"
   object :event_result do
+    meta(:authorize, :all)
     interfaces([:event_search_result])
     field(:id, :id, description: "Internal ID for this event")
     field(:uuid, :uuid, description: "The Event UUID")
@@ -65,6 +67,7 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
   end
 
   interface :group_search_result do
+    meta(:authorize, :all)
     field(:id, :id, description: "Internal ID for this group")
     field(:url, :string, description: "The ActivityPub actor's URL")
     field(:type, :actor_type, description: "The type of Actor (Person, Group,…)")
@@ -92,6 +95,7 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
 
   @desc "Search group result"
   object :group_result do
+    meta(:authorize, :all)
     interfaces([:group_search_result])
     field(:id, :id, description: "Internal ID for this group")
     field(:url, :string, description: "The ActivityPub actor's URL")
@@ -109,18 +113,21 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
 
   @desc "Search persons result"
   object :persons do
+    meta(:authorize, [:administrator, :moderator])
     field(:total, non_null(:integer), description: "Total elements")
     field(:elements, non_null(list_of(:person)), description: "Person elements")
   end
 
   @desc "Search groups result"
   object :groups do
+    meta(:authorize, :all)
     field(:total, non_null(:integer), description: "Total elements")
     field(:elements, non_null(list_of(:group_search_result)), description: "Group elements")
   end
 
   @desc "Search events result"
   object :events do
+    meta(:authorize, :all)
     field(:total, non_null(:integer), description: "Total elements")
     field(:elements, non_null(list_of(:event_search_result)), description: "Event elements")
   end
@@ -179,7 +186,7 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
       arg(:term, :string, default_value: "", description: "Search term")
       arg(:page, :integer, default_value: 1, description: "Result page")
       arg(:limit, :integer, default_value: 10, description: "Results limit per page")
-
+      middleware(Rajska.QueryAuthorization, permit: [:administrator, :moderator], scope: false)
       resolve(&Search.search_persons/3)
     end
 
@@ -225,6 +232,7 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
         description: "How to sort search results"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Search.search_groups/3)
     end
 
@@ -275,13 +283,14 @@ defmodule Mobilizon.GraphQL.Schema.SearchType do
         description: "How to sort search results"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Search.search_events/3)
     end
 
     @desc "Interact with an URI"
     field :interact, :interactable do
       arg(:uri, non_null(:string), description: "The URI for to interact with")
-
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Search.interact/3)
     end
   end
diff --git a/lib/graphql/schema/statistics.ex b/lib/graphql/schema/statistics.ex
index d6ab57417..630dfffda 100644
--- a/lib/graphql/schema/statistics.ex
+++ b/lib/graphql/schema/statistics.ex
@@ -8,6 +8,7 @@ defmodule Mobilizon.GraphQL.Schema.StatisticsType do
 
   @desc "A statistics object"
   object :statistics do
+    meta(:authorize, :all)
     # Instance name
     field(:number_of_users, :integer, description: "The number of local users")
     field(:number_of_events, :integer, description: "The total number of events")
@@ -27,6 +28,7 @@ defmodule Mobilizon.GraphQL.Schema.StatisticsType do
   end
 
   object :category_statistics do
+    meta(:authorize, :all)
     field(:key, :string, description: "The key for the category")
     field(:number, :integer, description: "The number of events for the given category")
   end
@@ -34,11 +36,13 @@ defmodule Mobilizon.GraphQL.Schema.StatisticsType do
   object :statistics_queries do
     @desc "Get the instance statistics"
     field :statistics, :statistics do
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Statistics.get_statistics/3)
     end
 
     @desc "Get the instance's category statistics"
     field :category_statistics, list_of(:category_statistics) do
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&Statistics.get_category_statistics/3)
     end
   end
diff --git a/lib/graphql/schema/tag.ex b/lib/graphql/schema/tag.ex
index d995c8cff..c1ba52a24 100644
--- a/lib/graphql/schema/tag.ex
+++ b/lib/graphql/schema/tag.ex
@@ -8,6 +8,7 @@ defmodule Mobilizon.GraphQL.Schema.TagType do
 
   @desc "A tag"
   object :tag do
+    meta(:authorize, :all)
     field(:id, :id, description: "The tag's ID")
     field(:slug, :string, description: "The tags's slug")
     field(:title, :string, description: "The tag's title")
@@ -26,6 +27,7 @@ defmodule Mobilizon.GraphQL.Schema.TagType do
       arg(:filter, :string, description: "The filter to apply to the search")
       arg(:page, :integer, default_value: 1, description: "The page in the paginated tags list")
       arg(:limit, :integer, default_value: 10, description: "The limit of tags per page")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Tag.list_tags/3)
     end
   end
diff --git a/lib/graphql/schema/todos/todo.ex b/lib/graphql/schema/todos/todo.ex
index 1efe3c052..535e8ccf3 100644
--- a/lib/graphql/schema/todos/todo.ex
+++ b/lib/graphql/schema/todos/todo.ex
@@ -9,6 +9,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoType do
 
   @desc "A todo"
   object :todo do
+    meta(:authorize, :user)
     field(:id, :id, description: "The todo's ID")
     field(:title, :string, description: "The todo's title")
     field(:status, :boolean, description: "The todo's status")
@@ -30,6 +31,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoType do
   A paginated list of todos
   """
   object :paginated_todo_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:todo), description: "A list of todos")
     field(:total, :integer, description: "The total number of todos in the list")
   end
@@ -38,6 +40,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoType do
     @desc "Get a todo"
     field :todo, :todo do
       arg(:id, non_null(:id), description: "The todo ID")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&TodoResolver.get_todo/3)
     end
   end
@@ -50,6 +53,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoType do
       arg(:status, :boolean, description: "The todo status")
       arg(:due_date, :datetime, description: "The todo due date")
       arg(:assigned_to_id, :id, description: "The actor this todo is assigned to")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
 
       resolve(&TodoResolver.create_todo/3)
     end
@@ -62,7 +66,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoType do
       arg(:status, :boolean, description: "The new todo status")
       arg(:due_date, :datetime, description: "The new todo due date")
       arg(:assigned_to_id, :id, description: "The new id of the actor this todo is assigned to")
-
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&TodoResolver.update_todo/3)
     end
 
diff --git a/lib/graphql/schema/todos/todo_list.ex b/lib/graphql/schema/todos/todo_list.ex
index d1b299b8b..c34f09145 100644
--- a/lib/graphql/schema/todos/todo_list.ex
+++ b/lib/graphql/schema/todos/todo_list.ex
@@ -9,6 +9,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoListType do
 
   @desc "A todo list"
   object :todo_list do
+    meta(:authorize, :user)
     field(:id, :id, description: "The todo list's ID")
     field(:title, :string, description: "The todo list's title")
 
@@ -37,6 +38,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoListType do
   A paginated list of todo-lists
   """
   object :paginated_todo_list_list do
+    meta(:authorize, :user)
     field(:elements, list_of(:todo_list), description: "A list of todo lists")
     field(:total, :integer, description: "The total number of todo lists in the list")
   end
@@ -45,6 +47,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoListType do
     @desc "Get a todo list"
     field :todo_list, :todo_list do
       arg(:id, non_null(:id), description: "The todo-list ID")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Todos.get_todo_list/3)
     end
   end
@@ -54,6 +57,7 @@ defmodule Mobilizon.GraphQL.Schema.Todos.TodoListType do
     field :create_todo_list, :todo_list do
       arg(:title, non_null(:string), description: "The todo list title")
       arg(:group_id, non_null(:id), description: "The group ID")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&Todos.create_todo_list/3)
     end
   end
diff --git a/lib/graphql/schema/user.ex b/lib/graphql/schema/user.ex
index f49301442..47f927dac 100644
--- a/lib/graphql/schema/user.ex
+++ b/lib/graphql/schema/user.ex
@@ -15,6 +15,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
   @desc "A local user of Mobilizon"
   object :user do
+    meta(:authorize, :all)
+    meta(:scope_field?, true)
     interfaces([:action_log_object])
     field(:id, :id, description: "The user's ID")
     field(:email, non_null(:string), description: "The user's email")
@@ -63,7 +65,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field(:disabled, :boolean, description: "Whether the user is disabled")
 
     field(:participations, :paginated_participant_list,
-      description: "The list of participations this user has"
+      description: "The list of participations this user has",
+      meta: [private: true]
     ) do
       arg(:after_datetime, :datetime, description: "Filter participations by event start datetime")
 
@@ -83,7 +86,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     end
 
     field(:memberships, :paginated_member_list,
-      description: "The list of memberships for this user"
+      description: "The list of memberships for this user",
+      meta: [private: true]
     ) do
       arg(:name, :string, description: "A name to filter members by")
 
@@ -97,7 +101,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     end
 
     field(:drafts, :paginated_event_list,
-      description: "The list of draft events this user has created"
+      description: "The list of draft events this user has created",
+      meta: [private: true]
     ) do
       arg(:page, :integer,
         default_value: 1,
@@ -109,7 +114,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     end
 
     field(:followed_group_events, :paginated_followed_group_events,
-      description: "The suggested events from the groups this user follows"
+      description: "The suggested events from the groups this user follows",
+      meta: [private: true]
     ) do
       arg(:page, :integer,
         default_value: 1,
@@ -128,7 +134,10 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       resolve(&User.user_followed_group_events/3)
     end
 
-    field(:settings, :user_settings, description: "The list of settings for this user") do
+    field(:settings, :user_settings,
+      description: "The list of settings for this user",
+      meta: [private: true]
+    ) do
       resolve(&User.user_settings/3)
     end
 
@@ -142,7 +151,10 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       description: "The IP adress the user's currently signed-in with"
     )
 
-    field(:media, :paginated_media_list, description: "The user's media objects") do
+    field(:media, :paginated_media_list,
+      description: "The user's media objects",
+      meta: [private: true]
+    ) do
       arg(:page, :integer,
         default_value: 1,
         description: "The page in the paginated user media list"
@@ -158,14 +170,18 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     )
 
     field(:activity_settings, list_of(:activity_setting),
-      resolve: &ActivitySettings.user_activity_settings/3,
-      description: "The user's activity settings"
-    )
+      description: "The user's activity settings",
+      meta: [private: true]
+    ) do
+      resolve(&ActivitySettings.user_activity_settings/3)
+    end
 
     field(:auth_authorized_applications, list_of(:auth_application_token),
-      resolve: &Application.get_user_applications/3,
-      description: "The user's authorized authentication apps"
-    )
+      description: "The user's authorized authentication apps",
+      meta: [private: true, rule: :forbid_app_access]
+    ) do
+      resolve(&Application.get_user_applications/3)
+    end
   end
 
   @desc "The list of roles an user can have"
@@ -177,12 +193,14 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
   @desc "Token"
   object :refreshed_token do
+    meta(:authorize, :all)
     field(:access_token, non_null(:string), description: "Generated access token")
     field(:refresh_token, non_null(:string), description: "Generated refreshed token")
   end
 
   @desc "Users list"
   object :users do
+    meta(:authorize, [:administrator, :moderator])
     field(:total, non_null(:integer), description: "Total elements")
     field(:elements, non_null(list_of(:user)), description: "User elements")
   end
@@ -196,6 +214,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
   A set of user settings
   """
   object :user_settings do
+    meta(:authorize, :user)
     field(:timezone, :string, description: "The timezone for this user")
 
     field(:notification_on_day, :boolean,
@@ -254,6 +273,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
   end
 
   object :location do
+    meta(:authorize, :user)
     field(:range, :integer, description: "The range in kilometers the user wants to see events")
 
     field(:geohash, :string, description: "A geohash representing the user's preferred location")
@@ -276,11 +296,13 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     @desc "Get an user"
     field :user, :user do
       arg(:id, non_null(:id))
+      middleware(Rajska.QueryAuthorization, permit: [:administrator, :moderator], scope: false)
       resolve(&User.find_user/3)
     end
 
     @desc "Get the current user"
     field :logged_user, :user do
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.get_current_user/3)
     end
 
@@ -297,7 +319,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
       arg(:sort, :sortable_user_field, default_value: :id, description: "Sort column")
       arg(:direction, :sort_direction, default_value: :desc, description: "Sort direction")
-
+      middleware(Rajska.QueryAuthorization, permit: [:administrator, :moderator], scope: false)
       resolve(&User.list_users/3)
     end
   end
@@ -308,7 +330,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       arg(:email, non_null(:string), description: "The new user's email")
       arg(:password, non_null(:string), description: "The new user's password")
       arg(:locale, :string, description: "The new user's locale")
-
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.create_user/3)
     end
 
@@ -318,6 +340,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
         description: "The token that will be used to validate the user"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.validate_user/3)
     end
 
@@ -325,6 +348,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field :resend_confirmation_email, type: :string do
       arg(:email, non_null(:string), description: "The email used to register")
       arg(:locale, :string, description: "The user's locale")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.resend_confirmation_email/3)
     end
 
@@ -332,6 +356,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field :send_reset_password, type: :string do
       arg(:email, non_null(:string), description: "The user's email")
       arg(:locale, :string, description: "The user's locale")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.send_reset_password/3)
     end
 
@@ -343,6 +368,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
       arg(:password, non_null(:string), description: "The new password")
       arg(:locale, :string, default_value: "en", description: "The user's locale")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.reset_password/3)
     end
 
@@ -350,24 +376,28 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field :login, type: :login do
       arg(:email, non_null(:string), description: "The user's email")
       arg(:password, non_null(:string), description: "The user's password")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.login_user/3)
     end
 
     @desc "Refresh a token"
     field :refresh_token, type: :refreshed_token do
       arg(:refresh_token, non_null(:string), description: "A refresh token")
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.refresh_token/3)
     end
 
     @desc "Logout an user, deleting a refresh token"
     field :logout, :string do
       arg(:refresh_token, non_null(:string))
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.logout/3)
     end
 
     @desc "Change default actor for user"
     field :change_default_actor, :user do
       arg(:preferred_username, non_null(:string), description: "The actor preferred_username")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.change_default_actor/3)
     end
 
@@ -375,6 +405,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field :change_password, :user do
       arg(:old_password, non_null(:string), description: "The user's current password")
       arg(:new_password, non_null(:string), description: "The user's new password")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.change_password/3)
     end
 
@@ -382,6 +413,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field :change_email, :user do
       arg(:email, non_null(:string), description: "The user's new email")
       arg(:password, non_null(:string), description: "The user's current password")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.change_email/3)
     end
 
@@ -391,6 +423,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
         description: "The token that will be used to validate the email change"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :all)
       resolve(&User.validate_email/3)
     end
 
@@ -398,6 +431,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
     field :delete_account, :deleted_object do
       arg(:password, :string, description: "The user's password")
       arg(:user_id, :id, description: "The user's ID")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.delete_account/3)
     end
 
@@ -435,12 +469,14 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
         description: "A geohash of the user's preferred location, where they want to see events"
       )
 
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.set_user_setting/3)
     end
 
     @desc "Update the user's locale"
     field :update_locale, :user do
       arg(:locale, :string, description: "The user's new locale")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
       resolve(&User.update_locale/3)
     end
   end
diff --git a/lib/graphql/schema/users/activity_setting.ex b/lib/graphql/schema/users/activity_setting.ex
index 497b7b19b..4331fa1a1 100644
--- a/lib/graphql/schema/users/activity_setting.ex
+++ b/lib/graphql/schema/users/activity_setting.ex
@@ -6,6 +6,7 @@ defmodule Mobilizon.GraphQL.Schema.Users.ActivitySetting do
   alias Mobilizon.GraphQL.Resolvers.Users.ActivitySettings
 
   object :activity_setting do
+    meta(:authorize, :user)
     field(:key, :string)
     field(:method, :string)
     field(:enabled, :boolean)
@@ -17,6 +18,13 @@ defmodule Mobilizon.GraphQL.Schema.Users.ActivitySetting do
       arg(:key, non_null(:string))
       arg(:method, non_null(:string))
       arg(:enabled, non_null(:boolean))
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: false,
+        rule: :"write:user:setting:activity"
+      )
+
       resolve(&ActivitySettings.upsert_user_activity_setting/3)
     end
   end
diff --git a/lib/graphql/schema/users/push_subscription.ex b/lib/graphql/schema/users/push_subscription.ex
index 9bf4c54a2..9565199de 100644
--- a/lib/graphql/schema/users/push_subscription.ex
+++ b/lib/graphql/schema/users/push_subscription.ex
@@ -26,11 +26,25 @@ defmodule Mobilizon.GraphQL.Schema.Users.PushSubscription do
       arg(:endpoint, non_null(:string))
       arg(:auth, non_null(:string))
       arg(:p256dh, non_null(:string))
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: false,
+        rule: :"write:user:setting:push"
+      )
+
       resolve(&PushSubscription.register_push_subscription/3)
     end
 
     field :unregister_push, :string do
       arg(:endpoint, non_null(:string))
+
+      middleware(Rajska.QueryAuthorization,
+        permit: :user,
+        scope: false,
+        rule: :"write:user:setting:push"
+      )
+
       resolve(&PushSubscription.unregister_push_subscription/3)
     end
   end
diff --git a/lib/mobilizon/applications.ex b/lib/mobilizon/applications.ex
index 60425097c..6080ffe34 100644
--- a/lib/mobilizon/applications.ex
+++ b/lib/mobilizon/applications.ex
@@ -12,6 +12,7 @@ defmodule Mobilizon.Applications do
   defenum(ApplicationDeviceActivationStatus, [
     "success",
     "pending",
+    "confirmed",
     "incorrect_device_code",
     "access_denied"
   ])
@@ -144,12 +145,15 @@ defmodule Mobilizon.Applications do
 
   """
   def list_application_tokens do
-    Repo.all(ApplicationToken)
+    ApplicationToken
+    |> Repo.all()
+    |> Repo.preload(:application)
   end
 
   @doc """
   Returns the list of application tokens for a given user_id
   """
+  @spec list_application_tokens_for_user_id(number() | String.t()) :: list(ApplicationToken.t())
   def list_application_tokens_for_user_id(user_id) do
     ApplicationToken
     |> where(user_id: ^user_id)
@@ -172,7 +176,11 @@ defmodule Mobilizon.Applications do
       ** (Ecto.NoResultsError)
 
   """
-  def get_application_token!(id), do: Repo.get!(ApplicationToken, id)
+  def get_application_token!(id) do
+    ApplicationToken
+    |> Repo.get!(id)
+    |> Repo.preload([:application])
+  end
 
   @doc """
   Gets a single application_token.
@@ -211,6 +219,13 @@ defmodule Mobilizon.Applications do
     %ApplicationToken{}
     |> ApplicationToken.changeset(attrs)
     |> Repo.insert(on_conflict: :replace_all, conflict_target: [:user_id, :application_id])
+    |> case do
+      {:ok, application_token} ->
+        {:ok, Repo.preload(application_token, :application)}
+
+      error ->
+        error
+    end
   end
 
   @doc """
@@ -303,10 +318,14 @@ defmodule Mobilizon.Applications do
 
   def get_application_device_activation(id), do: Repo.get(ApplicationDeviceActivation, id)
 
-  def get_application_device_activation_by_user_code(user_code),
-    do: Repo.get_by(ApplicationDeviceActivation, user_code: user_code)
+  def get_application_device_activation_by_user_code(user_code) do
+    ApplicationDeviceActivation
+    |> where([ada], ada.user_code == ^user_code)
+    |> preload(:application)
+    |> Repo.one()
+  end
 
-  def get_application_device_activation(client_id, device_code) do
+  def get_application_device_activation_by_device_code(client_id, device_code) do
     ApplicationDeviceActivation
     |> join(:left, [ada], a in assoc(ada, :application))
     |> where([_, a], a.client_id == ^client_id)
diff --git a/lib/mobilizon/applications/application.ex b/lib/mobilizon/applications/application.ex
index df155125d..47f35d217 100644
--- a/lib/mobilizon/applications/application.ex
+++ b/lib/mobilizon/applications/application.ex
@@ -6,16 +6,16 @@ defmodule Mobilizon.Applications.Application do
   use Ecto.Schema
   import Ecto.Changeset
 
-  @required_attrs [:name, :client_id, :client_secret, :redirect_uris]
-  @optional_attrs [:scopes, :website, :owner_type, :owner_id]
+  @required_attrs [:name, :client_id, :client_secret, :redirect_uris, :scope]
+  @optional_attrs [:website, :owner_type, :owner_id]
   @attrs @required_attrs ++ @optional_attrs
 
   schema "applications" do
     field(:name, :string)
     field(:client_id, :string)
     field(:client_secret, :string)
-    field(:redirect_uris, :string)
-    field(:scopes, :string)
+    field(:redirect_uris, {:array, :string})
+    field(:scope, :string)
     field(:website, :string)
     field(:owner_type, :string)
     field(:owner_id, :integer)
diff --git a/lib/mobilizon/applications/application_device_activation.ex b/lib/mobilizon/applications/application_device_activation.ex
index 27f0de0ae..1628bf170 100644
--- a/lib/mobilizon/applications/application_device_activation.ex
+++ b/lib/mobilizon/applications/application_device_activation.ex
@@ -19,7 +19,7 @@ defmodule Mobilizon.Applications.ApplicationDeviceActivation do
     timestamps()
   end
 
-  @required_attrs [:user_code, :device_code, :expires_in, :application_id]
+  @required_attrs [:user_code, :device_code, :expires_in, :application_id, :scope]
   @optional_attrs [:status, :user_id]
   @attrs @required_attrs ++ @optional_attrs
 
diff --git a/lib/mobilizon/applications/application_token.ex b/lib/mobilizon/applications/application_token.ex
index bcf3575c3..8243b49e3 100644
--- a/lib/mobilizon/applications/application_token.ex
+++ b/lib/mobilizon/applications/application_token.ex
@@ -11,7 +11,7 @@ defmodule Mobilizon.Applications.ApplicationToken do
     belongs_to(:user, User)
     belongs_to(:application, Application)
     field(:authorization_code, :string)
-    field(:status, ApplicationTokenStatus)
+    field(:status, ApplicationTokenStatus, default: :pending)
     field(:scope, :string)
 
     timestamps()
diff --git a/lib/service/auth/applications.ex b/lib/service/auth/applications.ex
index c77538f19..95f4d4393 100644
--- a/lib/service/auth/applications.ex
+++ b/lib/service/auth/applications.ex
@@ -4,9 +4,12 @@ defmodule Mobilizon.Service.Auth.Applications do
   """
   alias Mobilizon.Applications
   alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
+  alias Mobilizon.GraphQL.Authorization.AppScope
   alias Mobilizon.Service.Auth.Authenticator
   alias Mobilizon.Users.User
+  alias Mobilizon.Web.Auth.Guardian
   alias Mobilizon.Web.Router.Helpers, as: Routes
+  require Logger
 
   @app_access_tokens_ttl {8, :hour}
   @app_refresh_tokens_ttl {26, :week}
@@ -20,37 +23,43 @@ defmodule Mobilizon.Service.Auth.Applications do
           required(:token_type) => String.t()
         }
 
-  def create(name, redirect_uris, scopes, website) do
-    client_id = :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42)
-    client_secret = :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42)
+  @spec create(String.t(), list(String.t()), String.t(), String.t() | nil) ::
+          {:ok, Application.t()} | {:error, Ecto.Changeset.t()} | {:error, :invalid_scope}
+  def create(name, redirect_uris, scope, website \\ nil) do
+    if AppScope.scopes_valid?(scope) do
+      client_id = :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42)
+      client_secret = :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42)
 
-    Applications.create_application(%{
-      name: name,
-      redirect_uris: redirect_uris,
-      scopes: scopes,
-      website: website,
-      client_id: client_id,
-      client_secret: client_secret
-    })
+      Applications.create_application(%{
+        name: name,
+        redirect_uris: redirect_uris,
+        scope: scope,
+        website: website,
+        client_id: client_id,
+        client_secret: client_secret
+      })
+    else
+      {:error, :invalid_scope}
+    end
   end
 
   @spec autorize(String.t(), String.t(), String.t(), integer()) ::
-          {:ok, String.t()}
+          {:ok, ApplicationToken.t()}
           | {:error, :application_not_found}
           | {:error, :redirect_uri_not_in_allowed}
-  def autorize(client_id, redirect_uri, _scope, user_id) do
+          | {:error, Ecto.Changeset.t()}
+  def autorize(client_id, redirect_uri, scope, user_id) do
     with %Application{redirect_uris: redirect_uris, id: app_id} <-
            Applications.get_application_by_client_id(client_id),
          {:redirect_uri, true} <-
-           {:redirect_uri, redirect_uri in String.split(redirect_uris, "\n")},
-         code <- :crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16),
-         {:ok, %ApplicationToken{}} <-
-           Applications.create_application_token(%{
-             user_id: user_id,
-             application_id: app_id,
-             authorization_code: code
-           }) do
-      {:ok, code}
+           {:redirect_uri, redirect_uri in redirect_uris},
+         code <- :crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16) do
+      Applications.create_application_token(%{
+        user_id: user_id,
+        application_id: app_id,
+        authorization_code: code,
+        scope: scope
+      })
     else
       nil ->
         {:error, :application_not_found}
@@ -60,35 +69,62 @@ defmodule Mobilizon.Service.Auth.Applications do
     end
   end
 
+  @spec autorize_device_application(String.t(), String.t()) ::
+          {:ok, ApplicationDeviceActivation.t()}
+          | {:error, Ecto.Changeset.t()}
+          | {:error, :expired}
+          | {:error, :access_denied}
+          | {:error, :not_found}
   def autorize_device_application(client_id, user_code) do
-    case Applications.get_application_device_activation(client_id, user_code) do
-      %ApplicationDeviceActivation{status: :confirmed} = app_device_activation ->
-        Applications.update_application_device_activation(app_device_activation, %{
-          status: :success
-        })
+    Logger.debug(
+      "Authorizing device application client_id: #{client_id}, user_code: #{user_code}"
+    )
+
+    case Applications.get_application_device_activation_by_user_code(user_code) do
+      %ApplicationDeviceActivation{
+        status: :confirmed,
+        application: %Application{client_id: ^client_id}
+      } = app_device_activation ->
+        if device_activation_expired?(app_device_activation) do
+          {:error, :expired}
+        else
+          Applications.update_application_device_activation(app_device_activation, %{
+            status: :success
+          })
+        end
+
+      # The device activation is confirmed, but does not match the given app client_id, so we say it's not found
+      %ApplicationDeviceActivation{status: :confirmed} ->
+        {:error, :not_found}
+
+      %ApplicationDeviceActivation{} ->
+        {:error, :not_confirmed}
+
+      nil ->
+        {:error, :not_found}
     end
   end
 
-  @spec generate_access_token(String.t(), String.t(), String.t(), String.t()) ::
+  @spec generate_access_token(String.t(), String.t(), String.t(), String.t(), String.t()) ::
           {:ok, access_token_details()}
           | {:error,
              :application_not_found
              | :redirect_uri_not_in_allowed
              | :provided_code_does_not_match
              | :invalid_client_secret
-             | :app_token_not_found
+             | :invalid_or_expired
              | any()}
-  def generate_access_token(client_id, client_secret, code, redirect_uri) do
+  def generate_access_token(client_id, client_secret, code, redirect_uri, scope) do
     with {:application,
           %Application{
             id: application_id,
             client_secret: app_client_secret,
-            scopes: scopes,
             redirect_uris: redirect_uris
           }} <-
            {:application, Applications.get_application_by_client_id(client_id)},
+         # TODO: check that app token scope still are acceptable
          {:redirect_uri, true} <-
-           {:redirect_uri, redirect_uri in String.split(redirect_uris, "\n")},
+           {:redirect_uri, redirect_uri in redirect_uris},
          {:app_token, %ApplicationToken{} = app_token} <-
            {:app_token, Applications.get_application_token_by_authorization_code(code)},
          {:ok, %ApplicationToken{application_id: application_id_from_token} = app_token} <-
@@ -105,7 +141,7 @@ defmodule Mobilizon.Service.Auth.Applications do
          expires_in: ttl_to_seconds(@app_access_tokens_ttl),
          refresh_token: refresh_token,
          refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
-         scope: scopes,
+         scope: scope,
          token_type: "bearer"
        }}
     else
@@ -122,15 +158,20 @@ defmodule Mobilizon.Service.Auth.Applications do
         {:error, :redirect_uri_not_in_allowed}
 
       {:app_token, _} ->
-        {:error, :app_token_not_found}
+        {:error, :invalid_or_expired}
 
       {:error, err} ->
         {:error, err}
     end
   end
 
-  def generate_access_token(client_id, device_code) do
-    case Applications.get_application_device_activation(client_id, device_code) do
+  def generate_access_token_for_device_flow(client_id, device_code) do
+    Logger.debug("Generating access token for application device with",
+      client_id: client_id,
+      device_code: device_code
+    )
+
+    case Applications.get_application_device_activation_by_device_code(client_id, device_code) do
       %ApplicationDeviceActivation{status: :success, scope: scope, user_id: user_id} =
           app_device_activation ->
         if device_activation_expired?(app_device_activation) do
@@ -164,13 +205,17 @@ defmodule Mobilizon.Service.Auth.Applications do
         end
 
       %ApplicationDeviceActivation{status: :incorrect_device_code} ->
+        Logger.error("Incorrect device code set")
         {:error, :incorrect_device_code}
 
       %ApplicationDeviceActivation{status: :access_denied} ->
         {:error, :access_denied}
 
+      nil ->
+        Logger.error("nil returned")
+        {:error, :incorrect_device_code}
+
       err ->
-        require Logger
         Logger.error(inspect(err))
         {:error, :incorrect_device_code}
     end
@@ -191,35 +236,42 @@ defmodule Mobilizon.Service.Auth.Applications do
 
   @spec register_device_code(String.t(), String.t() | nil) ::
           {:ok, ApplicationDeviceActivation.t()}
+          | {:error, :application_not_found}
+          | {:error, :scope_not_included}
           | {:error, Ecto.Changeset.t()}
   def register_device_code(client_id, scope) do
-    %Application{} = application = Applications.get_application_by_client_id(client_id)
-    device_code = string_of_length(40)
-    user_code = string_of_length(8)
-    verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
-    expires_in = @expires_in
-    interval = @interval
-
-    case Applications.create_application_device_activation(%{
-           device_code: device_code,
-           user_code: user_code,
-           expires_in: expires_in,
-           application_id: application.id,
-           scope: scope
-         }) do
-      {:ok, %ApplicationDeviceActivation{} = application_device_activation} ->
-        {:ok,
-         application_device_activation
-         |> Map.from_struct()
-         |> Map.take([:device_code, :user_code, :expires_in])
-         |> Map.update!(:user_code, &user_code_displayed/1)
-         |> Map.merge(%{
-           interval: interval,
-           verification_uri: verification_uri
-         })}
-
+    with {:app, %Application{scope: app_scope} = application} <-
+           {:app, Applications.get_application_by_client_id(client_id)},
+         {device_code, user_code, verification_uri} <-
+           {string_of_length(40), string_of_length(8),
+            Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)},
+         {:scope_included, true} <- {:scope_included, request_scope_valid?(app_scope, scope)},
+         {:ok, %ApplicationDeviceActivation{} = application_device_activation} <-
+           Applications.create_application_device_activation(%{
+             device_code: device_code,
+             user_code: user_code,
+             expires_in: @expires_in,
+             application_id: application.id,
+             scope: scope
+           }) do
+      {:ok,
+       application_device_activation
+       |> Map.from_struct()
+       |> Map.take([:device_code, :user_code, :expires_in])
+       |> Map.update!(:user_code, &user_code_displayed/1)
+       |> Map.merge(%{
+         interval: @interval,
+         verification_uri: verification_uri
+       })}
+    else
       {:error, %Ecto.Changeset{} = err} ->
         {:error, err}
+
+      {:app, nil} ->
+        {:error, :application_not_found}
+
+      {:scope_included, false} ->
+        {:error, :scope_not_included}
     end
   end
 
@@ -245,6 +297,45 @@ defmodule Mobilizon.Service.Auth.Applications do
     end
   end
 
+  @spec refresh_tokens(String.t(), String.t(), String.t()) ::
+          {:ok, access_token_details()}
+          | {:error, :invalid_client_credentials}
+          | {:error, :invalid_refresh_token}
+          | {:error, any()}
+  def refresh_tokens(refresh_token, user_client_id, user_client_secret) do
+    with {:resource_from_token,
+          {:ok,
+           %ApplicationToken{
+             application: %Application{client_id: app_client_id, client_secret: app_client_secret},
+             scope: scope
+           } = app_token,
+           _claims}} <- {:resource_from_token, Guardian.resource_from_token(refresh_token)},
+         {:valid_client_credentials, true} <-
+           {:valid_client_credentials,
+            app_client_id == user_client_id and app_client_secret == user_client_secret},
+         {:ok, _old, {exchanged_token, _claims}} <-
+           Guardian.exchange(refresh_token, "refresh", "access", ttl: @app_access_tokens_ttl),
+         {:ok, new_refresh_token} <-
+           Authenticator.generate_refresh_token(app_token, @app_refresh_tokens_ttl),
+         {:ok, _claims} <- Guardian.revoke(refresh_token) do
+      {:ok,
+       %{
+         access_token: exchanged_token,
+         expires_in: ttl_to_seconds(@app_access_tokens_ttl),
+         refresh_token: new_refresh_token,
+         refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
+         scope: scope,
+         token_type: "bearer"
+       }}
+    else
+      {:valid_client_credentials, false} ->
+        {:error, :invalid_client_credentials}
+
+      {:resource_from_token, _} ->
+        {:error, :invalid_refresh_token}
+    end
+  end
+
   defp user_code_displayed(user_code) do
     String.slice(user_code, 0..3) <> "-" <> String.slice(user_code, 4..7)
   end
@@ -265,6 +356,12 @@ defmodule Mobilizon.Service.Auth.Applications do
          expires_in: expires_in
        }) do
     NaiveDateTime.compare(NaiveDateTime.add(inserted_at, expires_in), NaiveDateTime.utc_now()) ==
-      :gt
+      :lt
+  end
+
+  defp request_scope_valid?(app_scope, request_scope) do
+    app_scopes = app_scope |> String.split(" ") |> MapSet.new()
+    request_scopes = request_scope |> String.split(" ") |> MapSet.new()
+    MapSet.subset?(request_scopes, app_scopes)
   end
 end
diff --git a/lib/web/auth/context.ex b/lib/web/auth/context.ex
index 50ad94d50..5c6fb6ed1 100644
--- a/lib/web/auth/context.ex
+++ b/lib/web/auth/context.ex
@@ -38,7 +38,7 @@ defmodule Mobilizon.Web.Auth.Context do
           |> set_app_token_context(context, app_token)
           |> set_user_context(user)
 
-        nil ->
+        _ ->
           {conn, context}
       end
 
diff --git a/lib/web/auth/error_handler.ex b/lib/web/auth/error_handler.ex
index 8a27a6e5c..87982f350 100644
--- a/lib/web/auth/error_handler.ex
+++ b/lib/web/auth/error_handler.ex
@@ -3,11 +3,12 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
   In case we have an auth error
   """
   import Plug.Conn
+  require Logger
 
   # sobelow_skip ["XSS.SendResp"]
   @spec auth_error(Plug.Conn.t(), any(), any()) :: Plug.Conn.t()
-  def auth_error(conn, {type, _reason}, _opts) do
-    body = Jason.encode!(%{message: to_string(type)})
+  def auth_error(conn, {type, reason}, _opts) do
+    body = Jason.encode!(%{message: to_string(type), details: inspect(reason)})
     send_resp(conn, 401, body)
   end
 end
diff --git a/lib/web/auth/guardian.ex b/lib/web/auth/guardian.ex
index e2a4ea673..d840adc1e 100644
--- a/lib/web/auth/guardian.ex
+++ b/lib/web/auth/guardian.ex
@@ -43,7 +43,9 @@ defmodule Mobilizon.Web.Auth.Guardian do
           {:error, :invalid_id}
       end
     rescue
-      Ecto.NoResultsError -> {:error, :no_result}
+      e in Ecto.NoResultsError ->
+        Logger.warn("Received token claim for non existing user: #{inspect(e)}")
+        {:error, :no_result}
     end
   end
 
@@ -62,7 +64,9 @@ defmodule Mobilizon.Web.Auth.Guardian do
           {:error, :invalid_id}
       end
     rescue
-      Ecto.NoResultsError -> {:error, :no_result}
+      e in Ecto.NoResultsError ->
+        Logger.info("Received token claim for non existing app token: #{inspect(e.message)}")
+        {:error, :no_result}
     end
   end
 
@@ -79,6 +83,8 @@ defmodule Mobilizon.Web.Auth.Guardian do
 
   @spec on_verify(any(), any(), any()) :: {:ok, map()} | {:error, :token_not_found}
   def on_verify(claims, token, _options) do
+    Logger.debug("[Guardian] Called on_verify")
+
     with {:ok, _} <- Guardian.DB.on_verify(claims, token) do
       {:ok, claims}
     end
@@ -86,6 +92,8 @@ defmodule Mobilizon.Web.Auth.Guardian do
 
   @spec on_revoke(any(), any(), any()) :: {:ok, map()} | {:error, :could_not_revoke_token}
   def on_revoke(claims, token, _options) do
+    Logger.debug("[Guardian] Called on_revoke")
+
     with {:ok, _} <- Guardian.DB.on_revoke(claims, token) do
       {:ok, claims}
     end
@@ -94,6 +102,8 @@ defmodule Mobilizon.Web.Auth.Guardian do
   @spec on_refresh({any(), any()}, {any(), any()}, any()) ::
           {:ok, {String.t(), map()}, {String.t(), map()}} | {:error, any()}
   def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
+    Logger.debug("[Guardian] Called on_refresh")
+
     with {:ok, _, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
       {:ok, {old_token, old_claims}, {new_token, new_claims}}
     end
@@ -101,7 +111,10 @@ defmodule Mobilizon.Web.Auth.Guardian do
 
   @spec on_exchange(any(), any(), any()) ::
           {:ok, {String.t(), map()}, {String.t(), map()}} | {:error, any()}
-  def on_exchange(old_stuff, new_stuff, options), do: on_refresh(old_stuff, new_stuff, options)
+  def on_exchange(old_stuff, new_stuff, options) do
+    Logger.debug("[Guardian] Called on_exchange")
+    on_refresh(old_stuff, new_stuff, options)
+  end
 
   #  def build_claims(claims, _resource, opts) do
   #    claims = claims
diff --git a/lib/web/controllers/application_controller.ex b/lib/web/controllers/application_controller.ex
index df26c99bb..c633b186b 100644
--- a/lib/web/controllers/application_controller.ex
+++ b/lib/web/controllers/application_controller.ex
@@ -1,7 +1,7 @@
 defmodule Mobilizon.Web.ApplicationController do
   use Mobilizon.Web, :controller
 
-  alias Mobilizon.Applications.{Application, ApplicationDeviceActivation}
+  alias Mobilizon.Applications.Application
   alias Mobilizon.Service.Auth.Applications
   plug(:put_layout, false)
   import Mobilizon.Web.Gettext, only: [dgettext: 2]
@@ -11,11 +11,14 @@ defmodule Mobilizon.Web.ApplicationController do
   Create an application
   """
   @spec create_application(Plug.Conn.t(), map()) :: Plug.Conn.t()
-  def create_application(conn, %{"name" => name, "redirect_uris" => redirect_uris} = args) do
+  def create_application(
+        conn,
+        %{"name" => name, "redirect_uris" => redirect_uris, "scope" => scope} = args
+      ) do
     case Applications.create(
            name,
-           redirect_uris,
-           Map.get(args, "scopes"),
+           String.split(redirect_uris, "\n"),
+           scope,
            Map.get(args, "website")
          ) do
       {:ok, %Application{} = app} ->
@@ -24,7 +27,19 @@ defmodule Mobilizon.Web.ApplicationController do
           Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
         )
 
-      {:error, _error} ->
+      {:error, :invalid_scope} ->
+        send_resp(
+          conn,
+          400,
+          dgettext(
+            "errors",
+            "The scope parameter is not a space separated list of valid scopes"
+          )
+        )
+
+      {:error, error} ->
+        Logger.error(inspect(error))
+
         send_resp(
           conn,
           500,
@@ -42,7 +57,7 @@ defmodule Mobilizon.Web.ApplicationController do
       400,
       dgettext(
         "errors",
-        "Both name and redirect_uri parameters are required to create an application"
+        "All of name, scope and redirect_uri parameters are required to create an application"
       )
     )
   end
@@ -60,14 +75,15 @@ defmodule Mobilizon.Web.ApplicationController do
     client_id = conn.query_params["client_id"]
     redirect_uri = conn.query_params["redirect_uri"]
     state = conn.query_params["state"]
+    scope = conn.query_params["scope"]
 
-    if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) do
+    if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) and is_binary(scope) do
       redirect(conn,
         to:
           Routes.page_path(conn, :authorize,
             client_id: client_id,
             redirect_uri: redirect_uri,
-            scope: conn.query_params["scope"],
+            scope: scope,
             state: state
           )
       )
@@ -77,14 +93,14 @@ defmodule Mobilizon.Web.ApplicationController do
         400,
         dgettext(
           "errors",
-          "You need to specify client_id, redirect_uri and state to autorize an application"
+          "You need to specify client_id, redirect_uri, scope and state to autorize an application"
         )
       )
     end
   end
 
-  def device_code(conn, %{"client_id" => client_id} = args) do
-    case Applications.register_device_code(client_id, Map.get(args, "scope")) do
+  def device_code(conn, %{"client_id" => client_id, "scope" => scope}) do
+    case Applications.register_device_code(client_id, scope) do
       {:ok, res} when is_map(res) ->
         case get_format(conn) do
           "json" ->
@@ -94,6 +110,12 @@ defmodule Mobilizon.Web.ApplicationController do
             send_resp(conn, 200, URI.encode_query(res))
         end
 
+      {:error, :scope_not_included} ->
+        send_resp(conn, 400, "The given scope is not in the list of the app declared scopes")
+
+      {:error, :application_not_found} ->
+        send_resp(conn, 400, "No application with this client_id was found")
+
       {:error, %Ecto.Changeset{} = err} ->
         Logger.error(inspect(err))
         send_resp(conn, 500, "Unable to produce device code")
@@ -101,7 +123,11 @@ defmodule Mobilizon.Web.ApplicationController do
   end
 
   def device_code(conn, _args) do
-    send_resp(conn, 400, "You need to send to send at least client_id to obtain a device code")
+    send_resp(
+      conn,
+      400,
+      "You need to pass both client_id and scope as parameters to obtain a device code"
+    )
   end
 
   @spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
@@ -109,59 +135,106 @@ defmodule Mobilizon.Web.ApplicationController do
         "client_id" => client_id,
         "client_secret" => client_secret,
         "code" => code,
-        "redirect_uri" => redirect_uri
+        "redirect_uri" => redirect_uri,
+        "scope" => scope,
+        "grant_type" => "authorization_code"
       }) do
-    case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
+    case do_generate_access_token(client_id, client_secret, code, redirect_uri, scope) do
       {:ok, token} ->
-        redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
+        json(conn, token)
 
-      {:error, :application_not_found} ->
-        send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))
-
-      {:error, :redirect_uri_not_in_allowed} ->
-        send_resp(conn, 400, dgettext("errors", "This redirect URI is not allowed"))
-
-      {:error, :invalid_or_expired} ->
-        send_resp(conn, 400, dgettext("errors", "The provided code is invalid or expired"))
-
-      {:error, :invalid_client_id} ->
-        send_resp(
-          conn,
-          400,
-          dgettext("errors", "The provided client_id does not match the provided code")
-        )
-
-      {:error, :invalid_client_secret} ->
-        send_resp(conn, 400, dgettext("errors", "The provided client_secret is invalid"))
-
-      {:error, :user_not_found} ->
-        send_resp(conn, 400, dgettext("errors", "The user for this code was not found"))
+      {:error, msg} ->
+        Logger.debug(msg)
+        json(conn, %{error: true, details: msg})
     end
   end
 
-  def generate_access_token(conn, %{
-        "client_id" => client_id,
-        "device_code" => device_code,
-        "grant_type" => "urn:ietf:params:oauth:grant-type:device_code",
-        "_format" => "json"
-      }) do
-    json(conn, Applications.generate_access_token(client_id, device_code))
-  end
-
   def generate_access_token(conn, %{
         "client_id" => client_id,
         "device_code" => device_code,
         "grant_type" => "urn:ietf:params:oauth:grant-type:device_code"
       }) do
+    case Applications.generate_access_token_for_device_flow(client_id, device_code) do
+      {:ok, res} ->
+        case get_format(conn) do
+          "json" ->
+            json(conn, res)
+
+          _ ->
+            send_resp(
+              conn,
+              200,
+              URI.encode_query(res)
+            )
+        end
+
+      {:error, :incorrect_device_code} ->
+        send_resp(conn, 400, "The client_id provided or the device_code associated is invalid")
+
+      {:error, :access_denied} ->
+        send_resp(conn, 401, "The user rejected the requested authorization")
+
+      {:error, :expired} ->
+        send_resp(conn, 400, "The given device_code has expired")
+    end
+  end
+
+  def generate_access_token(conn, %{
+        "refresh_token" => refresh_token,
+        "grant_type" => "refresh_token",
+        "client_id" => client_id,
+        "client_secret" => client_secret
+      }) do
+    case Applications.refresh_tokens(refresh_token, client_id, client_secret) do
+      {:ok, res} ->
+        json(conn, res)
+
+      {:error, :invalid_client_credentials} ->
+        send_resp(conn, 400, "Invalid client credentials provided")
+
+      {:error, :invalid_refresh_token} ->
+        send_resp(conn, 400, "Invalid refresh token provided")
+
+      {:error, err} when is_atom(err) ->
+        send_resp(conn, 500, to_string(err))
+    end
+  end
+
+  def generate_access_token(conn, _args) do
     send_resp(
       conn,
-      200,
-      URI.encode_query(Applications.generate_access_token(client_id, device_code))
+      400,
+      "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
     )
   end
 
-  @spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
-  defp generate_redirect_with_query_params(redirect_uri, query_params) do
-    redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()
+  @spec do_generate_access_token(String.t(), String.t(), String.t(), String.t(), String.t()) ::
+          {:ok, Applications.access_token_details()} | {:error, String.t()}
+  defp do_generate_access_token(client_id, client_secret, code, redirect_uri, scope) do
+    case Applications.generate_access_token(
+           client_id,
+           client_secret,
+           code,
+           redirect_uri,
+           scope
+         ) do
+      {:ok, token} ->
+        {:ok, token}
+
+      {:error, :application_not_found} ->
+        {:error, dgettext("errors", "No application was found with this client_id")}
+
+      {:error, :redirect_uri_not_in_allowed} ->
+        {:error, dgettext("errors", "This redirect URI is not allowed")}
+
+      {:error, :invalid_or_expired} ->
+        {:error, dgettext("errors", "The provided code is invalid or expired")}
+
+      {:error, :provided_code_does_not_match} ->
+        {:error, dgettext("errors", "The provided client_id does not match the provided code")}
+
+      {:error, :invalid_client_secret} ->
+        {:error, dgettext("errors", "The provided client_secret is invalid")}
+    end
   end
 end
diff --git a/lib/web/router.ex b/lib/web/router.ex
index 97907aed9..06496b325 100644
--- a/lib/web/router.ex
+++ b/lib/web/router.ex
@@ -208,7 +208,6 @@ defmodule Mobilizon.Web.Router do
 
     post("/apps", ApplicationController, :create_application)
     get("/oauth/authorize", ApplicationController, :authorize)
-    post("/oauth/token", ApplicationController, :generate_access_token)
     get("/oauth/autorize_approve", PageController, :authorize)
     get("/login/device", PageController, :auth_device)
   end
@@ -217,10 +216,11 @@ defmodule Mobilizon.Web.Router do
     plug(:accepts, ["html", "json"])
   end
 
-  scope "/login", Mobilizon.Web do
+  scope "/", Mobilizon.Web do
     pipe_through(:login)
 
-    post("/device/code", ApplicationController, :device_code)
+    post("/login/device/code", ApplicationController, :device_code)
+    post("/oauth/token", ApplicationController, :generate_access_token)
   end
 
   scope "/proxy/", Mobilizon.Web do
diff --git a/mix.exs b/mix.exs
index d3c9c8253..34f368afd 100644
--- a/mix.exs
+++ b/mix.exs
@@ -209,6 +209,7 @@ defmodule Mobilizon.Mixfile do
       {:unplug, "~> 1.0.0"},
       {:replug, "~> 0.1.0"},
       {:exkismet, github: "tcitworld/exkismet"},
+      {:rajska, github: "churcho/rajska", branch: "fix/update-absinthe"},
       # Dev and test dependencies
       {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
       {:ex_machina, "~> 2.3", only: [:dev, :test]},
diff --git a/mix.lock b/mix.lock
index c5ce88811..9fa872a7e 100644
--- a/mix.lock
+++ b/mix.lock
@@ -118,6 +118,7 @@
   "plug_crypto": {:hex, :plug_crypto, "1.2.3", "8f77d13aeb32bfd9e654cb68f0af517b371fb34c56c9f2b58fe3df1235c1251a", [:mix], [], "hexpm", "b5672099c6ad5c202c45f5a403f21a3411247f164e4a8fab056e5cd8a290f4a2"},
   "postgrex": {:hex, :postgrex, "0.16.5", "fcc4035cc90e23933c5d69a9cd686e329469446ef7abba2cf70f08e2c4b69810", [:mix], [{:connection, "~> 1.1", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:table, "~> 0.1.0", [hex: :table, repo: "hexpm", optional: true]}], "hexpm", "edead639dc6e882618c01d8fc891214c481ab9a3788dfe38dd5e37fd1d5fb2e8"},
   "progress_bar": {:hex, :progress_bar, "2.0.1", "7b40200112ae533d5adceb80ff75fbe66dc753bca5f6c55c073bfc122d71896d", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "2519eb58a2f149a3a094e729378256d8cb6d96a259ec94841bd69fdc71f18f87"},
+  "rajska": {:git, "https://github.com/churcho/rajska.git", "5da424969d5f40dcab690d3a25b248f85f712823", [branch: "fix/update-absinthe"]},
   "ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"},
   "remote_ip": {:hex, :remote_ip, "1.1.0", "cb308841595d15df3f9073b7c39243a1dd6ca56e5020295cb012c76fbec50f2d", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "616ffdf66aaad6a72fc546dabf42eed87e2a99e97b09cbd92b10cc180d02ed74"},
   "replug": {:hex, :replug, "0.1.0", "61d35f8c873c0078a23c49579a48f36e45789414b1ec0daee3fd5f4e34221f23", [:mix], [{:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f71f7a57e944e854fe4946060c6964098e53958074c69fb844b96e0bd58cfa60"},
diff --git a/priv/repo/migrations/20230208101626_create_applications.exs b/priv/repo/migrations/20230208101626_create_applications.exs
index 2e29a6d55..08b13dad9 100644
--- a/priv/repo/migrations/20230208101626_create_applications.exs
+++ b/priv/repo/migrations/20230208101626_create_applications.exs
@@ -6,8 +6,8 @@ defmodule Mobilizon.Repo.Migrations.CreateApplications do
       add(:name, :string, null: false)
       add(:client_id, :string, null: false)
       add(:client_secret, :string, null: false)
-      add(:redirect_uris, :string, null: false)
-      add(:scopes, :string, null: true)
+      add(:redirect_uris, {:array, :string}, null: false)
+      add(:scope, :string, null: true)
       add(:website, :string, null: true)
       add(:owner_type, :string, null: true)
       add(:owner_id, :integer, null: true)
diff --git a/priv/repo/migrations/20230215125801_create_application_tokens.exs b/priv/repo/migrations/20230215125801_create_application_tokens.exs
index a2da53e9a..20439b377 100644
--- a/priv/repo/migrations/20230215125801_create_application_tokens.exs
+++ b/priv/repo/migrations/20230215125801_create_application_tokens.exs
@@ -6,6 +6,8 @@ defmodule Mobilizon.Repo.Migrations.CreateApplicationTokens do
       add(:user_id, references(:users, on_delete: :delete_all), null: false)
       add(:application_id, references(:applications, on_delete: :delete_all), null: false)
       add(:authorization_code, :string, null: true)
+      add(:status, :string, default: "pending", null: false)
+      add(:scope, :string)
       timestamps()
     end
 
diff --git a/priv/repo/migrations/20230216151638_add_device_flow_support.exs b/priv/repo/migrations/20230216151638_add_device_flow_support.exs
deleted file mode 100644
index 2e83dc59c..000000000
--- a/priv/repo/migrations/20230216151638_add_device_flow_support.exs
+++ /dev/null
@@ -1,10 +0,0 @@
-defmodule Mobilizon.Storage.Repo.Migrations.AddDeviceFlowSupport do
-  use Ecto.Migration
-
-  def change do
-    alter table(:application_tokens) do
-      add(:status, :string, default: :pending, null: false)
-      add(:scope, :string)
-    end
-  end
-end
diff --git a/test/graphql/resolvers/activity_test.exs b/test/graphql/resolvers/activity_test.exs
index edebb3b7d..081973557 100644
--- a/test/graphql/resolvers/activity_test.exs
+++ b/test/graphql/resolvers/activity_test.exs
@@ -125,7 +125,8 @@ defmodule Mobilizon.GraphQL.Resolvers.ActivityTest do
           variables: %{preferredUsername: preferred_username}
         )
 
-      assert hd(res["errors"])["message"] == "unauthenticated"
+      assert "Not authorized to access object paginated_activity_list" ==
+               hd(res["errors"])["message"]
     end
 
     test "without being a member", %{
diff --git a/test/graphql/resolvers/admin_test.exs b/test/graphql/resolvers/admin_test.exs
index cc3255cc1..3e25f9f55 100644
--- a/test/graphql/resolvers/admin_test.exs
+++ b/test/graphql/resolvers/admin_test.exs
@@ -12,6 +12,29 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
   alias Mobilizon.GraphQL.{AbsintheHelpers, API}
 
   describe "Resolver: List the action logs" do
+    @action_logs_query """
+    query ActionLogs {
+      actionLogs {
+        total
+        elements {
+          action,
+          actor {
+            preferredUsername
+          },
+          object {
+            ... on Report {
+              id,
+              status
+            },
+            ... on ReportNote {
+              content
+            }
+          }
+        }
+      }
+    }
+    """
+
     @note_content "This a note on a report"
     test "list_action_logs/3 list action logs", %{conn: conn} do
       %User{} = user_moderator = insert(:user, role: :moderator)
@@ -26,48 +49,22 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
       {:ok, %Note{} = note} = API.Reports.create_report_note(report, moderator_2, @note_content)
 
       API.Reports.delete_report_note(note, moderator_2)
+      res = AbsintheHelpers.graphql_query(conn, query: @action_logs_query)
 
-      query = """
-      {
-        actionLogs {
-          total
-          elements {
-            action,
-            actor {
-              preferredUsername
-            },
-            object {
-              ... on Report {
-                id,
-                status
-              },
-              ... on ReportNote {
-                content
-              }
-            }
-          }
-        }
-      }
-      """
-
-      res =
-        conn
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
-
-      assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
-               "You need to be logged-in and a moderator to list action logs"
+      assert res["errors"] |> hd |> Map.get("message") ==
+               "You need to be logged in"
 
       res =
         conn
         |> auth_conn(user_moderator)
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
+        |> AbsintheHelpers.graphql_query(query: @action_logs_query)
 
-      assert json_response(res, 200)["errors"] == nil
+      assert is_nil(res["errors"])
 
-      assert json_response(res, 200)["data"]["actionLogs"]["total"] == 3
-      assert json_response(res, 200)["data"]["actionLogs"]["elements"] |> length == 3
+      assert res["data"]["actionLogs"]["total"] == 3
+      assert res["data"]["actionLogs"]["elements"] |> length == 3
 
-      assert json_response(res, 200)["data"]["actionLogs"]["elements"] == [
+      assert res["data"]["actionLogs"]["elements"] == [
                %{
                  "action" => "NOTE_DELETION",
                  "actor" => %{"preferredUsername" => moderator_2.preferred_username},
@@ -88,13 +85,8 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
   end
 
   describe "Resolver: Get the dashboard statistics" do
-    test "get_dashboard/3 gets dashboard information", %{conn: conn} do
-      %Event{title: title} = insert(:event)
-
-      %User{} = user_admin = insert(:user, role: :administrator)
-
-      query = """
-      {
+    @dashbord_information_query """
+      query Dashboard {
         dashboard {
           lastPublicEventPublished {
             title
@@ -105,24 +97,25 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
           numberOfReports
         }
       }
-      """
+    """
 
-      res =
-        conn
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
+    test "get_dashboard/3 gets dashboard information", %{conn: conn} do
+      %Event{title: title} = insert(:event)
 
-      assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
-               "You need to be logged-in and an administrator to access dashboard statistics"
+      %User{} = user_admin = insert(:user, role: :administrator)
+
+      res = AbsintheHelpers.graphql_query(conn, query: @dashbord_information_query)
+
+      assert res["errors"] |> hd |> Map.get("message") == "You need to be logged in"
 
       res =
         conn
         |> auth_conn(user_admin)
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
+        |> AbsintheHelpers.graphql_query(query: @dashbord_information_query)
 
-      assert json_response(res, 200)["errors"] == nil
+      assert is_nil(res["errors"])
 
-      assert json_response(res, 200)["data"]["dashboard"]["lastPublicEventPublished"]["title"] ==
-               title
+      assert title == res["data"]["dashboard"]["lastPublicEventPublished"]["title"]
     end
   end
 
@@ -175,7 +168,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @relay_followers_query)
 
       assert hd(res["errors"])["message"] == "You need to be logged in"
-      assert hd(res["errors"])["status_code"] == 401
     end
 
     test "test list_relay_followers/3 returns nothing when not an admin", %{conn: conn} do
@@ -200,7 +192,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @relay_followers_query)
 
       assert hd(res["errors"])["message"] == "You don't have permission to do this"
-      assert hd(res["errors"])["status_code"] == 403
 
       res =
         conn
@@ -208,7 +199,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @relay_followers_query)
 
       assert hd(res["errors"])["message"] == "You don't have permission to do this"
-      assert hd(res["errors"])["status_code"] == 403
     end
 
     test "test list_relay_followers/3 returns relay followers", %{conn: conn} do
@@ -258,7 +248,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @relay_followings_query)
 
       assert hd(res["errors"])["message"] == "You need to be logged in"
-      assert hd(res["errors"])["status_code"] == 401
     end
 
     test "test list_relay_followings/3 returns nothing when not an admin", %{conn: conn} do
@@ -284,7 +273,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @relay_followings_query)
 
       assert hd(res["errors"])["message"] == "You don't have permission to do this"
-      assert hd(res["errors"])["status_code"] == 403
 
       res =
         conn
@@ -292,7 +280,6 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @relay_followings_query)
 
       assert hd(res["errors"])["message"] == "You don't have permission to do this"
-      assert hd(res["errors"])["status_code"] == 403
     end
 
     test "test list_relay_followings/3 returns relay followings", %{conn: conn} do
@@ -403,7 +390,7 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         |> AbsintheHelpers.graphql_query(query: @admin_settings_query)
 
       assert hd(res["errors"])["message"] ==
-               "You need to be logged-in and an administrator to access admin settings"
+               "You don't have permission to do this"
     end
   end
 
@@ -490,7 +477,7 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "You need to be logged-in and an administrator to save admin settings"
+               "You don't have permission to do this"
     end
   end
 
@@ -524,7 +511,7 @@ defmodule Mobilizon.GraphQL.Resolvers.AdminTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "You need to be logged-in and an administrator to edit an user's details"
+               "You don't have permission to do this"
     end
 
     test "when putting same email", %{conn: conn, user: user, admin: admin} do
diff --git a/test/graphql/resolvers/application_test.exs b/test/graphql/resolvers/application_test.exs
new file mode 100644
index 000000000..2b10e6350
--- /dev/null
+++ b/test/graphql/resolvers/application_test.exs
@@ -0,0 +1,533 @@
+defmodule Mobilizon.GraphQL.Resolvers.ApplicationTest do
+  use Mobilizon.Web.ConnCase
+
+  import Mobilizon.Factory
+  require Logger
+
+  alias Mobilizon.Applications.{Application, ApplicationDeviceActivation}
+  alias Mobilizon.GraphQL.AbsintheHelpers
+
+  @identities_query """
+  query LoggedUser {
+    loggedUser {
+      actors {
+        id
+      }
+    }
+  }
+  """
+
+  describe "Authorize an application" do
+    @authorize_mutation """
+    mutation AuthorizeApplication(
+      $applicationClientId: String!
+      $redirectURI: String!
+      $state: String
+      $scope: String!
+    ) {
+      authorizeApplication(
+        clientId: $applicationClientId
+        redirectURI: $redirectURI
+        state: $state
+        scope: $scope
+      ) {
+        code
+        state
+        clientId
+        scope
+      }
+    }
+    """
+    test "while being not logged-in", %{conn: conn} do
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @authorize_mutation,
+          variables: [
+            applicationClientId: "an invalid client_id",
+            redirectURI: "doesn't matter",
+            state: "hello",
+            scope: "read"
+          ]
+        )
+
+      assert "You need to be logged in" = hd(res["errors"])["message"]
+    end
+
+    test "with incorrect client_id", %{conn: conn} do
+      user = insert(:user)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @authorize_mutation,
+          variables: [
+            applicationClientId: "an invalid client_id",
+            redirectURI: "doesn't matter",
+            state: "hello",
+            scope: "read"
+          ]
+        )
+
+      assert "No application with this client_id was found" = hd(res["errors"])["message"]
+    end
+
+    test "with incorrect redirect_uri", %{conn: conn} do
+      user = insert(:user)
+      app = insert(:auth_application)
+
+      client_id = app.client_id
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @authorize_mutation,
+          variables: [
+            applicationClientId: client_id,
+            redirectURI: "something not in app's redirect URIs",
+            state: "hello",
+            scope: "read"
+          ]
+        )
+
+      assert "The given redirect_uri is not in the list of allowed redirect URIs" =
+               hd(res["errors"])["message"]
+    end
+
+    test "with correct params", %{conn: conn} do
+      user = insert(:user)
+      app = insert(:auth_application)
+
+      client_id = app.client_id
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @authorize_mutation,
+          variables: [
+            applicationClientId: client_id,
+            redirectURI: hd(app.redirect_uris),
+            state: "hello",
+            scope: "read"
+          ]
+        )
+
+      assert %{
+               "scope" => "read",
+               "state" => "hello",
+               "clientId" => ^client_id,
+               "code" => _code
+             } = res["data"]["authorizeApplication"]
+    end
+  end
+
+  describe "Revoke an application token" do
+    @revoke_mutation """
+    mutation RevokeApplicationToken($appTokenId: String!) {
+      revokeApplicationToken(appTokenId: $appTokenId) {
+        id
+      }
+    }
+    """
+
+    test "while not authenticated", %{conn: conn} do
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @revoke_mutation,
+          variables: [
+            appTokenId: "not an actual token ID"
+          ]
+        )
+
+      assert "You need to be logged in" = hd(res["errors"])["message"]
+    end
+
+    test "with an invalid token", %{conn: conn} do
+      user = insert(:user)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @revoke_mutation,
+          variables: [
+            appTokenId: "5846"
+          ]
+        )
+
+      assert "Application token not found" == hd(res["errors"])["message"]
+    end
+
+    test "with valid token", %{conn: conn} do
+      user = insert(:user)
+
+      app_token = insert(:auth_application_token, user: user)
+      app_token_id = to_string(app_token.id)
+
+      authed_conn = auth_conn(conn, app_token)
+
+      res = AbsintheHelpers.graphql_query(authed_conn, query: @identities_query)
+      assert res["errors"] == nil
+      assert res["data"]["loggedUser"]["actors"]
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @revoke_mutation,
+          variables: [
+            appTokenId: app_token_id
+          ]
+        )
+
+      assert app_token_id == res["data"]["revokeApplicationToken"]["id"]
+
+      # Asserting the token can't be used anymore
+      res = AbsintheHelpers.graphql_query(authed_conn, query: @identities_query)
+      assert "You need to be logged in" == hd(res["errors"])["message"]
+    end
+  end
+
+  describe "Get an application" do
+    @application_query """
+    query AuthApplication($clientId: String!) {
+      authApplication(clientId: $clientId) {
+        id
+        clientId
+        name
+        website
+      }
+    }
+    """
+
+    test "while not authenticated", %{conn: conn} do
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @application_query,
+          variables: [
+            clientId: "not an actual client ID"
+          ]
+        )
+
+      assert "You need to be logged in" = hd(res["errors"])["message"]
+    end
+
+    test "with incorrect client_id", %{conn: conn} do
+      user = insert(:user)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @application_query,
+          variables: [
+            clientId: "nonsense"
+          ]
+        )
+
+      assert "Application not found" = hd(res["errors"])["message"]
+    end
+
+    test "with valid client_id", %{conn: conn} do
+      user = insert(:user)
+
+      %Application{id: app_id, client_id: app_client_id, name: app_name, website: app_website} =
+        insert(:auth_application)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @application_query,
+          variables: [
+            clientId: app_client_id
+          ]
+        )
+
+      assert is_nil(res["errors"])
+
+      app_id = to_string(app_id)
+
+      assert %{
+               "id" => ^app_id,
+               "clientId" => ^app_client_id,
+               "name" => ^app_name,
+               "website" => ^app_website
+             } = res["data"]["authApplication"]
+    end
+  end
+
+  describe "Get user applications" do
+    @user_apps_query """
+    query AuthAuthorizedApplications {
+      loggedUser {
+        id
+        authAuthorizedApplications {
+          id
+          application {
+            name
+            website
+          }
+          lastUsedAt
+          insertedAt
+        }
+      }
+    }
+    """
+
+    test "without being logged in", %{conn: conn} do
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(query: @user_apps_query)
+
+      assert "You need to be logged in" = hd(res["errors"])["message"]
+    end
+
+    test "with an app token", %{conn: conn} do
+      user = insert(:user)
+      app_token = insert(:auth_application_token, user: user)
+
+      insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
+
+      insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
+
+      res =
+        conn
+        |> auth_conn(app_token)
+        |> AbsintheHelpers.graphql_query(query: @user_apps_query)
+
+      assert is_nil(res["data"]["loggedUser"]["authAuthorizedApplications"])
+      refute is_nil(res["data"]["loggedUser"]["id"])
+      assert hd(res["errors"])["message"] =~ "Not authorized to access field"
+      assert hd(res["errors"])["path"] == ["loggedUser", "authAuthorizedApplications"]
+    end
+
+    test "with authorized applications", %{conn: conn} do
+      user = insert(:user)
+
+      app_token_1 =
+        insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
+
+      app_token_2 =
+        insert(:auth_application_token, user: user, status: :success, authorization_code: nil)
+
+      # Someone else's app token
+      app_token_3 = insert(:auth_application_token, status: :success, authorization_code: nil)
+      # An app token not activated
+      app_token_4 = insert(:auth_application_token, user: user)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(query: @user_apps_query)
+
+      assert is_nil(res["errors"])
+      assert 2 = length(res["data"]["loggedUser"]["authAuthorizedApplications"])
+
+      found_app_token_ids =
+        res["data"]["loggedUser"]["authAuthorizedApplications"]
+        |> Enum.map(&String.to_integer(&1["id"]))
+        |> MapSet.new()
+
+      assert MapSet.subset?(MapSet.new([app_token_1.id, app_token_2.id]), found_app_token_ids)
+      refute MapSet.member?(found_app_token_ids, app_token_3.id)
+      refute MapSet.member?(found_app_token_ids, app_token_4.id)
+    end
+  end
+
+  describe "Device activation" do
+    @device_activation_mutation """
+    mutation DeviceActivation($userCode: String!) {
+      deviceActivation(userCode: $userCode) {
+        id
+        application {
+          id
+          clientId
+          name
+          website
+        }
+        scope
+      }
+    }
+    """
+
+    test "without being logged-in", %{conn: conn} do
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @device_activation_mutation,
+          variables: [userCode: "hi"]
+        )
+
+      assert "You need to be logged in" = hd(res["errors"])["message"]
+    end
+
+    test "with a bad code", %{conn: conn} do
+      user = insert(:user)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_activation_mutation,
+          variables: [userCode: "hi"]
+        )
+
+      assert "The given user code is invalid" = hd(res["errors"])["message"]
+    end
+
+    test "with an expired code", %{conn: conn} do
+      user = insert(:user)
+
+      auth_application_device_activation =
+        insert(:auth_application_device_activation, user: user, expires_in: -100)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_activation_mutation,
+          variables: [userCode: auth_application_device_activation.user_code]
+        )
+
+      assert "The given user code has expired" = hd(res["errors"])["message"]
+    end
+
+    test "with a valid code", %{conn: conn} do
+      user = insert(:user)
+      auth_application_device_activation = insert(:auth_application_device_activation, user: nil)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_activation_mutation,
+          variables: [userCode: auth_application_device_activation.user_code]
+        )
+
+      assert is_nil(res["errors"])
+
+      assert res["data"]["deviceActivation"]["application"]["id"] ==
+               to_string(auth_application_device_activation.application.id)
+    end
+  end
+
+  describe "Device authorization" do
+    @device_authorization_mutation """
+    mutation AuthorizeDeviceApplication(
+      $applicationClientId: String!
+      $userCode: String!
+    ) {
+      authorizeDeviceApplication(
+        clientId: $applicationClientId
+        userCode: $userCode
+      ) {
+        clientId
+        scope
+      }
+    }
+    """
+
+    test "without being logged in", %{conn: conn} do
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @device_authorization_mutation,
+          variables: [applicationClientId: "something", userCode: "wrong"]
+        )
+
+      assert "You need to be logged in" = hd(res["errors"])["message"]
+    end
+
+    test "with a bad code", %{conn: conn} do
+      user = insert(:user)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_authorization_mutation,
+          variables: [applicationClientId: "something", userCode: "wrong"]
+        )
+
+      assert "The given user code is invalid" = hd(res["errors"])["message"]
+    end
+
+    test "with some code that isn't approved", %{conn: conn} do
+      user = insert(:user)
+
+      auth_application_device_activation =
+        insert(:auth_application_device_activation, user: user, status: :pending)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_authorization_mutation,
+          variables: [
+            applicationClientId: auth_application_device_activation.application.client_id,
+            userCode: auth_application_device_activation.user_code
+          ]
+        )
+
+      assert "The device user code was not provided before approving the application" =
+               hd(res["errors"])["message"]
+    end
+
+    test "with some expired code", %{conn: conn} do
+      user = insert(:user)
+
+      auth_application_device_activation =
+        insert(:auth_application_device_activation,
+          user: user,
+          status: :confirmed,
+          expires_in: -100
+        )
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_authorization_mutation,
+          variables: [
+            applicationClientId: auth_application_device_activation.application.client_id,
+            userCode: auth_application_device_activation.user_code
+          ]
+        )
+
+      assert "The given user code has expired" = hd(res["errors"])["message"]
+    end
+
+    test "with a valid code", %{conn: conn} do
+      user = insert(:user)
+
+      %ApplicationDeviceActivation{
+        application: %Application{client_id: client_id},
+        user_code: user_code
+      } = insert(:auth_application_device_activation, user: user, status: :confirmed)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @device_authorization_mutation,
+          variables: [
+            applicationClientId: client_id,
+            userCode: user_code
+          ]
+        )
+
+      assert is_nil(res["errors"])
+
+      assert %{
+               "clientId" => ^client_id,
+               "scope" => _scope
+             } = res["data"]["authorizeDeviceApplication"]
+    end
+  end
+end
diff --git a/test/graphql/resolvers/comment_test.exs b/test/graphql/resolvers/comment_test.exs
index 778a11885..9d6344200 100644
--- a/test/graphql/resolvers/comment_test.exs
+++ b/test/graphql/resolvers/comment_test.exs
@@ -99,7 +99,7 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "You are not allowed to create a comment if not connected"
+               "You need to be logged in"
     end
 
     test "create_comment/3 creates a reply to a comment", %{
@@ -166,7 +166,7 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "You are not allowed to delete a comment if not connected"
+               "You need to be logged in"
 
       # Change the current actor for user
       actor2 = insert(:actor, user: user)
@@ -218,10 +218,11 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
           variables: %{commentId: comment.id}
         )
 
+      assert res["errors"] == nil
       assert res["data"]["deleteComment"]["id"] == to_string(comment.id)
 
       query = """
-      {
+      query ActionLogs {
         actionLogs {
           total
           elements {
@@ -254,11 +255,11 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
       res =
         conn
         |> auth_conn(user_moderator)
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs"))
+        |> AbsintheHelpers.graphql_query(query: query)
 
-      refute json_response(res, 200)["errors"]
+      refute res["errors"]
 
-      assert hd(json_response(res, 200)["data"]["actionLogs"]["elements"]) == %{
+      assert hd(res["data"]["actionLogs"]["elements"]) == %{
                "action" => "COMMENT_DELETION",
                "actor" => %{"preferredUsername" => actor_moderator.preferred_username},
                "object" => %{"text" => comment.text, "id" => to_string(comment.id)}
diff --git a/test/graphql/resolvers/event_test.exs b/test/graphql/resolvers/event_test.exs
index 7db786bca..9ba1994f4 100644
--- a/test/graphql/resolvers/event_test.exs
+++ b/test/graphql/resolvers/event_test.exs
@@ -1510,53 +1510,51 @@ defmodule Mobilizon.Web.Resolvers.EventTest do
   end
 
   describe "delete_event/3" do
+    @delete_event_mutation """
+    mutation DeleteEvent($eventId: ID!) {
+      deleteEvent(
+        eventId: $eventId
+      ) {
+          id
+        }
+      }
+    """
+
     test "delete_event/3 deletes an event", %{conn: conn, user: user, actor: actor} do
       event = insert(:event, organizer_actor: actor)
 
-      mutation = """
-          mutation {
-            deleteEvent(
-              event_id: #{event.id}
-            ) {
-                id
-              }
-            }
-      """
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @delete_event_mutation,
+          variables: [eventId: event.id]
+        )
+
+      assert res["errors"] == nil
+      assert res["data"]["deleteEvent"]["id"] == to_string(event.id)
 
       res =
         conn
         |> auth_conn(user)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(
+          query: @delete_event_mutation,
+          variables: [eventId: event.id]
+        )
 
-      assert json_response(res, 200)["errors"] == nil
-      assert json_response(res, 200)["data"]["deleteEvent"]["id"] == to_string(event.id)
-
-      res =
-        conn
-        |> auth_conn(user)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
-
-      assert hd(json_response(res, 200)["errors"])["message"] =~ "not found"
+      assert hd(res["errors"])["message"] =~ "not found"
     end
 
     test "delete_event/3 should check the user is authenticated", %{conn: conn, actor: actor} do
       event = insert(:event, organizer_actor: actor)
 
-      mutation = """
-          mutation {
-            deleteEvent(
-              event_id: #{event.id}
-            ) {
-                id
-              }
-            }
-      """
-
       res =
-        conn
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        AbsintheHelpers.graphql_query(conn,
+          query: @delete_event_mutation,
+          variables: [eventId: event.id]
+        )
 
-      assert hd(json_response(res, 200)["errors"])["message"] =~ "logged-in"
+      assert hd(res["errors"])["message"] =~ "logged in"
     end
 
     test "delete_event/3 should check the event can be deleted by the user", %{
@@ -1567,22 +1565,15 @@ defmodule Mobilizon.Web.Resolvers.EventTest do
       actor2 = insert(:actor)
       event = insert(:event, organizer_actor: actor2)
 
-      mutation = """
-          mutation {
-            deleteEvent(
-              event_id: #{event.id}
-            ) {
-                id
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(
+          query: @delete_event_mutation,
+          variables: [eventId: event.id]
+        )
 
-      assert hd(json_response(res, 200)["errors"])["message"] =~ "cannot delete"
+      assert hd(res["errors"])["message"] =~ "cannot delete"
     end
 
     test "delete_event/3 allows a event being deleted by a moderator and creates a entry in actionLogs",
@@ -1597,22 +1588,16 @@ defmodule Mobilizon.Web.Resolvers.EventTest do
       actor2 = insert(:actor)
       event = insert(:event, organizer_actor: actor2)
 
-      mutation = """
-          mutation {
-            deleteEvent(
-              event_id: #{event.id}
-            ) {
-                id
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user_moderator)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(
+          query: @delete_event_mutation,
+          variables: [eventId: event.id]
+        )
 
-      assert json_response(res, 200)["data"]["deleteEvent"]["id"] == to_string(event.id)
+      assert res["errors"] == nil
+      assert res["data"]["deleteEvent"]["id"] == to_string(event.id)
 
       query = """
       {
diff --git a/test/graphql/resolvers/feed_token_test.exs b/test/graphql/resolvers/feed_token_test.exs
index bc2d353ce..e44695367 100644
--- a/test/graphql/resolvers/feed_token_test.exs
+++ b/test/graphql/resolvers/feed_token_test.exs
@@ -13,124 +13,115 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedTokenTest do
     {:ok, conn: conn, actor: actor, user: user}
   end
 
+  @user_feed_tokens_query """
+  query LoggedUserFeedTokens {
+    loggedUser {
+      feedTokens {
+        token
+      }
+    }
+  }
+  """
+
+  @logged_person_feed_tokens_query """
+  query LoggedPersonFeedTokens {
+    loggedPerson {
+      feedTokens {
+        token
+      }
+    }
+  }
+  """
+
   describe "Feed Token Resolver" do
-    test "create_feed_token/3 should create a feed token", %{conn: conn, user: user} do
-      actor2 = insert(:actor, user: user)
-
-      mutation = """
-          mutation {
-            createFeedToken(
-              actor_id: #{actor2.id},
-            ) {
-                token,
-                actor {
-                  id
-                },
-                user {
-                  id
-                }
-              }
-            }
-      """
-
-      res =
-        conn
-        |> auth_conn(user)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
-
-      assert json_response(res, 200)["errors"] == nil
-      token = json_response(res, 200)["data"]["createFeedToken"]["token"]
-      assert is_binary(token)
-      # TODO: Investigate why user id is a string when actor id is a number
-      assert json_response(res, 200)["data"]["createFeedToken"]["user"]["id"] ==
-               to_string(user.id)
-
-      assert json_response(res, 200)["data"]["createFeedToken"]["actor"]["id"] ==
-               to_string(actor2.id)
-
-      # The token is present for the user
-      query = """
-      {
-        loggedUser {
-          feedTokens {
-            token
+    @create_feed_token_for_actor_mutation """
+    mutation CreatePersonFeedToken($actorId: ID!) {
+      createFeedToken(actorId: $actorId) {
+          token
+          actor {
+            id
+          }
+          user {
+            id
           }
         }
       }
-      """
+    """
+
+    @create_feed_token_for_user_mutation """
+    mutation CreateFeedToken {
+      createFeedToken {
+          token
+          user {
+            id
+          }
+        }
+      }
+    """
+
+    test "create_feed_token/3 should create a feed token", %{conn: conn, user: user} do
+      actor2 = insert(:actor, user: user)
 
       res =
         conn
         |> auth_conn(user)
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "loggedUser"))
+        |> AbsintheHelpers.graphql_query(
+          query: @create_feed_token_for_actor_mutation,
+          variables: [actorId: actor2.id]
+        )
 
-      assert json_response(res, 200)["data"]["loggedUser"] ==
+      assert res["errors"] == nil
+      token = res["data"]["createFeedToken"]["token"]
+      assert is_binary(token)
+
+      assert res["data"]["createFeedToken"]["user"]["id"] ==
+               to_string(user.id)
+
+      assert res["data"]["createFeedToken"]["actor"]["id"] ==
+               to_string(actor2.id)
+
+      # The token is present for the user
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(query: @user_feed_tokens_query)
+
+      assert res["data"]["loggedUser"] ==
                %{
                  "feedTokens" => [%{"token" => token}]
                }
 
       # But not for this identity
-      query = """
-      {
-        loggedPerson {
-          feedTokens {
-            token
-          }
-        }
-      }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "loggedPerson"))
+        |> AbsintheHelpers.graphql_query(query: @logged_person_feed_tokens_query)
 
-      assert json_response(res, 200)["data"]["loggedPerson"] ==
+      assert res["data"]["loggedPerson"] ==
                %{
                  "feedTokens" => []
                }
 
-      mutation = """
-         mutation {
-            createFeedToken {
-                token,
-                user {
-                  id
-                }
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(query: @create_feed_token_for_user_mutation)
 
-      assert json_response(res, 200)["errors"] == nil
-      token2 = json_response(res, 200)["data"]["createFeedToken"]["token"]
+      assert res["errors"] == nil
+      token2 = res["data"]["createFeedToken"]["token"]
       assert is_binary(token2)
-      assert is_nil(json_response(res, 200)["data"]["createFeedToken"]["actor"])
+      assert is_nil(res["data"]["createFeedToken"]["actor"])
 
-      assert json_response(res, 200)["data"]["createFeedToken"]["user"]["id"] ==
+      assert res["data"]["createFeedToken"]["user"]["id"] ==
                to_string(user.id)
 
       # The token is present for the user
-      query = """
-      {
-        loggedUser {
-          feedTokens {
-            token
-          }
-        }
-      }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> get("/api", AbsintheHelpers.query_skeleton(query, "loggedUser"))
+        |> AbsintheHelpers.graphql_query(query: @user_feed_tokens_query)
 
-      assert json_response(res, 200)["data"]["loggedUser"] ==
+      assert res["data"]["loggedUser"] ==
                %{
                  "feedTokens" => [%{"token" => token}, %{"token" => token2}]
                }
@@ -142,22 +133,15 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedTokenTest do
     } do
       actor = insert(:actor)
 
-      mutation = """
-          mutation {
-            createFeedToken(
-              actor_id: #{actor.id}
-            ) {
-                token
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(
+          query: @create_feed_token_for_actor_mutation,
+          variables: [actorId: actor.id]
+        )
 
-      assert hd(json_response(res, 200)["errors"])["message"] =~ "not owned"
+      assert hd(res["errors"])["message"] =~ "not owned"
     end
 
     test "delete_feed_token/3 should delete a feed token", %{
@@ -257,7 +241,7 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedTokenTest do
         conn
         |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
 
-      assert hd(json_response(res, 200)["errors"])["message"] =~ "if not connected"
+      assert "You need to be logged in" == hd(json_response(res, 200)["errors"])["message"]
     end
 
     test "delete_feed_token/3 should check the correct user is logged in", %{
diff --git a/test/graphql/resolvers/follower_test.exs b/test/graphql/resolvers/follower_test.exs
index db0602755..6c1da8299 100644
--- a/test/graphql/resolvers/follower_test.exs
+++ b/test/graphql/resolvers/follower_test.exs
@@ -70,9 +70,8 @@ defmodule Mobilizon.Web.Resolvers.FollowerTest do
           variables: %{name: preferred_username}
         )
 
-      assert res["errors"] == nil
-      assert res["data"]["group"]["followers"]["total"] == 1
-      assert res["data"]["group"]["followers"]["elements"] == []
+      assert hd(res["errors"])["message"] ==
+               "Not authorized to access object paginated_follower_list"
     end
 
     test "without being a member", %{
diff --git a/test/graphql/resolvers/group_test.exs b/test/graphql/resolvers/group_test.exs
index 528014741..0ff56ced0 100644
--- a/test/graphql/resolvers/group_test.exs
+++ b/test/graphql/resolvers/group_test.exs
@@ -107,7 +107,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
 
       res = AbsintheHelpers.graphql_query(conn, query: @list_groups_query)
 
-      assert hd(res["errors"])["message"] == "You may not list groups unless moderator."
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "list_groups/3 doesn't return all groups if not a moderator", %{conn: conn} do
@@ -121,7 +121,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
         |> auth_conn(user)
         |> AbsintheHelpers.graphql_query(query: @list_groups_query)
 
-      assert hd(res["errors"])["message"] == "You may not list groups unless moderator."
+      assert hd(res["errors"])["message"] == "You don't have permission to do this"
     end
 
     test "list_groups/3 returns all groups if a moderator", %{conn: conn} do
@@ -146,6 +146,14 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
 
   describe "find a group" do
     @group_query """
+      query Group($preferredUsername: String!) {
+        group(preferredUsername: $preferredUsername) {
+          preferredUsername
+        }
+      }
+    """
+
+    @group_with_member_query """
       query Group($preferredUsername: String!) {
         group(preferredUsername: $preferredUsername) {
             preferredUsername,
@@ -173,19 +181,14 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
       res =
         conn
         |> AbsintheHelpers.graphql_query(
-          query: @group_query,
+          query: @group_with_member_query,
           variables: %{
             preferredUsername: group.preferred_username
           }
         )
 
-      assert res["errors"] == nil
-
-      assert res["data"]["group"]["preferredUsername"] ==
-               group.preferred_username
-
-      assert res["data"]["group"]["members"]["total"] == 2
-      assert res["data"]["group"]["members"]["elements"] == []
+      assert hd(res["errors"])["message"] ==
+               "Not authorized to access object paginated_member_list"
 
       # Login with non-member
       res =
@@ -203,15 +206,12 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
       assert res["data"]["group"]["preferredUsername"] ==
                group.preferred_username
 
-      assert res["data"]["group"]["members"]["total"] == 2
-      assert res["data"]["group"]["members"]["elements"] == []
-
       # Login with member
       res =
         conn
         |> auth_conn(user)
         |> AbsintheHelpers.graphql_query(
-          query: @group_query,
+          query: @group_with_member_query,
           variables: %{
             preferredUsername: group.preferred_username,
             actorId: actor.id
@@ -252,18 +252,14 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
       res =
         conn
         |> AbsintheHelpers.graphql_query(
-          query: @group_query,
+          query: @group_with_member_query,
           variables: %{
             preferredUsername: group.preferred_username
           }
         )
 
-      assert res["errors"] == nil
-
-      assert res["data"]["group"]["preferredUsername"] ==
-               group.preferred_username
-
-      assert res["data"]["group"]["members"] == %{"elements" => [], "total" => 1}
+      assert hd(res["errors"])["message"] ==
+               "Not authorized to access object paginated_member_list"
     end
   end
 
@@ -334,7 +330,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
           variables: %{id: group.id, name: @new_group_name}
         )
 
-      assert hd(res["errors"])["message"] == "You need to be logged-in to update a group"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "update_group/3 requires to be an admin of the group to update a group", %{
@@ -436,7 +432,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
           variables: %{groupId: group.id}
         )
 
-      assert hd(res["errors"])["message"] =~ "logged-in"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "delete_group/3 should check the actor is owned by the user", %{
@@ -515,7 +511,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
           variables: %{groupId: group.id}
         )
 
-      assert hd(res["errors"])["message"] == "You need to be logged-in to follow a group"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "when group doesn't exist", %{conn: conn, user: user} do
@@ -564,7 +560,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
           variables: %{groupId: group.id}
         )
 
-      assert hd(res["errors"])["message"] == "You need to be logged-in to unfollow a group"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "when group doesn't exist", %{conn: conn, user: user} do
@@ -631,7 +627,7 @@ defmodule Mobilizon.Web.Resolvers.GroupTest do
           variables: %{followId: follow.id}
         )
 
-      assert hd(res["errors"])["message"] == "You need to be logged-in to update a group follow"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "when follow doesn't exist", %{conn: conn, user: user} do
diff --git a/test/graphql/resolvers/media_test.exs b/test/graphql/resolvers/media_test.exs
index 34c3a821c..b3edee55e 100644
--- a/test/graphql/resolvers/media_test.exs
+++ b/test/graphql/resolvers/media_test.exs
@@ -434,7 +434,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MediaTest do
           variables: %{email: user.email}
         )
 
-      assert is_nil(res["errors"])
+      assert res["errors"] == nil
       assert hd(res["data"]["users"]["elements"])["mediaSize"] == 0
 
       res = upload_media(conn, user)
diff --git a/test/graphql/resolvers/member_test.exs b/test/graphql/resolvers/member_test.exs
index e2ed49903..ff5051eb4 100644
--- a/test/graphql/resolvers/member_test.exs
+++ b/test/graphql/resolvers/member_test.exs
@@ -152,7 +152,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MemberTest do
           variables: %{groupId: group.id}
         )
 
-      assert hd(res["errors"])["message"] =~ "logged-in"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "leave_group/3 should check the group exists", %{
@@ -432,7 +432,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MemberTest do
           }
         )
 
-      assert hd(res["errors"])["message"] == "You must be logged-in to update a member"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "update_member/3 fails when not a member of the group", %{
@@ -575,7 +575,7 @@ defmodule Mobilizon.GraphQL.Resolvers.MemberTest do
           }
         )
 
-      assert hd(res["errors"])["message"] == "You must be logged-in to remove a member"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
 
     test "remove_member/3 fails when not a member of the group", %{
diff --git a/test/graphql/resolvers/person_test.exs b/test/graphql/resolvers/person_test.exs
index 7169240d0..71c4bf20b 100644
--- a/test/graphql/resolvers/person_test.exs
+++ b/test/graphql/resolvers/person_test.exs
@@ -29,6 +29,7 @@ defmodule Mobilizon.GraphQL.Resolvers.PersonTest do
     }
   """
 
+  # TODO: Remove this
   @fetch_identities_query """
   {
     identities {
@@ -824,7 +825,7 @@ defmodule Mobilizon.GraphQL.Resolvers.PersonTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "Only moderators and administrators can suspend a profile"
+               "You don't have permission to do this"
     end
   end
 end
diff --git a/test/graphql/resolvers/report_test.exs b/test/graphql/resolvers/report_test.exs
index 62e17b94d..30ab06996 100644
--- a/test/graphql/resolvers/report_test.exs
+++ b/test/graphql/resolvers/report_test.exs
@@ -165,7 +165,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
         )
 
       assert res["errors"] |> hd |> Map.get("message") ==
-               "You need to be logged-in and a moderator to update a report"
+               "You need to be logged in"
     end
 
     test "update_report/3 without being a moderator doesn't update any report", %{conn: conn} do
@@ -181,7 +181,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
         )
 
       assert res["errors"] |> hd |> Map.get("message") ==
-               "You need to be logged-in and a moderator to update a report"
+               "You don't have permission to do this"
     end
   end
 
@@ -209,7 +209,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
       res = AbsintheHelpers.graphql_query(conn, query: @reports_query)
 
       assert hd(res["errors"])["message"] ==
-               "You need to be logged-in and a moderator to list reports"
+               "You need to be logged in"
 
       res =
         conn
@@ -296,7 +296,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
         |> get("/api", AbsintheHelpers.query_skeleton(query, "report"))
 
       assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
-               "You need to be logged-in and a moderator to view a report"
+               "You need to be logged in"
 
       res =
         conn
diff --git a/test/graphql/resolvers/resource_test.exs b/test/graphql/resolvers/resource_test.exs
index d112572a5..4948c5b3c 100644
--- a/test/graphql/resolvers/resource_test.exs
+++ b/test/graphql/resolvers/resource_test.exs
@@ -260,10 +260,8 @@ defmodule Mobilizon.GraphQL.Resolvers.ResourceTest do
           }
         )
 
-      assert is_nil(res["errors"])
-
-      assert res["data"]["group"]["resources"]["total"] == 0
-      assert res["data"]["group"]["resources"]["elements"] == []
+      assert hd(res["errors"])["message"] ==
+               "Not authorized to access object paginated_resource_list"
     end
   end
 
@@ -380,7 +378,7 @@ defmodule Mobilizon.GraphQL.Resolvers.ResourceTest do
           }
         )
 
-      assert hd(res["errors"])["message"] == "You need to be logged-in to access resources"
+      assert hd(res["errors"])["message"] == "You need to be logged in"
     end
   end
 
diff --git a/test/graphql/resolvers/search_test.exs b/test/graphql/resolvers/search_test.exs
index 56b75e5f2..e91377b9b 100644
--- a/test/graphql/resolvers/search_test.exs
+++ b/test/graphql/resolvers/search_test.exs
@@ -239,21 +239,44 @@ defmodule Mobilizon.GraphQL.Resolvers.SearchTest do
     }
     """
 
-    test "finds persons with basic search", %{
-      conn: conn,
-      user: user
+    test "without being logged-in", %{
+      conn: conn
     } do
-      actor = insert(:actor, user: user, preferred_username: "test_person")
-      insert(:actor, type: :Group, preferred_username: "test_group")
-      event = insert(:event, title: "test_event")
-      Workers.BuildSearch.insert_search_event(event)
-
       res =
         AbsintheHelpers.graphql_query(conn,
           query: @search_persons_query,
           variables: %{term: "test"}
         )
 
+      assert hd(res["errors"])["message"] == "You need to be logged in"
+    end
+
+    test "without being a moderator", %{
+      conn: conn,
+      user: user
+    } do
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(query: @search_persons_query, variables: %{term: "test"})
+
+      assert hd(res["errors"])["message"] == "You don't have permission to do this"
+    end
+
+    test "finds persons with basic search", %{
+      conn: conn
+    } do
+      user = insert(:user, role: :moderator)
+      actor = insert(:actor, preferred_username: "test_person")
+      insert(:actor, type: :Group, preferred_username: "test_group")
+      event = insert(:event, title: "test_event")
+      Workers.BuildSearch.insert_search_event(event)
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(query: @search_persons_query, variables: %{term: "test"})
+
       assert res["errors"] == nil
       assert res["data"]["searchPersons"]["total"] == 1
       assert res["data"]["searchPersons"]["elements"] |> length == 1
@@ -263,10 +286,10 @@ defmodule Mobilizon.GraphQL.Resolvers.SearchTest do
     end
 
     test "finds persons with word search", %{
-      conn: conn,
-      user: user
+      conn: conn
     } do
-      actor = insert(:actor, user: user, preferred_username: "person", name: "I like pineapples")
+      user = insert(:user, role: :moderator)
+      actor = insert(:actor, preferred_username: "person", name: "I like pineapples")
       insert(:actor, preferred_username: "group", type: :Group, name: "pineapple group")
       event1 = insert(:event, title: "Pineapple fashion week")
       event2 = insert(:event, title: "I love pineAPPLE")
@@ -276,7 +299,9 @@ defmodule Mobilizon.GraphQL.Resolvers.SearchTest do
       Workers.BuildSearch.insert_search_event(event3)
 
       res =
-        AbsintheHelpers.graphql_query(conn,
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
           query: @search_persons_query,
           variables: %{term: "pineapple"}
         )
diff --git a/test/graphql/resolvers/tag_test.exs b/test/graphql/resolvers/tag_test.exs
index b8f78970d..0746074e9 100644
--- a/test/graphql/resolvers/tag_test.exs
+++ b/test/graphql/resolvers/tag_test.exs
@@ -5,7 +5,12 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
 
   alias Mobilizon.GraphQL.AbsintheHelpers
 
-  describe "Tag Resolver" do
+  setup do
+    user = insert(:user)
+    {:ok, user: user}
+  end
+
+  describe "list_tags/3" do
     @tags_query """
     query Tags($filter: String) {
       tags(filter: $filter) {
@@ -21,7 +26,16 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
     }
     """
 
-    test "list_tags/3 returns the list of tags", %{conn: conn} do
+    test "requires being logged-in", %{conn: conn, user: user} do
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(query: @tags_query)
+
+      assert res["errors"] == nil
+    end
+
+    test "returns the list of tags", %{conn: conn, user: user} do
       tag1 = insert(:tag)
       tag2 = insert(:tag)
       tag3 = insert(:tag)
@@ -30,8 +44,10 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
 
       res =
         conn
+        |> auth_conn(user)
         |> AbsintheHelpers.graphql_query(query: @tags_query)
 
+      assert res["errors"] == nil
       tags = res["data"]["tags"]
       assert tags |> length == 3
 
@@ -46,15 +62,17 @@ defmodule Mobilizon.GraphQL.Resolvers.TagTest do
                |> MapSet.new()
     end
 
-    test "list_tags/3 returns tags for a filter", %{conn: conn} do
+    test "returns tags for a filter", %{conn: conn, user: user} do
       tag1 = insert(:tag, title: "PineApple", slug: "pineapple")
       tag2 = insert(:tag, title: "sexy pineapple", slug: "sexy-pineapple")
       _tag3 = insert(:tag)
 
       res =
         conn
+        |> auth_conn(user)
         |> AbsintheHelpers.graphql_query(query: @tags_query, variables: %{filter: "apple"})
 
+      assert res["errors"] == nil
       tags = res["data"]["tags"]
       assert tags |> length == 2
       assert [tag1.id, tag2.id] == tags |> Enum.map(&String.to_integer(&1["id"]))
diff --git a/test/graphql/resolvers/user_test.exs b/test/graphql/resolvers/user_test.exs
index 00f61ee19..0dd1affb1 100644
--- a/test/graphql/resolvers/user_test.exs
+++ b/test/graphql/resolvers/user_test.exs
@@ -949,63 +949,57 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
   end
 
   describe "Resolver: Refresh a token" do
-    test "test refresh_token/3 with a bad token", context do
-      mutation = """
-          mutation {
-            refreshToken(
-              refreshToken: "bad_token"
-            ) {
-              accessToken
-            }
-          }
-      """
+    @refresh_token_mutation """
+    mutation RefreshToken($refreshToken: String!) {
+      refreshToken(
+        refreshToken: $refreshToken
+      ) {
+        accessToken
+      }
+    }
+    """
 
+    @logged_person_query """
+    query LoggedPerson {
+      loggedPerson {
+        preferredUsername,
+      }
+    }
+    """
+
+    test "test refresh_token/3 with a bad token", %{conn: conn} do
       res =
-        context.conn
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        AbsintheHelpers.graphql_query(conn,
+          query: @refresh_token_mutation,
+          variables: [refreshToken: "bad_token"]
+        )
 
-      assert hd(json_response(res, 200)["errors"])["message"] ==
+      assert hd(res["errors"])["message"] ==
                "Cannot refresh the token"
     end
 
-    test "test refresh_token/3 with an appropriate token", context do
+    test "test refresh_token/3 with an appropriate token", %{conn: conn} do
       user = insert(:user)
       insert(:actor, user: user)
       {:ok, refresh_token} = Authenticator.generate_refresh_token(user)
 
-      mutation = """
-          mutation {
-            refreshToken(
-              refreshToken: "#{refresh_token}"
-            ) {
-              accessToken
-            }
-          }
-      """
-
       res =
-        context.conn
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        AbsintheHelpers.graphql_query(conn,
+          query: @refresh_token_mutation,
+          variables: [refreshToken: refresh_token]
+        )
 
-      assert json_response(res, 200)["errors"] == nil
+      assert res["errors"] == nil
 
-      access_token = json_response(res, 200)["data"]["refreshToken"]["accessToken"]
+      access_token = res["data"]["refreshToken"]["accessToken"]
       assert String.length(access_token) > 10
 
-      query = """
-      {
-          loggedPerson {
-            preferredUsername,
-          }
-        }
-      """
-
       res =
-        context.conn
+        conn
         |> Plug.Conn.put_req_header("authorization", "Bearer #{access_token}")
-        |> post("/api", AbsintheHelpers.query_skeleton(query, "logged_person"))
+        |> AbsintheHelpers.graphql_query(query: @logged_person_query)
 
-      assert json_response(res, 200)["errors"] == nil
+      assert res["errors"] == nil
     end
   end
 
@@ -1246,7 +1240,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
         |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
 
       assert hd(json_response(res, 200)["errors"])["message"] ==
-               "You need to be logged-in to change your password"
+               "You need to be logged in"
     end
   end
 
@@ -1443,7 +1437,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "You need to be logged-in to change your email"
+               "You need to be logged in"
     end
   end
 
@@ -1566,7 +1560,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
         )
 
       assert hd(res["errors"])["message"] ==
-               "You need to be logged-in to delete your account"
+               "You need to be logged in"
     end
   end
 end
diff --git a/test/mobilizon/applications_test.exs b/test/mobilizon/applications_test.exs
index 01fbc41ed..9e8fd57c6 100644
--- a/test/mobilizon/applications_test.exs
+++ b/test/mobilizon/applications_test.exs
@@ -25,14 +25,15 @@ defmodule Mobilizon.ApplicationsTest do
         name: "some name",
         client_id: "hello",
         client_secret: "secret",
-        redirect_uris: "somewhere\nelse"
+        redirect_uris: ["somewhere", "else"],
+        scope: "read"
       }
 
       assert {:ok, %Application{} = application} = Applications.create_application(valid_attrs)
       assert application.name == "some name"
       assert application.client_id == "hello"
       assert application.client_secret == "secret"
-      assert application.redirect_uris == "somewhere\nelse"
+      assert application.redirect_uris == ["somewhere", "else"]
     end
 
     test "create_application/1 with invalid data returns error changeset" do
@@ -95,7 +96,8 @@ defmodule Mobilizon.ApplicationsTest do
       valid_attrs = %{
         user_id: user.id,
         application_id: application.id,
-        authorization_code: "hey hello"
+        authorization_code: "hey hello",
+        scope: "read"
       }
 
       assert {:ok, %ApplicationToken{} = application_token} =
@@ -149,7 +151,11 @@ defmodule Mobilizon.ApplicationsTest do
 
     import Mobilizon.ApplicationsFixtures
 
-    @invalid_attrs %{}
+    @invalid_attrs %{
+      application_id: nil,
+      scope: nil,
+      expires_in: nil
+    }
 
     test "list_application_device_activation/0 returns all application_device_activation" do
       application_device_activation = application_device_activation_fixture()
@@ -164,10 +170,20 @@ defmodule Mobilizon.ApplicationsTest do
     end
 
     test "create_application_device_activation/1 with valid data creates a application_device_activation" do
-      valid_attrs = %{}
+      application = application_fixture()
+
+      valid_attrs = %{
+        user_code: "hello",
+        device_code: "some code",
+        expires_in: 900,
+        application_id: application.id,
+        scope: "read"
+      }
 
       assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
                Applications.create_application_device_activation(valid_attrs)
+
+      assert application_device_activation == "read"
     end
 
     test "create_application_device_activation/1 with invalid data returns error changeset" do
@@ -177,13 +193,18 @@ defmodule Mobilizon.ApplicationsTest do
 
     test "update_application_device_activation/2 with valid data updates the application_device_activation" do
       application_device_activation = application_device_activation_fixture()
-      update_attrs = %{}
+
+      update_attrs = %{
+        status: "success"
+      }
 
       assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
                Applications.update_application_device_activation(
                  application_device_activation,
                  update_attrs
                )
+
+      assert application_device_activation == "success"
     end
 
     test "update_application_device_activation/2 with invalid data returns error changeset" do
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index 0fa052520..dc9a4798a 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -18,7 +18,6 @@ defmodule Mobilizon.Web.ConnCase do
   alias Ecto.Adapters.SQL.Sandbox, as: Adapter
 
   alias Mobilizon.Storage.Repo
-  alias Mobilizon.Users.User
 
   alias Mobilizon.Web.Auth
 
@@ -33,13 +32,20 @@ defmodule Mobilizon.Web.ConnCase do
       # The default endpoint for testing
       @endpoint Mobilizon.Web.Endpoint
 
-      def auth_conn(%Plug.Conn{} = conn, %User{} = user) do
+      def auth_conn(%Plug.Conn{} = conn, user) do
         {:ok, token, _claims} = Auth.Guardian.encode_and_sign(user)
 
         conn
         |> Plug.Conn.put_req_header("authorization", "Bearer #{token}")
         |> Plug.Conn.put_req_header("accept", "application/json")
       end
+
+      @spec set_token(Plug.Conn.t(), String.t()) :: Plug.Conn.t()
+      def set_token(%Plug.Conn{} = conn, token) do
+        conn
+        |> Plug.Conn.put_req_header("authorization", "Bearer #{token}")
+        |> Plug.Conn.put_req_header("accept", "application/json")
+      end
     end
   end
 
diff --git a/test/support/factory.ex b/test/support/factory.ex
index 2dd093bf9..699f834e8 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -503,4 +503,37 @@ defmodule Mobilizon.Factory do
       type: :string
     }
   end
+
+  def auth_application_factory do
+    %Mobilizon.Applications.Application{
+      name: sequence("My app"),
+      client_id: :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42),
+      client_secret: :crypto.strong_rand_bytes(42) |> Base.encode64() |> binary_part(0, 42),
+      redirect_uris: [sequence("https://someredir.uri")],
+      scope: "read write",
+      website: "https://somewebsite.com"
+    }
+  end
+
+  def auth_application_token_factory do
+    %Mobilizon.Applications.ApplicationToken{
+      authorization_code: sequence("some code"),
+      status: "pending",
+      scope: "read write",
+      user: build(:user),
+      application: build(:auth_application)
+    }
+  end
+
+  def auth_application_device_activation_factory do
+    %Mobilizon.Applications.ApplicationDeviceActivation{
+      user_code: :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8),
+      device_code: :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8),
+      status: "pending",
+      scope: "read write",
+      expires_in: 600,
+      user: build(:user),
+      application: build(:auth_application)
+    }
+  end
 end
diff --git a/test/support/fixtures/applications_fixtures.ex b/test/support/fixtures/applications_fixtures.ex
index 0607e6981..c8360a10c 100644
--- a/test/support/fixtures/applications_fixtures.ex
+++ b/test/support/fixtures/applications_fixtures.ex
@@ -16,7 +16,8 @@ defmodule Mobilizon.ApplicationsFixtures do
         name: "some name",
         client_id: "hello",
         client_secret: "secret",
-        redirect_uris: "somewhere\nelse"
+        redirect_uris: ["somewhere", "else"],
+        scope: "read"
       })
       |> Mobilizon.Applications.create_application()
 
@@ -34,7 +35,9 @@ defmodule Mobilizon.ApplicationsFixtures do
       |> Enum.into(%{
         application_id: application_fixture().id,
         user_id: user.id,
-        authorization_code: "some code"
+        authorization_code: "some code",
+        scope: "read",
+        status: :pending
       })
       |> Mobilizon.Applications.create_application_token()
 
@@ -47,7 +50,13 @@ defmodule Mobilizon.ApplicationsFixtures do
   def application_device_activation_fixture(attrs \\ %{}) do
     {:ok, application_device_activation} =
       attrs
-      |> Enum.into(%{})
+      |> Enum.into(%{
+        user_code: "hello",
+        device_code: "computers",
+        expires_in: 600,
+        application_id: application_fixture().id,
+        scope: "read"
+      })
       |> Mobilizon.Applications.create_application_device_activation()
 
     application_device_activation
diff --git a/test/web/controllers/application_controller_test.exs b/test/web/controllers/application_controller_test.exs
new file mode 100644
index 000000000..fd1f0d7f3
--- /dev/null
+++ b/test/web/controllers/application_controller_test.exs
@@ -0,0 +1,563 @@
+defmodule Mobilizon.Web.ApplicationControllerTest do
+  use Mobilizon.Web.ConnCase
+  alias Mobilizon.Service.Auth.Applications
+  alias Mobilizon.Web.Router.Helpers, as: Routes
+  import Mobilizon.Factory
+
+  describe "create application" do
+    test "requires all parameters",
+         %{conn: conn} do
+      conn =
+        conn
+        |> post("/apps", %{"name" => "hello"})
+
+      assert response(conn, 400) ==
+               "All of name, scope and redirect_uri parameters are required to create an application"
+    end
+
+    test "requires valid scopes",
+         %{conn: conn} do
+      conn =
+        conn
+        |> post("/apps", %{
+          "name" => "hello",
+          "redirect_uris" => "hello",
+          "scope" => "write nothing"
+        })
+
+      assert response(conn, 400) ==
+               "The scope parameter is not a space separated list of valid scopes"
+    end
+
+    test "works",
+         %{conn: conn} do
+      name = "hello"
+      redirect_uris = ["hello", "world"]
+      scope = "read write:event:create"
+      website = "hi"
+
+      conn =
+        conn
+        |> post("/apps", %{
+          "name" => name,
+          "redirect_uris" => Enum.join(redirect_uris, "\n"),
+          "scope" => scope,
+          "website" => website
+        })
+
+      assert %{
+               "name" => ^name,
+               "redirect_uris" => ^redirect_uris,
+               "scope" => ^scope,
+               "website" => ^website,
+               "client_id" => _client_id,
+               "client_secret" => _client_secret
+             } = json_response(conn, 200)
+    end
+  end
+
+  describe "authorize" do
+    test "without all required params", %{conn: conn} do
+      conn = get(conn, "/oauth/authorize?client_id=hello")
+
+      assert response(conn, 400) ==
+               "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+    end
+
+    test "with all required params redirects to authorization page", %{conn: conn} do
+      conn =
+        get(
+          conn,
+          "/oauth/authorize?client_id=hello&redirect_uri=somewhere&state=something&scope=everything"
+        )
+
+      assert redirected_to(conn) =~ "/oauth/autorize_approve"
+    end
+  end
+
+  describe "generate device code" do
+    test "without all required params", %{conn: conn} do
+      conn = post(conn, "/login/device/code", client_id: "hello")
+
+      assert response(conn, 400) ==
+               "You need to pass both client_id and scope as parameters to obtain a device code"
+    end
+
+    test "with an invalid client_id", %{conn: conn} do
+      conn = post(conn, "/login/device/code", client_id: "hello", scope: "write:event:create")
+
+      assert response(conn, 400) == "No application with this client_id was found"
+    end
+
+    test "with a scope not matching app registered scopes", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      conn =
+        post(conn, "/login/device/code", client_id: app.client_id, scope: "write:event:delete")
+
+      assert response(conn, 400) ==
+               "The given scope is not in the list of the app declared scopes"
+    end
+
+    test "with valid params gives a URL-encoded code", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      conn =
+        post(conn, "/login/device/code", client_id: app.client_id, scope: "write:event:create")
+
+      res = conn |> response(200) |> URI.decode_query()
+
+      verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
+
+      assert %{
+               "device_code" => _device_code,
+               "expires_in" => "900",
+               "interval" => "5",
+               "user_code" => user_code,
+               "verification_uri" => ^verification_uri
+             } = res
+
+      assert Regex.match?(~r/^[A-Z]{4}-[A-Z]{4}$/, user_code)
+    end
+
+    test "with valid params and a JSON Accept header gives a JSON-encoded struct", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      conn =
+        conn
+        |> Plug.Conn.put_req_header("accept", "application/json")
+        |> post("/login/device/code", client_id: app.client_id, scope: "write:event:create")
+
+      res = json_response(conn, 200)
+
+      verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
+
+      assert %{
+               "device_code" => _device_code,
+               "expires_in" => 900,
+               "interval" => 5,
+               "user_code" => user_code,
+               "verification_uri" => ^verification_uri
+             } = res
+
+      assert Regex.match?(~r/^[A-Z]{4}-[A-Z]{4}$/, user_code)
+    end
+  end
+
+  describe "generate access code for device flow" do
+    test "without valid parameters", %{conn: conn} do
+      conn = post(conn, "/oauth/token")
+
+      assert response(conn, 400) ==
+               "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+    end
+
+    test "with invalid client_id", %{conn: conn} do
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: "some_client_id",
+          device_code: "hello"
+        )
+
+      assert response(conn, 400) ==
+               "The client_id provided or the device_code associated is invalid"
+    end
+
+    test "with rejected authorization", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      assert {:ok, _res} =
+               Mobilizon.Applications.create_application_device_activation(%{
+                 device_code: "hello",
+                 user_code: "world",
+                 expires_in: 900,
+                 application_id: app.id,
+                 scope: "write:event:create write:event:update",
+                 status: :access_denied
+               })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      assert response(conn, 401) == "The user rejected the requested authorization"
+    end
+
+    test "with incorrect device code", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      assert {:ok, _res} =
+               Mobilizon.Applications.create_application_device_activation(%{
+                 device_code: "hello",
+                 user_code: "world",
+                 expires_in: 900,
+                 application_id: app.id,
+                 scope: "write:event:create write:event:update",
+                 status: "incorrect_device_code"
+               })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      assert response(conn, 400) ==
+               "The client_id provided or the device_code associated is invalid"
+    end
+
+    test "with an expired device activation", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      assert {:ok, _res} =
+               Mobilizon.Applications.create_application_device_activation(%{
+                 device_code: "hello",
+                 user_code: "world",
+                 expires_in: -40,
+                 application_id: app.id,
+                 scope: "write:event:create write:event:update",
+                 status: "success",
+                 user_id: user.id
+               })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      assert response(conn, 400) ==
+               "The given device_code has expired"
+    end
+
+    test "with valid params", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      assert {:ok, _res} =
+               Mobilizon.Applications.create_application_device_activation(%{
+                 device_code: "hello",
+                 user_code: "world",
+                 expires_in: 600,
+                 application_id: app.id,
+                 scope: "write:event:create write:event:update",
+                 status: "success",
+                 user_id: user.id
+               })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      res = conn |> response(200) |> URI.decode_query()
+
+      assert %{
+               "access_token" => _access_token,
+               "expires_in" => "28800",
+               "refresh_token" => _refresh_token,
+               "refresh_token_expires_in" => "15724800",
+               "scope" => "write:event:create write:event:update",
+               "token_type" => "bearer"
+             } = res
+    end
+
+    test "with valid params as JSON", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      assert {:ok, _res} =
+               Mobilizon.Applications.create_application_device_activation(%{
+                 device_code: "hello",
+                 user_code: "world",
+                 expires_in: 600,
+                 application_id: app.id,
+                 scope: "write:event:create write:event:update",
+                 status: "success",
+                 user_id: user.id
+               })
+
+      conn =
+        conn
+        |> Plug.Conn.put_req_header("accept", "application/json")
+        |> post("/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      res = json_response(conn, 200)
+
+      assert %{
+               "access_token" => _access_token,
+               "expires_in" => 28_800,
+               "refresh_token" => _refresh_token,
+               "refresh_token_expires_in" => 15_724_800,
+               "scope" => "write:event:create write:event:update",
+               "token_type" => "bearer"
+             } = res
+    end
+  end
+
+  describe "generate access code for authorization flow" do
+    test "with invalid client_id", %{conn: conn} do
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: "some_client_id",
+          client_secret: "some_client_secret",
+          code: "hello",
+          redirect_uri: "some redirect uri",
+          scope: "hello"
+        )
+
+      assert json_response(conn, 200)["details"] ==
+               "No application was found with this client_id"
+    end
+
+    test "with invalid redirect_uri", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: app.client_secret,
+          code: "hello",
+          redirect_uri: "nope",
+          scope: "hello"
+        )
+
+      assert json_response(conn, 200)["details"] ==
+               "This redirect URI is not allowed"
+    end
+
+    test "with invalid code", %{conn: conn} do
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: app.client_secret,
+          code: "hello",
+          redirect_uri: "hello",
+          scope: "hello"
+        )
+
+      assert json_response(conn, 200)["details"] ==
+               "The provided code is invalid or expired"
+    end
+
+    test "with invalid client secret", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      Mobilizon.Applications.create_application_token(%{
+        user_id: user.id,
+        application_id: app.id,
+        authorization_code: "hi there",
+        scope: "write:event:create write:event:update"
+      })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: "not the client secret",
+          code: "hi there",
+          redirect_uri: "hello",
+          scope: "write:event:create write:event:update"
+        )
+
+      assert json_response(conn, 200)["details"] ==
+               "The provided client_secret is invalid"
+    end
+
+    test "with an authorization code matching a different app", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      {:ok, app2} =
+        Applications.create("My other app", ["hello"], "write:event:create write:event:update")
+
+      Mobilizon.Applications.create_application_token(%{
+        user_id: user.id,
+        application_id: app2.id,
+        authorization_code: "hi there",
+        scope: "write:event:create write:event:update"
+      })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: app.client_id,
+          code: "hi there",
+          redirect_uri: "hello",
+          scope: "write:event:create write:event:update"
+        )
+
+      assert json_response(conn, 200)["details"] ==
+               "The provided client_id does not match the provided code"
+    end
+
+    test "with valid params", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      Mobilizon.Applications.create_application_token(%{
+        user_id: user.id,
+        application_id: app.id,
+        authorization_code: "hi there",
+        scope: "write:event:create write:event:update"
+      })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: app.client_secret,
+          code: "hi there",
+          redirect_uri: "hello",
+          scope: "write:event:create write:event:update"
+        )
+
+      res = json_response(conn, 200)
+
+      assert %{
+               "access_token" => _access_token,
+               "expires_in" => 28_800,
+               "refresh_token" => _refresh_token,
+               "refresh_token_expires_in" => 15_724_800,
+               "scope" => "write:event:create write:event:update",
+               "token_type" => "bearer"
+             } = res
+    end
+  end
+
+  describe "generate new access code from refresh code" do
+    test "with invalid refresh token", %{conn: conn} do
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "refresh_token",
+          client_id: "hello",
+          client_secret: "secret",
+          refresh_token: "none"
+        )
+
+      assert response(conn, 400) ==
+               "Invalid refresh token provided"
+    end
+
+    test "with invalid client credentials", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      Mobilizon.Applications.create_application_token(%{
+        user_id: user.id,
+        application_id: app.id,
+        authorization_code: "hi there",
+        scope: "write:event:create write:event:update"
+      })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: app.client_secret,
+          code: "hi there",
+          redirect_uri: "hello",
+          scope: "write:event:create write:event:update"
+        )
+
+      res = json_response(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "refresh_token",
+          client_id: "hello",
+          client_secret: "secret",
+          refresh_token: res["refresh_token"]
+        )
+
+      assert response(conn, 400) ==
+               "Invalid client credentials provided"
+    end
+
+    test "with valid params", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      Mobilizon.Applications.create_application_token(%{
+        user_id: user.id,
+        application_id: app.id,
+        authorization_code: "hi there",
+        scope: "write:event:create write:event:update"
+      })
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "authorization_code",
+          client_id: app.client_id,
+          client_secret: app.client_secret,
+          code: "hi there",
+          redirect_uri: "hello",
+          scope: "write:event:create write:event:update"
+        )
+
+      res = json_response(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token",
+          grant_type: "refresh_token",
+          client_id: app.client_id,
+          client_secret: app.client_secret,
+          refresh_token: res["refresh_token"]
+        )
+
+      res = json_response(conn, 200)
+
+      assert %{
+               "access_token" => _access_token,
+               "expires_in" => 28_800,
+               "refresh_token" => _refresh_token,
+               "refresh_token_expires_in" => 15_724_800,
+               "scope" => "write:event:create write:event:update",
+               "token_type" => "bearer"
+             } = res
+    end
+  end
+end

From 59944603b78a64aa45f63d48469612341e1512df Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 17 Mar 2023 19:06:46 +0100
Subject: [PATCH 06/12] Update deps and fix some front-end stuff

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .formatter.exs                                |    1 +
 .sobelow-skips                                |   11 +-
 js/package.json                               |    4 +-
 js/src/components/Event/EventMetadataList.vue |   10 +-
 .../Event/OrganizerPickerWrapper.story.vue    |    4 +-
 .../components/OAuth/AuthorizeApplication.vue |    8 +-
 js/src/composition/apollo/actor.ts            |   18 +-
 js/src/composition/apollo/user.ts             |    8 +-
 js/src/graphql/actor.ts                       |    3 +-
 js/src/utils/identity.ts                      |   20 +-
 .../views/Account/children/EditIdentity.vue   |   22 +-
 js/yarn.lock                                  | 1025 +++++++++--------
 lib/web/endpoint.ex                           |    3 +-
 lib/web/mobilizon_web.ex                      |   15 +
 mix.exs                                       |    9 +-
 mix.lock                                      |   64 +-
 test/support/conn_case.ex                     |    2 +
 17 files changed, 668 insertions(+), 559 deletions(-)

diff --git a/.formatter.exs b/.formatter.exs
index deac09627..c69ead3e3 100644
--- a/.formatter.exs
+++ b/.formatter.exs
@@ -1,4 +1,5 @@
 [
+  import_deps: [:ecto, :ecto_sql, :phoenix],
   plugins: [Phoenix.LiveView.HTMLFormatter],
   inputs: ["{mix,.formatter}.exs", "{config,lib,test,priv}/**/*.{ex,exs,heex}"]
 ]
diff --git a/.sobelow-skips b/.sobelow-skips
index 91f6f52c7..7bc6e895d 100644
--- a/.sobelow-skips
+++ b/.sobelow-skips
@@ -29,4 +29,13 @@ F16F054F2628609A726B9FF2F089D484
 A092A563729E1F2C1C8D5D809A31F754
 BFA12FDEDEAD7DEAB6D44DF6FDFBD5E1
 D9A08930F140F9BA494BB90B3F812C87
-FE1EEB91EA633570F703B251AE2D4D4E
\ No newline at end of file
+FE1EEB91EA633570F703B251AE2D4D4E
+02B15A0FE85181E2470E4E1E6740DFF6
+128653EA565172F81FD177D1D6491CF3
+2EB031217231C480C89EA0C1576EF3CA
+39CFFBCF3FD4F6DB0E4DE4A9A78D3961
+40C6EAD7C05ABB6A85BB904589DEF72F
+49DE9560D506F9E7EF3AFD8DA6E5564B
+759F752FA0768CCC7871895DC2A5CD51
+7EEC79571F3F7CEEB04A8B86D908382A
+E7967805C1EA5301F2722C7BDB2F25F3
\ No newline at end of file
diff --git a/js/package.json b/js/package.json
index 40b802bad..d186ea5c7 100644
--- a/js/package.json
+++ b/js/package.json
@@ -50,7 +50,7 @@
     "@tiptap/vue-3": "^2.0.0-beta.96",
     "@vue-a11y/announcer": "^2.1.0",
     "@vue-a11y/skip-to": "^2.1.2",
-    "@vue-leaflet/vue-leaflet": "^0.8.0",
+    "@vue-leaflet/vue-leaflet": "^0.9.0",
     "@vue/apollo-composable": "^4.0.0-beta.1",
     "@vue/compiler-sfc": "^3.2.37",
     "@vueuse/core": "^9.1.0",
@@ -123,7 +123,7 @@
     "prettier-eslint": "^15.0.1",
     "rollup-plugin-visualizer": "^5.7.1",
     "sass": "^1.34.1",
-    "typescript": "~4.9.4",
+    "typescript": "~5.0.0",
     "vite": "^4.0.4",
     "vite-plugin-pwa": "^0.14.1",
     "vitest": "^0.29.2",
diff --git a/js/src/components/Event/EventMetadataList.vue b/js/src/components/Event/EventMetadataList.vue
index 1b5041513..2258db5a8 100644
--- a/js/src/components/Event/EventMetadataList.vue
+++ b/js/src/components/Event/EventMetadataList.vue
@@ -70,8 +70,14 @@
     >
       <div class="">
         <header class="">
-          <h2>{{ t('Create a new metadata element') }}</h2>
-          <p>{{  t('You can put any arbitrary content in this element. URLs will be clickable.') }}</p>
+          <h2>{{ t("Create a new metadata element") }}</h2>
+          <p>
+            {{
+              t(
+                "You can put any arbitrary content in this element. URLs will be clickable."
+              )
+            }}
+          </p>
         </header>
         <div class="">
           <form @submit="addNewElement">
diff --git a/js/src/components/Event/OrganizerPickerWrapper.story.vue b/js/src/components/Event/OrganizerPickerWrapper.story.vue
index bc8e1df0d..73299baf9 100644
--- a/js/src/components/Event/OrganizerPickerWrapper.story.vue
+++ b/js/src/components/Event/OrganizerPickerWrapper.story.vue
@@ -70,7 +70,9 @@ function setupApp({ app }) {
       new Promise((resolve) =>
         resolve({
           data: {
-            loggedUser: { actors: [{ id: "9", preferredUsername: "sam", name: "Samuel" }] },
+            loggedUser: {
+              actors: [{ id: "9", preferredUsername: "sam", name: "Samuel" }],
+            },
           },
         })
       )
diff --git a/js/src/components/OAuth/AuthorizeApplication.vue b/js/src/components/OAuth/AuthorizeApplication.vue
index 695821362..1f9bb0c0c 100644
--- a/js/src/components/OAuth/AuthorizeApplication.vue
+++ b/js/src/components/OAuth/AuthorizeApplication.vue
@@ -31,7 +31,7 @@
           </p>
         </div>
         <p v-else class="px-4 font-bold">
-          {{ t('This application asks for the following permissions:') }}
+          {{ t("This application asks for the following permissions:") }}
         </p>
         <o-collapse
           class="mt-3 border-b pb-2 border-zinc-700 text-black dark:text-white"
@@ -87,7 +87,7 @@ import { useMutation } from "@vue/apollo-composable";
 import { AUTORIZE_APPLICATION } from "@/graphql/application";
 import RouteName from "@/router/name";
 import { IApplication } from "@/types/application.model";
-import { scope } from "./scope";
+import { scope } from "./scopes";
 import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
 
 const { t } = useI18n({ useScope: "global" });
@@ -104,8 +104,8 @@ const isOpen = ref<number>(-1);
 const collapses = computed(() =>
   (props.scope ?? "")
     .split(" ")
-    .map((scope) => scope[scope])
-    .filter((scope) => scope)
+    .map((localScope) => scope[localScope])
+    .filter((localScope) => localScope)
 );
 
 const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
diff --git a/js/src/composition/apollo/actor.ts b/js/src/composition/apollo/actor.ts
index 32219f35b..3d654c4e3 100644
--- a/js/src/composition/apollo/actor.ts
+++ b/js/src/composition/apollo/actor.ts
@@ -25,16 +25,14 @@ export function useCurrentActorClient() {
 export function useCurrentUserIdentities() {
   const { currentUser } = useCurrentUserClient();
 
-  const { result, error, loading } = useQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>(
-    IDENTITIES,
-    {},
-    () => ({
-      enabled:
-        currentUser.value?.id !== undefined &&
-        currentUser.value?.id !== null &&
-        currentUser.value?.isLoggedIn === true,
-    })
-  );
+  const { result, error, loading } = useQuery<{
+    loggedUser: Pick<ICurrentUser, "actors">;
+  }>(IDENTITIES, {}, () => ({
+    enabled:
+      currentUser.value?.id !== undefined &&
+      currentUser.value?.id !== null &&
+      currentUser.value?.isLoggedIn === true,
+  }));
 
   const identities = computed(() => result.value?.loggedUser?.actors);
   return { identities, error, loading };
diff --git a/js/src/composition/apollo/user.ts b/js/src/composition/apollo/user.ts
index e5666d0ce..0492e9c40 100644
--- a/js/src/composition/apollo/user.ts
+++ b/js/src/composition/apollo/user.ts
@@ -82,7 +82,9 @@ export function registerAccount() {
       { context }
     ) => {
       if (context?.userAlreadyActivated) {
-        const currentUserData = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
+        const currentUserData = store.readQuery<{
+          loggedUser: Pick<ICurrentUser, "actors">;
+        }>({
           query: IDENTITIES,
         });
 
@@ -96,9 +98,7 @@ export function registerAccount() {
             query: IDENTITIES,
             data: {
               ...currentUserData.loggedUser,
-              actors: [
-                [...currentUserData.loggedUser.actors, newPersonData]
-              ]
+              actors: [[...currentUserData.loggedUser.actors, newPersonData]],
             },
           });
         }
diff --git a/js/src/graphql/actor.ts b/js/src/graphql/actor.ts
index 71e09e3f7..e188048c7 100644
--- a/js/src/graphql/actor.ts
+++ b/js/src/graphql/actor.ts
@@ -283,6 +283,7 @@ export const LOGGED_USER_MEMBERSHIPS = gql`
 export const IDENTITIES = gql`
   query Identities {
     loggedUser {
+      id
       actors {
         ...ActorFragment
       }
@@ -291,8 +292,6 @@ export const IDENTITIES = gql`
   ${ACTOR_FRAGMENT}
 `;
 
-
-
 export const PERSON_MEMBERSHIPS = gql`
   query PersonMemberships($id: ID!) {
     person(id: $id) {
diff --git a/js/src/utils/identity.ts b/js/src/utils/identity.ts
index cf1feca83..09e25875e 100644
--- a/js/src/utils/identity.ts
+++ b/js/src/utils/identity.ts
@@ -5,10 +5,10 @@ import { ICurrentUser } from "@/types/current-user.model";
 import { apolloClient } from "@/vue-apollo";
 import {
   provideApolloClient,
+  useLazyQuery,
   useMutation,
-  useQuery,
 } from "@vue/apollo-composable";
-import { computed, watch } from "vue";
+import { computed } from "vue";
 
 export class NoIdentitiesException extends Error {}
 
@@ -28,6 +28,10 @@ export async function changeIdentity(identity: IPerson): Promise<void> {
   }
 }
 
+const { onResult: setIdentities, load: loadIdentities } = provideApolloClient(
+  apolloClient
+)(() => useLazyQuery<{ loggedUser: Pick<ICurrentUser, "actors"> }>(IDENTITIES));
+
 /**
  * We fetch from localStorage the latest actor ID used,
  * then fetch the current identities to set in cache
@@ -36,13 +40,15 @@ export async function changeIdentity(identity: IPerson): Promise<void> {
 export async function initializeCurrentActor(): Promise<void> {
   const actorId = localStorage.getItem(AUTH_USER_ACTOR_ID);
 
-  const { result: identitiesResult } = provideApolloClient(apolloClient)(() =>
-    useQuery<{ currentUser: Pick<ICurrentUser, 'actors'> }>(IDENTITIES)
-  );
+  loadIdentities();
 
-  const identities = computed(() => identitiesResult.value?.currentUser.actors);
+  setIdentities(async ({ data }) => {
+    const identities = computed(() => data?.loggedUser?.actors);
+    console.debug(
+      "initializing current actor based on identities",
+      identities.value
+    );
 
-  watch(identities, async () => {
     if (identities.value && identities.value.length < 1) {
       console.warn("Logged user has no identities!");
       throw new NoIdentitiesException();
diff --git a/js/src/views/Account/children/EditIdentity.vue b/js/src/views/Account/children/EditIdentity.vue
index e2f9ed7ad..430d03e68 100644
--- a/js/src/views/Account/children/EditIdentity.vue
+++ b/js/src/views/Account/children/EditIdentity.vue
@@ -349,7 +349,7 @@ const {
   onError: deletePersonError,
 } = useMutation(DELETE_PERSON, () => ({
   update: (store: ApolloCache<InMemoryCache>) => {
-    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
+    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, "actors"> }>({
       query: IDENTITIES,
     });
 
@@ -359,8 +359,10 @@ const {
         data: {
           loggedUser: {
             ...data.loggedUser,
-            actors: data.loggedUser.actors.filter((i) => i.id !== identity.value.id)
-          }
+            actors: data.loggedUser.actors.filter(
+              (i) => i.id !== identity.value.id
+            ),
+          },
         },
       });
     }
@@ -383,7 +385,7 @@ deletePersonDone(async () => {
    */
   const client = resolveClient();
   const data = client.readQuery<{
-    loggedUser: Pick<ICurrentUser, 'actors'>
+    loggedUser: Pick<ICurrentUser, "actors">;
   }>({ query: IDENTITIES });
   if (data) {
     await maybeUpdateCurrentActorCache(data.loggedUser.actors[0]);
@@ -412,7 +414,7 @@ const {
     store: ApolloCache<InMemoryCache>,
     { data: updateData }: FetchResult
   ) => {
-    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
+    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, "actors"> }>({
       query: IDENTITIES,
     });
 
@@ -456,7 +458,7 @@ const {
     store: ApolloCache<InMemoryCache>,
     { data: updateData }: FetchResult
   ) => {
-    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, 'actors'> }>({
+    const data = store.readQuery<{ loggedUser: Pick<ICurrentUser, "actors"> }>({
       query: IDENTITIES,
     });
 
@@ -467,10 +469,10 @@ const {
           loggedUser: {
             ...data.loggedUser,
             actors: [
-            ...data.loggedUser.actors,
-            { ...updateData?.createPerson, type: ActorType.PERSON },
-            ]
-          }
+              ...data.loggedUser.actors,
+              { ...updateData?.createPerson, type: ActorType.PERSON },
+            ],
+          },
         },
       });
     }
diff --git a/js/yarn.lock b/js/yarn.lock
index 348a98666..f15b39fdf 100644
--- a/js/yarn.lock
+++ b/js/yarn.lock
@@ -81,32 +81,32 @@
   integrity sha512-gMuZsmsgxk/ENC3O/fRw5QY8A9/uxQbbCEypnLIiYYc/qVJtEV7ouxC3EllIIwNzMqAQee5tanFabWsUOutS7g==
 
 "@babel/core@^7.11.1":
-  version "7.21.0"
-  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.21.0.tgz#1341aefdcc14ccc7553fcc688dd8986a2daffc13"
-  integrity sha512-PuxUbxcW6ZYe656yL3EAhpy7qXKq0DmYsrJLpbB8XrsCP9Nm+XCg9XFMb5vIDliPD7+U/+M+QJlH17XOcB7eXA==
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.21.3.tgz#cf1c877284a469da5d1ce1d1e53665253fae712e"
+  integrity sha512-qIJONzoa/qiHghnm0l1n4i/6IIziDpzqc36FBs4pzMhDUraHqponwJLiAKm1hGLP3OSB/TVNz6rMwVGpwxxySw==
   dependencies:
     "@ampproject/remapping" "^2.2.0"
     "@babel/code-frame" "^7.18.6"
-    "@babel/generator" "^7.21.0"
+    "@babel/generator" "^7.21.3"
     "@babel/helper-compilation-targets" "^7.20.7"
-    "@babel/helper-module-transforms" "^7.21.0"
+    "@babel/helper-module-transforms" "^7.21.2"
     "@babel/helpers" "^7.21.0"
-    "@babel/parser" "^7.21.0"
+    "@babel/parser" "^7.21.3"
     "@babel/template" "^7.20.7"
-    "@babel/traverse" "^7.21.0"
-    "@babel/types" "^7.21.0"
+    "@babel/traverse" "^7.21.3"
+    "@babel/types" "^7.21.3"
     convert-source-map "^1.7.0"
     debug "^4.1.0"
     gensync "^1.0.0-beta.2"
     json5 "^2.2.2"
     semver "^6.3.0"
 
-"@babel/generator@^7.21.0", "@babel/generator@^7.21.1":
-  version "7.21.1"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.21.1.tgz#951cc626057bc0af2c35cd23e9c64d384dea83dd"
-  integrity sha512-1lT45bAYlQhFn/BHivJs43AiW2rg3/UbLyShGfF3C0KmHvO5fSghWd5kBJy30kpRRucGzXStvnnCFniCR2kXAA==
+"@babel/generator@^7.21.3":
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.21.3.tgz#232359d0874b392df04045d72ce2fd9bb5045fce"
+  integrity sha512-QS3iR1GYC/YGUnW7IdggFeN5c1poPUurnGttOV/bZgPGV+izC/D8HnD6DLwod0fsatNyVn1G3EVWMYIF0nHbeA==
   dependencies:
-    "@babel/types" "^7.21.0"
+    "@babel/types" "^7.21.3"
     "@jridgewell/gen-mapping" "^0.3.2"
     "@jridgewell/trace-mapping" "^0.3.17"
     jsesc "^2.5.1"
@@ -212,7 +212,7 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.20.11", "@babel/helper-module-transforms@^7.21.0", "@babel/helper-module-transforms@^7.21.2":
+"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.20.11", "@babel/helper-module-transforms@^7.21.2":
   version "7.21.2"
   resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.21.2.tgz#160caafa4978ac8c00ac66636cb0fa37b024e2d2"
   integrity sha512-79yj2AR4U/Oqq/WOV7Lx6hUjau1Zfo4cI+JLAVYeMV5XIlbOhmjEk5ulbTc9fMpmlojzZHkUUxAiK+UKn+hNQQ==
@@ -324,10 +324,10 @@
     chalk "^2.0.0"
     js-tokens "^4.0.0"
 
-"@babel/parser@^7.16.4", "@babel/parser@^7.20.7", "@babel/parser@^7.21.0", "@babel/parser@^7.21.2":
-  version "7.21.2"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.21.2.tgz#dacafadfc6d7654c3051a66d6fe55b6cb2f2a0b3"
-  integrity sha512-URpaIJQwEkEC2T9Kn+Ai6Xe/02iNaVCuT/PtoRz3GPVJVDpPd7mLo+VddTbhCRU9TXqW5mSrQfXZyi8kDKOVpQ==
+"@babel/parser@^7.16.4", "@babel/parser@^7.20.7", "@babel/parser@^7.21.3":
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.21.3.tgz#1d285d67a19162ff9daa358d4cb41d50c06220b3"
+  integrity sha512-lobG0d7aOfQRXh8AyklEAgZGvA4FShxo6xQbUrrT/cNBPUdIDojlokwJsQyCC/eKia7ifqM0yP+2DRZ4WKw2RQ==
 
 "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6":
   version "7.18.6"
@@ -633,9 +633,9 @@
     "@babel/template" "^7.20.7"
 
 "@babel/plugin-transform-destructuring@^7.20.2":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.20.7.tgz#8bda578f71620c7de7c93af590154ba331415454"
-  integrity sha512-Xwg403sRrZb81IVB79ZPqNQME23yhugYVqgTxAhT99h485F4f+GMELFhhOsscDUB7HCswepKeCKLn/GZvUKoBA==
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.21.3.tgz#73b46d0fd11cd6ef57dea8a381b1215f4959d401"
+  integrity sha512-bp6hwMFzuiE4HqYEyoGJ/V2LeIWn+hLVKc4pnj++E5XQptwhtcGmSayM029d/j2X1bPKGTlsyPwAubuU22KhMA==
   dependencies:
     "@babel/helper-plugin-utils" "^7.20.2"
 
@@ -751,9 +751,9 @@
     "@babel/helper-replace-supers" "^7.18.6"
 
 "@babel/plugin-transform-parameters@^7.20.1", "@babel/plugin-transform-parameters@^7.20.7":
-  version "7.20.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.20.7.tgz#0ee349e9d1bc96e78e3b37a7af423a4078a7083f"
-  integrity sha512-WiWBIkeHKVOSYPO0pWkxGPfKeWrCJyD3NJ53+Lrp/QMSZbsVPovrVl2aWZ19D/LTVnaDv5Ap7GJ/B2CTOZdrfA==
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.21.3.tgz#18fc4e797cf6d6d972cb8c411dbe8a809fa157db"
+  integrity sha512-Wxc+TvppQG9xWFYatvCGPvZ6+SIUxQ2ZdiBP+PHYMIjnPXD+uThCshaz4NZOnODAtBjjcVQQ/3OKs9LW28purQ==
   dependencies:
     "@babel/helper-plugin-utils" "^7.20.2"
 
@@ -950,26 +950,26 @@
     "@babel/parser" "^7.20.7"
     "@babel/types" "^7.20.7"
 
-"@babel/traverse@^7.20.5", "@babel/traverse@^7.20.7", "@babel/traverse@^7.21.0", "@babel/traverse@^7.21.2":
-  version "7.21.2"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.21.2.tgz#ac7e1f27658750892e815e60ae90f382a46d8e75"
-  integrity sha512-ts5FFU/dSUPS13tv8XiEObDu9K+iagEKME9kAbaP7r0Y9KtZJZ+NGndDvWoRAYNpeWafbpFeki3q9QoMD6gxyw==
+"@babel/traverse@^7.20.5", "@babel/traverse@^7.20.7", "@babel/traverse@^7.21.0", "@babel/traverse@^7.21.2", "@babel/traverse@^7.21.3":
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.21.3.tgz#4747c5e7903d224be71f90788b06798331896f67"
+  integrity sha512-XLyopNeaTancVitYZe2MlUEvgKb6YVVPXzofHgqHijCImG33b/uTurMS488ht/Hbsb2XK3U2BnSTxKVNGV3nGQ==
   dependencies:
     "@babel/code-frame" "^7.18.6"
-    "@babel/generator" "^7.21.1"
+    "@babel/generator" "^7.21.3"
     "@babel/helper-environment-visitor" "^7.18.9"
     "@babel/helper-function-name" "^7.21.0"
     "@babel/helper-hoist-variables" "^7.18.6"
     "@babel/helper-split-export-declaration" "^7.18.6"
-    "@babel/parser" "^7.21.2"
-    "@babel/types" "^7.21.2"
+    "@babel/parser" "^7.21.3"
+    "@babel/types" "^7.21.3"
     debug "^4.1.0"
     globals "^11.1.0"
 
-"@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.20.0", "@babel/types@^7.20.2", "@babel/types@^7.20.5", "@babel/types@^7.20.7", "@babel/types@^7.21.0", "@babel/types@^7.21.2", "@babel/types@^7.4.4":
-  version "7.21.2"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.21.2.tgz#92246f6e00f91755893c2876ad653db70c8310d1"
-  integrity sha512-3wRZSs7jiFaB8AjxiiD+VqN5DTG2iRvJGQ+qYFrs/654lg6kGTQWIOFjlBo5RaXuAZjBmP3+OQH4dmhqiiyYxw==
+"@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.20.0", "@babel/types@^7.20.2", "@babel/types@^7.20.5", "@babel/types@^7.20.7", "@babel/types@^7.21.0", "@babel/types@^7.21.2", "@babel/types@^7.21.3", "@babel/types@^7.4.4":
+  version "7.21.3"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.21.3.tgz#4865a5357ce40f64e3400b0f3b737dc6d4f64d05"
+  integrity sha512-sBGdETxC+/M4o/zKC0sl6sjWv62WFR/uzxrJ6uYyMLZOUlPnwzw0tKgVHOXxaAd5l2g8pEDM5RZ495GPQI77kg==
   dependencies:
     "@babel/helper-string-parser" "^7.19.4"
     "@babel/helper-validator-identifier" "^7.19.1"
@@ -981,9 +981,9 @@
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
 "@codemirror/commands@^6.1.1":
-  version "6.2.1"
-  resolved "https://registry.yarnpkg.com/@codemirror/commands/-/commands-6.2.1.tgz#ab5e979ad1458bbe395bf69ac601f461ac73cf08"
-  integrity sha512-FFiNKGuHA5O8uC6IJE5apI5rT9gyjlw4whqy4vlcX0wE/myxL6P1s0upwDhY4HtMWLOwzwsp0ap3bjdQhvfDOA==
+  version "6.2.2"
+  resolved "https://registry.yarnpkg.com/@codemirror/commands/-/commands-6.2.2.tgz#437d9ba275107dbc629f0bfa3b150e0e43f2a218"
+  integrity sha512-s9lPVW7TxXrI/7voZ+HmD/yiAlwAYn9PH5SUVSUhsxXHhv4yl5eZ3KLntSoTynfdgVYM0oIpccQEWRBQgmNZyw==
   dependencies:
     "@codemirror/language" "^6.0.0"
     "@codemirror/state" "^6.2.0"
@@ -1035,132 +1035,144 @@
     "@lezer/highlight" "^1.0.0"
 
 "@codemirror/view@^6.0.0", "@codemirror/view@^6.3.0":
-  version "6.9.1"
-  resolved "https://registry.yarnpkg.com/@codemirror/view/-/view-6.9.1.tgz#2ce4c528974b6172a5a4a738b7b0a0f04a4c1140"
-  integrity sha512-bzfSjJn9dAADVpabLKWKNmMG4ibyTV2e3eOGowjElNPTdTkSbi6ixPYHm2u0ADcETfKsi2/R84Rkmi91dH9yEg==
+  version "6.9.2"
+  resolved "https://registry.yarnpkg.com/@codemirror/view/-/view-6.9.2.tgz#c8ceb4ea36f17bb20fdecbe7534162d4b83185e9"
+  integrity sha512-ci0r/v6aKOSlzOs7/STMTYP3jX/+YMq2dAfAJcLIB6uom4ThtrUlzeuS7GTRGNqJJ+qAJR1vGWfXgu4CO/0myQ==
   dependencies:
     "@codemirror/state" "^6.1.4"
     style-mod "^4.0.0"
     w3c-keyname "^2.2.4"
 
-"@esbuild/android-arm64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/android-arm64/-/android-arm64-0.16.17.tgz#cf91e86df127aa3d141744edafcba0abdc577d23"
-  integrity sha512-MIGl6p5sc3RDTLLkYL1MyL8BMRN4tLMRCn+yRJJmEDvYZ2M7tmAf80hx1kbNEUX2KJ50RRtxZ4JHLvCfuB6kBg==
+"@esbuild/android-arm64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/android-arm64/-/android-arm64-0.17.12.tgz#15a8e2b407d03989b899e325151dc2e96d19c620"
+  integrity sha512-WQ9p5oiXXYJ33F2EkE3r0FRDFVpEdcDiwNX3u7Xaibxfx6vQE0Sb8ytrfQsA5WO6kDn6mDfKLh6KrPBjvkk7xA==
 
-"@esbuild/android-arm@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/android-arm/-/android-arm-0.16.17.tgz#025b6246d3f68b7bbaa97069144fb5fb70f2fff2"
-  integrity sha512-N9x1CMXVhtWEAMS7pNNONyA14f71VPQN9Cnavj1XQh6T7bskqiLLrSca4O0Vr8Wdcga943eThxnVp3JLnBMYtw==
+"@esbuild/android-arm@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/android-arm/-/android-arm-0.17.12.tgz#677a09297e1f4f37aba7b4fc4f31088b00484985"
+  integrity sha512-E/sgkvwoIfj4aMAPL2e35VnUJspzVYl7+M1B2cqeubdBhADV4uPon0KCc8p2G+LqSJ6i8ocYPCqY3A4GGq0zkQ==
 
-"@esbuild/android-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/android-x64/-/android-x64-0.16.17.tgz#c820e0fef982f99a85c4b8bfdd582835f04cd96e"
-  integrity sha512-a3kTv3m0Ghh4z1DaFEuEDfz3OLONKuFvI4Xqczqx4BqLyuFaFkuaG4j2MtA6fuWEFeC5x9IvqnX7drmRq/fyAQ==
+"@esbuild/android-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/android-x64/-/android-x64-0.17.12.tgz#b292729eef4e0060ae1941f6a021c4d2542a3521"
+  integrity sha512-m4OsaCr5gT+se25rFPHKQXARMyAehHTQAz4XX1Vk3d27VtqiX0ALMBPoXZsGaB6JYryCLfgGwUslMqTfqeLU0w==
 
-"@esbuild/darwin-arm64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/darwin-arm64/-/darwin-arm64-0.16.17.tgz#edef4487af6b21afabba7be5132c26d22379b220"
-  integrity sha512-/2agbUEfmxWHi9ARTX6OQ/KgXnOWfsNlTeLcoV7HSuSTv63E4DqtAc+2XqGw1KHxKMHGZgbVCZge7HXWX9Vn+w==
+"@esbuild/darwin-arm64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/darwin-arm64/-/darwin-arm64-0.17.12.tgz#efa35318df931da05825894e1787b976d55adbe3"
+  integrity sha512-O3GCZghRIx+RAN0NDPhyyhRgwa19MoKlzGonIb5hgTj78krqp9XZbYCvFr9N1eUxg0ZQEpiiZ4QvsOQwBpP+lg==
 
-"@esbuild/darwin-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/darwin-x64/-/darwin-x64-0.16.17.tgz#42829168730071c41ef0d028d8319eea0e2904b4"
-  integrity sha512-2By45OBHulkd9Svy5IOCZt376Aa2oOkiE9QWUK9fe6Tb+WDr8hXL3dpqi+DeLiMed8tVXspzsTAvd0jUl96wmg==
+"@esbuild/darwin-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/darwin-x64/-/darwin-x64-0.17.12.tgz#e7b54bb3f6dc81aadfd0485cd1623c648157e64d"
+  integrity sha512-5D48jM3tW27h1qjaD9UNRuN+4v0zvksqZSPZqeSWggfMlsVdAhH3pwSfQIFJwcs9QJ9BRibPS4ViZgs3d2wsCA==
 
-"@esbuild/freebsd-arm64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.16.17.tgz#1f4af488bfc7e9ced04207034d398e793b570a27"
-  integrity sha512-mt+cxZe1tVx489VTb4mBAOo2aKSnJ33L9fr25JXpqQqzbUIw/yzIzi+NHwAXK2qYV1lEFp4OoVeThGjUbmWmdw==
+"@esbuild/freebsd-arm64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.17.12.tgz#99a18a8579d6299c449566fe91d9b6a54cf2a591"
+  integrity sha512-OWvHzmLNTdF1erSvrfoEBGlN94IE6vCEaGEkEH29uo/VoONqPnoDFfShi41Ew+yKimx4vrmmAJEGNoyyP+OgOQ==
 
-"@esbuild/freebsd-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/freebsd-x64/-/freebsd-x64-0.16.17.tgz#636306f19e9bc981e06aa1d777302dad8fddaf72"
-  integrity sha512-8ScTdNJl5idAKjH8zGAsN7RuWcyHG3BAvMNpKOBaqqR7EbUhhVHOqXRdL7oZvz8WNHL2pr5+eIT5c65kA6NHug==
+"@esbuild/freebsd-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/freebsd-x64/-/freebsd-x64-0.17.12.tgz#0e090190fede307fb4022f671791a50dd5121abd"
+  integrity sha512-A0Xg5CZv8MU9xh4a+7NUpi5VHBKh1RaGJKqjxe4KG87X+mTjDE6ZvlJqpWoeJxgfXHT7IMP9tDFu7IZ03OtJAw==
 
-"@esbuild/linux-arm64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-arm64/-/linux-arm64-0.16.17.tgz#a003f7ff237c501e095d4f3a09e58fc7b25a4aca"
-  integrity sha512-7S8gJnSlqKGVJunnMCrXHU9Q8Q/tQIxk/xL8BqAP64wchPCTzuM6W3Ra8cIa1HIflAvDnNOt2jaL17vaW+1V0g==
+"@esbuild/linux-arm64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-arm64/-/linux-arm64-0.17.12.tgz#7fe2a69f8a1a7153fa2b0f44aabcadb59475c7e0"
+  integrity sha512-cK3AjkEc+8v8YG02hYLQIQlOznW+v9N+OI9BAFuyqkfQFR+DnDLhEM5N8QRxAUz99cJTo1rLNXqRrvY15gbQUg==
 
-"@esbuild/linux-arm@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-arm/-/linux-arm-0.16.17.tgz#b591e6a59d9c4fe0eeadd4874b157ab78cf5f196"
-  integrity sha512-iihzrWbD4gIT7j3caMzKb/RsFFHCwqqbrbH9SqUSRrdXkXaygSZCZg1FybsZz57Ju7N/SHEgPyaR0LZ8Zbe9gQ==
+"@esbuild/linux-arm@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-arm/-/linux-arm-0.17.12.tgz#b87c76ebf1fe03e01fd6bb5cfc2f3c5becd5ee93"
+  integrity sha512-WsHyJ7b7vzHdJ1fv67Yf++2dz3D726oO3QCu8iNYik4fb5YuuReOI9OtA+n7Mk0xyQivNTPbl181s+5oZ38gyA==
 
-"@esbuild/linux-ia32@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-ia32/-/linux-ia32-0.16.17.tgz#24333a11027ef46a18f57019450a5188918e2a54"
-  integrity sha512-kiX69+wcPAdgl3Lonh1VI7MBr16nktEvOfViszBSxygRQqSpzv7BffMKRPMFwzeJGPxcio0pdD3kYQGpqQ2SSg==
+"@esbuild/linux-ia32@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-ia32/-/linux-ia32-0.17.12.tgz#9e9357090254524d32e6708883a47328f3037858"
+  integrity sha512-jdOBXJqcgHlah/nYHnj3Hrnl9l63RjtQ4vn9+bohjQPI2QafASB5MtHAoEv0JQHVb/xYQTFOeuHnNYE1zF7tYw==
 
-"@esbuild/linux-loong64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-loong64/-/linux-loong64-0.16.17.tgz#d5ad459d41ed42bbd4d005256b31882ec52227d8"
-  integrity sha512-dTzNnQwembNDhd654cA4QhbS9uDdXC3TKqMJjgOWsC0yNCbpzfWoXdZvp0mY7HU6nzk5E0zpRGGx3qoQg8T2DQ==
+"@esbuild/linux-loong64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-loong64/-/linux-loong64-0.17.12.tgz#9deb605f9e2c82f59412ddfefb4b6b96d54b5b5b"
+  integrity sha512-GTOEtj8h9qPKXCyiBBnHconSCV9LwFyx/gv3Phw0pa25qPYjVuuGZ4Dk14bGCfGX3qKF0+ceeQvwmtI+aYBbVA==
 
-"@esbuild/linux-mips64el@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-mips64el/-/linux-mips64el-0.16.17.tgz#4e5967a665c38360b0a8205594377d4dcf9c3726"
-  integrity sha512-ezbDkp2nDl0PfIUn0CsQ30kxfcLTlcx4Foz2kYv8qdC6ia2oX5Q3E/8m6lq84Dj/6b0FrkgD582fJMIfHhJfSw==
+"@esbuild/linux-mips64el@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-mips64el/-/linux-mips64el-0.17.12.tgz#6ef170b974ddf5e6acdfa5b05f22b6e9dfd2b003"
+  integrity sha512-o8CIhfBwKcxmEENOH9RwmUejs5jFiNoDw7YgS0EJTF6kgPgcqLFjgoc5kDey5cMHRVCIWc6kK2ShUePOcc7RbA==
 
-"@esbuild/linux-ppc64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-ppc64/-/linux-ppc64-0.16.17.tgz#206443a02eb568f9fdf0b438fbd47d26e735afc8"
-  integrity sha512-dzS678gYD1lJsW73zrFhDApLVdM3cUF2MvAa1D8K8KtcSKdLBPP4zZSLy6LFZ0jYqQdQ29bjAHJDgz0rVbLB3g==
+"@esbuild/linux-ppc64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-ppc64/-/linux-ppc64-0.17.12.tgz#1638d3d4acf1d34aaf37cf8908c2e1cefed16204"
+  integrity sha512-biMLH6NR/GR4z+ap0oJYb877LdBpGac8KfZoEnDiBKd7MD/xt8eaw1SFfYRUeMVx519kVkAOL2GExdFmYnZx3A==
 
-"@esbuild/linux-riscv64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-riscv64/-/linux-riscv64-0.16.17.tgz#c351e433d009bf256e798ad048152c8d76da2fc9"
-  integrity sha512-ylNlVsxuFjZK8DQtNUwiMskh6nT0vI7kYl/4fZgV1llP5d6+HIeL/vmmm3jpuoo8+NuXjQVZxmKuhDApK0/cKw==
+"@esbuild/linux-riscv64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-riscv64/-/linux-riscv64-0.17.12.tgz#135b6e9270a8e2de2b9094bb21a287517df520ef"
+  integrity sha512-jkphYUiO38wZGeWlfIBMB72auOllNA2sLfiZPGDtOBb1ELN8lmqBrlMiucgL8awBw1zBXN69PmZM6g4yTX84TA==
 
-"@esbuild/linux-s390x@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-s390x/-/linux-s390x-0.16.17.tgz#661f271e5d59615b84b6801d1c2123ad13d9bd87"
-  integrity sha512-gzy7nUTO4UA4oZ2wAMXPNBGTzZFP7mss3aKR2hH+/4UUkCOyqmjXiKpzGrY2TlEUhbbejzXVKKGazYcQTZWA/w==
+"@esbuild/linux-s390x@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-s390x/-/linux-s390x-0.17.12.tgz#21e40830770c5d08368e300842bde382ce97d615"
+  integrity sha512-j3ucLdeY9HBcvODhCY4b+Ds3hWGO8t+SAidtmWu/ukfLLG/oYDMaA+dnugTVAg5fnUOGNbIYL9TOjhWgQB8W5g==
 
-"@esbuild/linux-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/linux-x64/-/linux-x64-0.16.17.tgz#e4ba18e8b149a89c982351443a377c723762b85f"
-  integrity sha512-mdPjPxfnmoqhgpiEArqi4egmBAMYvaObgn4poorpUaqmvzzbvqbowRllQ+ZgzGVMGKaPkqUmPDOOFQRUFDmeUw==
+"@esbuild/linux-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/linux-x64/-/linux-x64-0.17.12.tgz#76c1c199871d48e1aaa47a762fb9e0dca52e1f7a"
+  integrity sha512-uo5JL3cgaEGotaqSaJdRfFNSCUJOIliKLnDGWaVCgIKkHxwhYMm95pfMbWZ9l7GeW9kDg0tSxcy9NYdEtjwwmA==
 
-"@esbuild/netbsd-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/netbsd-x64/-/netbsd-x64-0.16.17.tgz#7d4f4041e30c5c07dd24ffa295c73f06038ec775"
-  integrity sha512-/PzmzD/zyAeTUsduZa32bn0ORug+Jd1EGGAUJvqfeixoEISYpGnAezN6lnJoskauoai0Jrs+XSyvDhppCPoKOA==
+"@esbuild/netbsd-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/netbsd-x64/-/netbsd-x64-0.17.12.tgz#c7c3b3017a4b938c76c35f66af529baf62eac527"
+  integrity sha512-DNdoRg8JX+gGsbqt2gPgkgb00mqOgOO27KnrWZtdABl6yWTST30aibGJ6geBq3WM2TIeW6COs5AScnC7GwtGPg==
 
-"@esbuild/openbsd-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/openbsd-x64/-/openbsd-x64-0.16.17.tgz#970fa7f8470681f3e6b1db0cc421a4af8060ec35"
-  integrity sha512-2yaWJhvxGEz2RiftSk0UObqJa/b+rIAjnODJgv2GbGGpRwAfpgzyrg1WLK8rqA24mfZa9GvpjLcBBg8JHkoodg==
+"@esbuild/openbsd-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/openbsd-x64/-/openbsd-x64-0.17.12.tgz#05d04217d980e049001afdbeacbb58d31bb5cefb"
+  integrity sha512-aVsENlr7B64w8I1lhHShND5o8cW6sB9n9MUtLumFlPhG3elhNWtE7M1TFpj3m7lT3sKQUMkGFjTQBrvDDO1YWA==
 
-"@esbuild/sunos-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/sunos-x64/-/sunos-x64-0.16.17.tgz#abc60e7c4abf8b89fb7a4fe69a1484132238022c"
-  integrity sha512-xtVUiev38tN0R3g8VhRfN7Zl42YCJvyBhRKw1RJjwE1d2emWTVToPLNEQj/5Qxc6lVFATDiy6LjVHYhIPrLxzw==
+"@esbuild/sunos-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/sunos-x64/-/sunos-x64-0.17.12.tgz#cf3862521600e4eb6c440ec3bad31ed40fb87ef3"
+  integrity sha512-qbHGVQdKSwi0JQJuZznS4SyY27tYXYF0mrgthbxXrZI3AHKuRvU+Eqbg/F0rmLDpW/jkIZBlCO1XfHUBMNJ1pg==
 
-"@esbuild/win32-arm64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/win32-arm64/-/win32-arm64-0.16.17.tgz#7b0ff9e8c3265537a7a7b1fd9a24e7bd39fcd87a"
-  integrity sha512-ga8+JqBDHY4b6fQAmOgtJJue36scANy4l/rL97W+0wYmijhxKetzZdKOJI7olaBaMhWt8Pac2McJdZLxXWUEQw==
+"@esbuild/win32-arm64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/win32-arm64/-/win32-arm64-0.17.12.tgz#43dd7fb5be77bf12a1550355ab2b123efd60868e"
+  integrity sha512-zsCp8Ql+96xXTVTmm6ffvoTSZSV2B/LzzkUXAY33F/76EajNw1m+jZ9zPfNJlJ3Rh4EzOszNDHsmG/fZOhtqDg==
 
-"@esbuild/win32-ia32@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/win32-ia32/-/win32-ia32-0.16.17.tgz#e90fe5267d71a7b7567afdc403dfd198c292eb09"
-  integrity sha512-WnsKaf46uSSF/sZhwnqE4L/F89AYNMiD4YtEcYekBt9Q7nj0DiId2XH2Ng2PHM54qi5oPrQ8luuzGszqi/veig==
+"@esbuild/win32-ia32@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/win32-ia32/-/win32-ia32-0.17.12.tgz#9940963d0bff4ea3035a84e2b4c6e41c5e6296eb"
+  integrity sha512-FfrFjR4id7wcFYOdqbDfDET3tjxCozUgbqdkOABsSFzoZGFC92UK7mg4JKRc/B3NNEf1s2WHxJ7VfTdVDPN3ng==
 
-"@esbuild/win32-x64@0.16.17":
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.16.17.tgz#c5a1a4bfe1b57f0c3e61b29883525c6da3e5c091"
-  integrity sha512-y+EHuSchhL7FjHgvQL/0fnnFmO4T1bhvWANX6gcnqTjtnKWbTvUMCpGnv2+t+31d7RzyEAYAd4u2fnIhHL6N/Q==
+"@esbuild/win32-x64@0.17.12":
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.17.12.tgz#3a11d13e9a5b0c05db88991b234d8baba1f96487"
+  integrity sha512-JOOxw49BVZx2/5tW3FqkdjSD/5gXYeVGPDcB0lvap0gLQshkh1Nyel1QazC+wNxus3xPlsYAgqU1BUmrmCvWtw==
 
-"@eslint/eslintrc@^2.0.0":
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-2.0.0.tgz#943309d8697c52fc82c076e90c1c74fbbe69dbff"
-  integrity sha512-fluIaaV+GyV24CCu/ggiHdV+j4RNh85yQnAYS/G2mZODZgGmmlrgCydjUcV3YvxCm9x8nMAfThsqTni4KiXT4A==
+"@eslint-community/eslint-utils@^4.2.0":
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/@eslint-community/eslint-utils/-/eslint-utils-4.3.0.tgz#a556790523a351b4e47e9d385f47265eaaf9780a"
+  integrity sha512-v3oplH6FYCULtFuCeqyuTd9D2WKO937Dxdq+GmHOLL72TTRriLxz2VLlNfkZRsvj6PKnOPAtuT6dwrs/pA5DvA==
+  dependencies:
+    eslint-visitor-keys "^3.3.0"
+
+"@eslint-community/regexpp@^4.4.0":
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/@eslint-community/regexpp/-/regexpp-4.4.0.tgz#3e61c564fcd6b921cb789838631c5ee44df09403"
+  integrity sha512-A9983Q0LnDGdLPjxyXQ00sbV+K+O+ko2Dr+CZigbHWtX9pNfxlaBkMR8X1CztI73zuEyEBXTVjx7CE+/VSwDiQ==
+
+"@eslint/eslintrc@^2.0.1":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-2.0.1.tgz#7888fe7ec8f21bc26d646dbd2c11cd776e21192d"
+  integrity sha512-eFRmABvW2E5Ho6f5fHLqgena46rOj7r7OKHYfLElqcBfGFHHpjBhivyi5+jOEQuSpdc/1phIZJlbC2te+tZNIw==
   dependencies:
     ajv "^6.12.4"
     debug "^4.3.2"
-    espree "^9.4.0"
+    espree "^9.5.0"
     globals "^13.19.0"
     ignore "^5.2.0"
     import-fresh "^3.2.1"
@@ -1168,10 +1180,10 @@
     minimatch "^3.1.2"
     strip-json-comments "^3.1.1"
 
-"@eslint/js@8.35.0":
-  version "8.35.0"
-  resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.35.0.tgz#b7569632b0b788a0ca0e438235154e45d42813a7"
-  integrity sha512-JXdzbRiWclLVoD8sNUjR443VVlYqiYmDVT6rGUEIEHU5YJW0gaVZwV2xgM7D4arkvASqD0IlLUVjHiFuxaftRw==
+"@eslint/js@8.36.0":
+  version "8.36.0"
+  resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.36.0.tgz#9837f768c03a1e4a30bd304a64fb8844f0e72efe"
+  integrity sha512-lxJ9R5ygVm8ZWgYdUweoq5ownDlJ4upvoWmO4eLxBYHdMo+vZ/Rx0EN6MbKWDJOSUGrqJy2Gt+Dyv/VKml0fjg==
 
 "@floating-ui/core@^0.3.0":
   version "0.3.1"
@@ -1191,9 +1203,9 @@
   integrity sha512-9anpBMM9mEgZN4wr2v8wHJI2/u5TnnggewRN6OlvXTTnuVyoY19X6rOv9XTqKRw6dcGKwZsBi8n0kDE2I5i4VA==
 
 "@histoire/app@^0.15.8":
-  version "0.15.8"
-  resolved "https://registry.yarnpkg.com/@histoire/app/-/app-0.15.8.tgz#c41bf95549e7db19b60ab9fef991bd75f4909213"
-  integrity sha512-kVMqd07PS7RyI+XGQ2pMxXcj/UtsuHZc3nwNV8CfislUir9eK+itQBI3K8okqFt513tX85zUe82Dob2knrJ9NQ==
+  version "0.15.9"
+  resolved "https://registry.yarnpkg.com/@histoire/app/-/app-0.15.9.tgz#6685f2dd692af04a6b276a6a437e1503f6eb50d0"
+  integrity sha512-fzL4BU2DWvhxhoGI2paa3oPxPiyswnB6EM0vt5GdNbKdMzpM113aEkGGaW7ki6zdDrYLx61l8hyvzjPk7E5Bgw==
   dependencies:
     "@histoire/controls" "^0.15.8"
     "@histoire/shared" "^0.15.8"
@@ -1203,9 +1215,9 @@
     shiki-es "^0.2.0"
 
 "@histoire/controls@^0.15.8":
-  version "0.15.8"
-  resolved "https://registry.yarnpkg.com/@histoire/controls/-/controls-0.15.8.tgz#3ff3846b683ac3bb5b37bc081352771e38092dbc"
-  integrity sha512-P4BNxVXM+lkL45rTZHV8+aHXvuTo2o7uir0Is7iWxR7jOtMr3ujBa/NQBXrp6+5TPw5whJXYRNAPJ1+jXiVfpQ==
+  version "0.15.9"
+  resolved "https://registry.yarnpkg.com/@histoire/controls/-/controls-0.15.9.tgz#aa3739cc31b6cf6873a600b3a7e28b5db693064a"
+  integrity sha512-JnWHturlnnTzUNVY9vrXHTL0YmDhk4vbkMxpqEx2HSUm+WaoCmtUWE5zBkEUjeVQo7lZrGmWHDymf8CaNCjzyg==
   dependencies:
     "@codemirror/commands" "^6.1.1"
     "@codemirror/lang-json" "^6.0.0"
@@ -1558,67 +1570,67 @@
   resolved "https://registry.yarnpkg.com/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz#8be36a1f66f3265389e90b5f9c9962146758f728"
   integrity sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg==
 
-"@sentry/browser@7.41.0":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.41.0.tgz#f4e789417e3037cbc9cd15f3a000064b1873b964"
-  integrity sha512-ZEtgTXPOHZ9/Qn42rr9ZAPTKCV6fAjyDC4FFWMGP4HoUqJqr2woRddP9O5n1jvjsoIPAFOmGzbCuZwFrPVVnpQ==
+"@sentry/browser@7.43.0":
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.43.0.tgz#335f23ae020fc5be9aec2a89f65022e0e93d915f"
+  integrity sha512-NlRkBYKb9o5IQdGY8Ktps19Hz9RdSuqS1tlLC7Sjr+MqZqSHmhKq8MWJKciRynxBeMbeGt0smExi9BqpVQdCEg==
   dependencies:
-    "@sentry/core" "7.41.0"
-    "@sentry/replay" "7.41.0"
-    "@sentry/types" "7.41.0"
-    "@sentry/utils" "7.41.0"
+    "@sentry/core" "7.43.0"
+    "@sentry/replay" "7.43.0"
+    "@sentry/types" "7.43.0"
+    "@sentry/utils" "7.43.0"
     tslib "^1.9.3"
 
-"@sentry/core@7.41.0":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.41.0.tgz#a4a8291ef4e65f40c28fc38318e7dae721d5d609"
-  integrity sha512-yT3wl3wMfPymstIZRWNjuov4xhieIEPD0z9MIW9VmoemqkD5BEZsgPuvGaVIyQVMyx61GsN4H4xd0JCyNqNvLg==
+"@sentry/core@7.43.0":
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.43.0.tgz#c78e79399172738c96e3b388244258153c49215f"
+  integrity sha512-zvMZgEi7ptLBwDnd+xR/u4zdSe5UzS4S3ZhoemdQrn1PxsaVySD/ptyzLoGSZEABqlRxGHnQrZ78MU1hUDvKuQ==
   dependencies:
-    "@sentry/types" "7.41.0"
-    "@sentry/utils" "7.41.0"
+    "@sentry/types" "7.43.0"
+    "@sentry/utils" "7.43.0"
     tslib "^1.9.3"
 
-"@sentry/replay@7.41.0":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/replay/-/replay-7.41.0.tgz#73168d659b0e78ca58574831a6672a77ce9727ee"
-  integrity sha512-/vxuO17AysCoBbCl9wCwjsCFBD4lEbYgfC1GJm8ayWwPU1uhvZcEx6reUwi0rEFpWYGHSHh3+gi+QsOcY/EmnQ==
+"@sentry/replay@7.43.0":
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/replay/-/replay-7.43.0.tgz#c77d5c6c4a3921cf67a58b69302ec4ea5eaa7fbe"
+  integrity sha512-2dGJS6p8uG1JZ7x/A3FyqnILTkXarbvfR+o1lC7z9lu34Wx0ZBeU2in/S2YHNGAE6XvfsePq3ya/s7LaNkk4qQ==
   dependencies:
-    "@sentry/core" "7.41.0"
-    "@sentry/types" "7.41.0"
-    "@sentry/utils" "7.41.0"
+    "@sentry/core" "7.43.0"
+    "@sentry/types" "7.43.0"
+    "@sentry/utils" "7.43.0"
 
 "@sentry/tracing@^7.1":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/tracing/-/tracing-7.41.0.tgz#28f57667a13b95cb8bce5af0809e7727b645e6b7"
-  integrity sha512-zh1ceuwQ8NzE5n8r4y78QrYD/alJl4qlkiEX9lAL6PnLMWJkVWM02BBu+x75yPFWSSDfDA/kZ9WqKkHNdjGpDw==
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/tracing/-/tracing-7.43.0.tgz#0164e2754736976469cfbe6adcb8919ec8adbe41"
+  integrity sha512-Mld2AyV8xYnRLYbDWvDy8PlGcln3h5JsUx6ScQGOxnFTmCQR50Tldtzq50VDs2fv6xH0+YrL/UIyjxCDc7EXzQ==
   dependencies:
-    "@sentry/core" "7.41.0"
-    "@sentry/types" "7.41.0"
-    "@sentry/utils" "7.41.0"
+    "@sentry/core" "7.43.0"
+    "@sentry/types" "7.43.0"
+    "@sentry/utils" "7.43.0"
     tslib "^1.9.3"
 
-"@sentry/types@7.41.0":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.41.0.tgz#3d53432a3d7693a31b606d3083ab9203c56f5aec"
-  integrity sha512-4z9VdObynwd64i0VHCqkeIAHmsFzapL21qN41Brzb7jY/eGxjn/0rxInDGH+vkoE9qacGqiYfWj4vRNPLsC/bw==
+"@sentry/types@7.43.0":
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.43.0.tgz#e621257601e9db2a39cdd3bd75e67fe338ed51eb"
+  integrity sha512-5XxCWqYWJNoS+P6Ie2ZpUDxLRCt7FTEzmlQkCdjW6MFWOX26hAbF/wEuOTYAFKZXMIXOz0Egofik1e8v1Cg6/A==
 
-"@sentry/utils@7.41.0":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.41.0.tgz#54224dba668dd8c8feb0ff1b4f39938b8fdefd3b"
-  integrity sha512-SL+MGitvkakbkrOTb48rDuJp9GYx/veB6EOzYygh49+zwz4DGM7dD4/rvf/mVlgmXUzPgdGDgkVmxgX3nT7I7g==
+"@sentry/utils@7.43.0":
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.43.0.tgz#ad16efb86b94ffe6dca2ed2b299d5230ba6d815b"
+  integrity sha512-f78YfMLcgNU7+suyWFCuQhQlneXXMS+egb0EFZh7iU7kANUPRX5T4b+0C+fwaPm5gA6XfGYskr4ZnzQJLOlSqg==
   dependencies:
-    "@sentry/types" "7.41.0"
+    "@sentry/types" "7.43.0"
     tslib "^1.9.3"
 
 "@sentry/vue@^7.1":
-  version "7.41.0"
-  resolved "https://registry.yarnpkg.com/@sentry/vue/-/vue-7.41.0.tgz#69a3234c15a85c05d7fa1b170ec9e77907e15b39"
-  integrity sha512-MgB9m9lpAxKz5OfWBsGkxaVoO5CEzzG5jqkfx5tlOC5eQKTecFqKYohCDHP9Bk76iq+uIHjRIoueFDN/Lx4GTA==
+  version "7.43.0"
+  resolved "https://registry.yarnpkg.com/@sentry/vue/-/vue-7.43.0.tgz#0cec9de88a7596de003f32c7a5a1997ea5d91a41"
+  integrity sha512-i3n3w3KkqhnRKcOVX5Xm4wIy+jIW7kjVRiAZjkH/KYn846Mruud37d2GvgaCANJHZTDNsR2W7mGaEf8g1CJgyg==
   dependencies:
-    "@sentry/browser" "7.41.0"
-    "@sentry/core" "7.41.0"
-    "@sentry/types" "7.41.0"
-    "@sentry/utils" "7.41.0"
+    "@sentry/browser" "7.43.0"
+    "@sentry/core" "7.43.0"
+    "@sentry/types" "7.43.0"
+    "@sentry/utils" "7.43.0"
     tslib "^1.9.3"
 
 "@surma/rollup-plugin-off-main-thread@^2.2.3":
@@ -1825,9 +1837,9 @@
   integrity sha512-KnRanxnpfpjUTqTCXslZSEdLfXExwgNxYPdiO2WGUj8+HDjFi8R3k5RVKPeSCzLjCcshCAtVO2QBbVuAV4kTnw==
 
 "@types/eslint@^8.4.2":
-  version "8.21.1"
-  resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.21.1.tgz#110b441a210d53ab47795124dbc3e9bb993d1e7c"
-  integrity sha512-rc9K8ZpVjNcLs8Fp0dkozd5Pt2Apk1glO4Vgz8ix1u6yFByxfqo5Yavpy65o+93TAe24jr7v+eSBtFLvOQtCRQ==
+  version "8.21.2"
+  resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.21.2.tgz#2b61b43a8b0e66006856a2a4c8e51f6f773ead27"
+  integrity sha512-EMpxUyystd3uZVByZap1DACsMXvb82ypQnGn89e1Y0a+LYu3JJscUd/gqhRsVFDkaD2MIiWo0MT8EfXr3DGRKw==
   dependencies:
     "@types/estree" "*"
     "@types/json-schema" "*"
@@ -1894,9 +1906,9 @@
     "@types/leaflet" "*"
 
 "@types/leaflet@*", "@types/leaflet@^1.5.2":
-  version "1.9.1"
-  resolved "https://registry.yarnpkg.com/@types/leaflet/-/leaflet-1.9.1.tgz#a220706b02c6024951d7fc2959d530c6941c4224"
-  integrity sha512-lYawM3I3lLO6rmBASaqdGgY6zUL4YHr3H79/axx7FNYyPXuj0P1DZHbkNo8Itbv0i7Y9EryLWtDXXROMygXhRA==
+  version "1.9.3"
+  resolved "https://registry.yarnpkg.com/@types/leaflet/-/leaflet-1.9.3.tgz#7aac302189eb3aa283f444316167995df42a5467"
+  integrity sha512-Caa1lYOgKVqDkDZVWkto2Z5JtVo09spEaUt2S69LiugbBpoqQu92HYFMGUbYezZbnBkyOxMNPXHSgRrRY5UyIA==
   dependencies:
     "@types/geojson" "*"
 
@@ -1929,9 +1941,9 @@
   integrity sha512-rr20mmx41OkWx4q5du2dv2sESR/6xH2tzScUQXwO8SiaQWa6PYTuan1nqBtA76FR9qkVfZY7nwQwZNC9StX/Ww==
 
 "@types/node@*":
-  version "18.14.6"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.14.6.tgz#ae1973dd2b1eeb1825695bb11ebfb746d27e3e93"
-  integrity sha512-93+VvleD3mXwlLI/xASjw0FzKcwzl3OdTCzm1LaRfqgS21gfFtK3zDXM5Op9TeeMsJVOaJ2VRDpT9q4Y3d0AvA==
+  version "18.15.3"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.3.tgz#f0b991c32cfc6a4e7f3399d6cb4b8cf9a0315014"
+  integrity sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw==
 
 "@types/object.omit@^3.0.0":
   version "3.0.0"
@@ -1961,9 +1973,9 @@
     "@types/node" "*"
 
 "@types/sanitize-html@^2.5.0":
-  version "2.8.1"
-  resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-2.8.1.tgz#0ed8022777b571e9221557ceb187482641675627"
-  integrity sha512-Q6kMAbBBaXA5IagoipeSr4Y/zuGyh4BZ5lewgb3cYe3OYqy0k/d67iMsC4O895eks676bVAe9G+0y1i0k2ZlnA==
+  version "2.9.0"
+  resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-2.9.0.tgz#5b609f7592de22ef80a0930c39670329753dca1b"
+  integrity sha512-4fP/kEcKNj2u39IzrxWYuf/FnCCwwQCpif6wwY6ROUS1EPRIfWJjGkY3HIowY1EX/VbX5e86yq8AAE7UPMgATg==
   dependencies:
     htmlparser2 "^8.0.0"
 
@@ -1988,173 +2000,173 @@
   integrity sha512-oh8q2Zc32S6gd/j50GowEjKLoOVOwHP/bWVjKJInBwQqdOYMdPrf1oVlelTlyfFK3CKxL1uahMDAr+vy8T7yMQ==
 
 "@typescript-eslint/eslint-plugin@^5.0.0":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.54.1.tgz#0c5091289ce28372e38ab8d28e861d2dbe1ab29e"
-  integrity sha512-a2RQAkosH3d3ZIV08s3DcL/mcGc2M/UC528VkPULFxR9VnVPT8pBu0IyBAJJmVsCmhVfwQX1v6q+QGnmSe1bew==
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.55.0.tgz#bc2400c3a23305e8c9a9c04aa40933868aaaeb47"
+  integrity sha512-IZGc50rtbjk+xp5YQoJvmMPmJEYoC53SiKPXyqWfv15XoD2Y5Kju6zN0DwlmaGJp1Iw33JsWJcQ7nw0lGCGjVg==
   dependencies:
-    "@typescript-eslint/scope-manager" "5.54.1"
-    "@typescript-eslint/type-utils" "5.54.1"
-    "@typescript-eslint/utils" "5.54.1"
+    "@eslint-community/regexpp" "^4.4.0"
+    "@typescript-eslint/scope-manager" "5.55.0"
+    "@typescript-eslint/type-utils" "5.55.0"
+    "@typescript-eslint/utils" "5.55.0"
     debug "^4.3.4"
     grapheme-splitter "^1.0.4"
     ignore "^5.2.0"
     natural-compare-lite "^1.4.0"
-    regexpp "^3.2.0"
     semver "^7.3.7"
     tsutils "^3.21.0"
 
 "@typescript-eslint/parser@^5.0.0", "@typescript-eslint/parser@^5.10.0":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.54.1.tgz#05761d7f777ef1c37c971d3af6631715099b084c"
-  integrity sha512-8zaIXJp/nG9Ff9vQNh7TI+C3nA6q6iIsGJ4B4L6MhZ7mHnTMR4YP5vp2xydmFXIy8rpyIVbNAG44871LMt6ujg==
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.55.0.tgz#8c96a0b6529708ace1dcfa60f5e6aec0f5ed2262"
+  integrity sha512-ppvmeF7hvdhUUZWSd2EEWfzcFkjJzgNQzVST22nzg958CR+sphy8A6K7LXQZd6V75m1VKjp+J4g/PCEfSCmzhw==
   dependencies:
-    "@typescript-eslint/scope-manager" "5.54.1"
-    "@typescript-eslint/types" "5.54.1"
-    "@typescript-eslint/typescript-estree" "5.54.1"
+    "@typescript-eslint/scope-manager" "5.55.0"
+    "@typescript-eslint/types" "5.55.0"
+    "@typescript-eslint/typescript-estree" "5.55.0"
     debug "^4.3.4"
 
-"@typescript-eslint/scope-manager@5.54.1":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.54.1.tgz#6d864b4915741c608a58ce9912edf5a02bb58735"
-  integrity sha512-zWKuGliXxvuxyM71UA/EcPxaviw39dB2504LqAmFDjmkpO8qNLHcmzlh6pbHs1h/7YQ9bnsO8CCcYCSA8sykUg==
+"@typescript-eslint/scope-manager@5.55.0":
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.55.0.tgz#e863bab4d4183ddce79967fe10ceb6c829791210"
+  integrity sha512-OK+cIO1ZGhJYNCL//a3ROpsd83psf4dUJ4j7pdNVzd5DmIk+ffkuUIX2vcZQbEW/IR41DYsfJTB19tpCboxQuw==
   dependencies:
-    "@typescript-eslint/types" "5.54.1"
-    "@typescript-eslint/visitor-keys" "5.54.1"
+    "@typescript-eslint/types" "5.55.0"
+    "@typescript-eslint/visitor-keys" "5.55.0"
 
-"@typescript-eslint/type-utils@5.54.1":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-5.54.1.tgz#4825918ec27e55da8bb99cd07ec2a8e5f50ab748"
-  integrity sha512-WREHsTz0GqVYLIbzIZYbmUUr95DKEKIXZNH57W3s+4bVnuF1TKe2jH8ZNH8rO1CeMY3U4j4UQeqPNkHMiGem3g==
+"@typescript-eslint/type-utils@5.55.0":
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-5.55.0.tgz#74bf0233523f874738677bb73cb58094210e01e9"
+  integrity sha512-ObqxBgHIXj8rBNm0yh8oORFrICcJuZPZTqtAFh0oZQyr5DnAHZWfyw54RwpEEH+fD8suZaI0YxvWu5tYE/WswA==
   dependencies:
-    "@typescript-eslint/typescript-estree" "5.54.1"
-    "@typescript-eslint/utils" "5.54.1"
+    "@typescript-eslint/typescript-estree" "5.55.0"
+    "@typescript-eslint/utils" "5.55.0"
     debug "^4.3.4"
     tsutils "^3.21.0"
 
-"@typescript-eslint/types@5.54.1":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.54.1.tgz#29fbac29a716d0f08c62fe5de70c9b6735de215c"
-  integrity sha512-G9+1vVazrfAfbtmCapJX8jRo2E4MDXxgm/IMOF4oGh3kq7XuK3JRkOg6y2Qu1VsTRmWETyTkWt1wxy7X7/yLkw==
+"@typescript-eslint/types@5.55.0":
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.55.0.tgz#9830f8d3bcbecf59d12f821e5bc6960baaed41fd"
+  integrity sha512-M4iRh4AG1ChrOL6Y+mETEKGeDnT7Sparn6fhZ5LtVJF1909D5O4uqK+C5NPbLmpfZ0XIIxCdwzKiijpZUOvOug==
 
-"@typescript-eslint/typescript-estree@5.54.1":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.54.1.tgz#df7b6ae05fd8fef724a87afa7e2f57fa4a599be1"
-  integrity sha512-bjK5t+S6ffHnVwA0qRPTZrxKSaFYocwFIkZx5k7pvWfsB1I57pO/0M0Skatzzw1sCkjJ83AfGTL0oFIFiDX3bg==
+"@typescript-eslint/typescript-estree@5.55.0":
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.55.0.tgz#8db7c8e47ecc03d49b05362b8db6f1345ee7b575"
+  integrity sha512-I7X4A9ovA8gdpWMpr7b1BN9eEbvlEtWhQvpxp/yogt48fy9Lj3iE3ild/1H3jKBBIYj5YYJmS2+9ystVhC7eaQ==
   dependencies:
-    "@typescript-eslint/types" "5.54.1"
-    "@typescript-eslint/visitor-keys" "5.54.1"
+    "@typescript-eslint/types" "5.55.0"
+    "@typescript-eslint/visitor-keys" "5.55.0"
     debug "^4.3.4"
     globby "^11.1.0"
     is-glob "^4.0.3"
     semver "^7.3.7"
     tsutils "^3.21.0"
 
-"@typescript-eslint/utils@5.54.1":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-5.54.1.tgz#7a3ee47409285387b9d4609ea7e1020d1797ec34"
-  integrity sha512-IY5dyQM8XD1zfDe5X8jegX6r2EVU5o/WJnLu/znLPWCBF7KNGC+adacXnt5jEYS9JixDcoccI6CvE4RCjHMzCQ==
+"@typescript-eslint/utils@5.55.0":
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-5.55.0.tgz#34e97322e7ae5b901e7a870aabb01dad90023341"
+  integrity sha512-FkW+i2pQKcpDC3AY6DU54yl8Lfl14FVGYDgBTyGKB75cCwV3KpkpTMFi9d9j2WAJ4271LR2HeC5SEWF/CZmmfw==
   dependencies:
+    "@eslint-community/eslint-utils" "^4.2.0"
     "@types/json-schema" "^7.0.9"
     "@types/semver" "^7.3.12"
-    "@typescript-eslint/scope-manager" "5.54.1"
-    "@typescript-eslint/types" "5.54.1"
-    "@typescript-eslint/typescript-estree" "5.54.1"
+    "@typescript-eslint/scope-manager" "5.55.0"
+    "@typescript-eslint/types" "5.55.0"
+    "@typescript-eslint/typescript-estree" "5.55.0"
     eslint-scope "^5.1.1"
-    eslint-utils "^3.0.0"
     semver "^7.3.7"
 
-"@typescript-eslint/visitor-keys@5.54.1":
-  version "5.54.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.54.1.tgz#d7a8a0f7181d6ac748f4d47b2306e0513b98bf8b"
-  integrity sha512-q8iSoHTgwCfgcRJ2l2x+xCbu8nBlRAlsQ33k24Adj8eoVBE0f8dUeI+bAa8F84Mv05UGbAx57g2zrRsYIooqQg==
+"@typescript-eslint/visitor-keys@5.55.0":
+  version "5.55.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.55.0.tgz#01ad414fca8367706d76cdb94adf788dc5b664a2"
+  integrity sha512-q2dlHHwWgirKh1D3acnuApXG+VNXpEY5/AwRxDVuEQpxWaB0jCDe0jFMVMALJ3ebSfuOVE8/rMS+9ZOYGg1GWw==
   dependencies:
-    "@typescript-eslint/types" "5.54.1"
+    "@typescript-eslint/types" "5.55.0"
     eslint-visitor-keys "^3.3.0"
 
-"@unhead/dom@1.1.20", "@unhead/dom@^1.1.19":
-  version "1.1.20"
-  resolved "https://registry.yarnpkg.com/@unhead/dom/-/dom-1.1.20.tgz#2273c6e7528dc966360c3eccf3820b2288952b46"
-  integrity sha512-LKd3Wq1myQmhea/5ysa9LsWWYFgtRhJ8D75PQfsIz9SOvjAUs6gNJi2Tv9adXr5gfFGXd0s2EMTLk/0IPTBwdg==
+"@unhead/dom@1.1.23", "@unhead/dom@^1.1.23":
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/@unhead/dom/-/dom-1.1.23.tgz#26bdeea7d806fb76757704293dcbb36be3a5c768"
+  integrity sha512-Ofa427IF7tMhL/Qw4JzlAbRVBnQjURZONcjhGHVOCoNLU+GAKfbDLBpR2r3kXQFFcv2aDKygoSVyxU6R0cLptw==
   dependencies:
-    "@unhead/schema" "1.1.20"
-    "@unhead/shared" "1.1.20"
+    "@unhead/schema" "1.1.23"
+    "@unhead/shared" "1.1.23"
 
-"@unhead/schema@1.1.20", "@unhead/schema@^1.1.19":
-  version "1.1.20"
-  resolved "https://registry.yarnpkg.com/@unhead/schema/-/schema-1.1.20.tgz#6cbcfa22e46dff0d59d92a0a6a43850349c0f450"
-  integrity sha512-XAMPCJjE+AhOW+HCYgxwNT7KX1Ch0y/byduJvM3kdwk4oA5lHRxF7M+s98FTZPpGJmlJr07CdW3l3w+qxmaJLQ==
+"@unhead/schema@1.1.23", "@unhead/schema@^1.1.23":
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/@unhead/schema/-/schema-1.1.23.tgz#804f4de801e4549868212a3b0a8cecfcb61bd8cd"
+  integrity sha512-ens8dY3ji8xLVutrcLnNmWq4dpBQIzvSHBr6yZqj7mF8RORXYNwJsY0LRAyAgTyv9aD5aEVpQIiz9s4f2+Nncg==
   dependencies:
     hookable "^5.4.2"
     zhead "^2.0.4"
 
-"@unhead/shared@1.1.20":
-  version "1.1.20"
-  resolved "https://registry.yarnpkg.com/@unhead/shared/-/shared-1.1.20.tgz#a925b2185819fa24b7710d7c9f7b83f900145810"
-  integrity sha512-8fJ1hB8bRw7JM9Lq98OSmLeDmajHHA9ymg8y7aDBC/R5lq+/WWSMtmXs+JNs4rsl+1gHPdl4YbjdEHp6OvcnpA==
+"@unhead/shared@1.1.23":
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/@unhead/shared/-/shared-1.1.23.tgz#59e78a48fed6ff3322d0aa94b9ab73627f0e95ba"
+  integrity sha512-6uFEn/DRainxc3IE+RTMV6AK4Xi8osg7qAUAVMz3KpF0EoHzGbBjVBuSrkf7CnrE9Eg+/QYGLdwTvONJHCcYOA==
   dependencies:
-    "@unhead/schema" "1.1.20"
+    "@unhead/schema" "1.1.23"
 
-"@unhead/ssr@^1.1.19":
-  version "1.1.20"
-  resolved "https://registry.yarnpkg.com/@unhead/ssr/-/ssr-1.1.20.tgz#fbdf73a4b51509aa5aae45ec42343c58ba140a6e"
-  integrity sha512-h+5rH4dMe+SorWJv2JiBVE8uchdXFbuSUfXtKBw/VmlBE69DXlZMEcIa2BDmp12wRiU9W8MtWOSvvPuBQ2Hm3g==
+"@unhead/ssr@^1.1.23":
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/@unhead/ssr/-/ssr-1.1.23.tgz#da1663e5ebf73b26a0f0353103eb2e95dc95122c"
+  integrity sha512-msxPjkHG2TtgTCRBFjTTTVHPOgGSmNtQCz3zjN1xxY1BRb7NdUN6Yure85qNt+yNUtcQ5C45NmJIxdNDjrJhlQ==
   dependencies:
-    "@unhead/schema" "1.1.20"
-    "@unhead/shared" "1.1.20"
+    "@unhead/schema" "1.1.23"
+    "@unhead/shared" "1.1.23"
 
-"@unhead/vue@^1.1.19":
-  version "1.1.20"
-  resolved "https://registry.yarnpkg.com/@unhead/vue/-/vue-1.1.20.tgz#3c3217ead0b1805abca4f3194fe6db66ca0947de"
-  integrity sha512-I6TaAcO+B+czD/W6I6HQ2EFu/aJ7r0/EEz4Ltlg/YrdKL1beqh2nDY+R1Xz43EqKS0yvxGTlJHJ9cBmtSP2b0g==
+"@unhead/vue@^1.1.23":
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/@unhead/vue/-/vue-1.1.23.tgz#fddb7303f5213df96275addc3c9a105f1eba3b4d"
+  integrity sha512-v693TmDYIZyVkZBW+YGyy4Zgl78gQZby84yXpok+E9tmqg2POQ9oG0ILdPNdlwLfWeSrhb8dTahWb68v608LdA==
   dependencies:
-    "@unhead/schema" "1.1.20"
-    "@unhead/shared" "1.1.20"
+    "@unhead/schema" "1.1.23"
+    "@unhead/shared" "1.1.23"
     hookable "^5.4.2"
-    unhead "1.1.20"
+    unhead "1.1.23"
 
 "@vitejs/plugin-vue@^4.0.0":
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/@vitejs/plugin-vue/-/plugin-vue-4.0.0.tgz#93815beffd23db46288c787352a8ea31a0c03e5e"
-  integrity sha512-e0X4jErIxAB5oLtDqbHvHpJe/uWNkdpYV83AOG2xo2tEVSzCzewgJMtREZM30wXnM5ls90hxiOtAuVU6H5JgbA==
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/@vitejs/plugin-vue/-/plugin-vue-4.1.0.tgz#b6a9d83cd91575f7ee15593f6444397f68751073"
+  integrity sha512-++9JOAFdcXI3lyer9UKUV4rfoQ3T1RN8yDqoCLar86s0xQct5yblxAE+yWgRnU5/0FOlVCpTZpYSBV/bGWrSrQ==
 
 "@vitest/coverage-c8@^0.29.2":
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/@vitest/coverage-c8/-/coverage-c8-0.29.2.tgz#30b81e32ff11c20e2f3ab78c84e21b4c6c08190c"
-  integrity sha512-NmD3WirQCeQjjKfHu4iEq18DVOBFbLn9TKVdMpyi5YW2EtnS+K22/WE+9/wRrepOhyeTxuEFgxUVkCAE1GhbnQ==
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/@vitest/coverage-c8/-/coverage-c8-0.29.3.tgz#c17d963a434e53f48a5c789846bd33c42406701a"
+  integrity sha512-VMhCCkkd9E2J1U3OVQop2fT7PRutqNA+kjaiXkYKz6+ap5TcH+m5+61oE6bJNGn/pN6i5cL6nDqzrbl9wixFng==
   dependencies:
     c8 "^7.13.0"
     picocolors "^1.0.0"
     std-env "^3.3.1"
 
-"@vitest/expect@0.29.2":
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/@vitest/expect/-/expect-0.29.2.tgz#7503aabd72764612b0bc8258bafa3232ccb81586"
-  integrity sha512-wjrdHB2ANTch3XKRhjWZN0UueFocH0cQbi2tR5Jtq60Nb3YOSmakjdAvUa2JFBu/o8Vjhj5cYbcMXkZxn1NzmA==
+"@vitest/expect@0.29.3":
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/@vitest/expect/-/expect-0.29.3.tgz#4b101ebcbaed608b20c2592cb7d833eb38e5bfa0"
+  integrity sha512-z/0JqBqqrdtrT/wzxNrWC76EpkOHdl+SvuNGxWulLaoluygntYyG5wJul5u/rQs5875zfFz/F+JaDf90SkLUIg==
   dependencies:
-    "@vitest/spy" "0.29.2"
-    "@vitest/utils" "0.29.2"
+    "@vitest/spy" "0.29.3"
+    "@vitest/utils" "0.29.3"
     chai "^4.3.7"
 
-"@vitest/runner@0.29.2":
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/@vitest/runner/-/runner-0.29.2.tgz#bbc7b239758de4158392bb343e48ee5a4aa507e1"
-  integrity sha512-A1P65f5+6ru36AyHWORhuQBJrOOcmDuhzl5RsaMNFe2jEkoj0faEszQS4CtPU/LxUYVIazlUtZTY0OEZmyZBnA==
+"@vitest/runner@0.29.3":
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/@vitest/runner/-/runner-0.29.3.tgz#dbc67d6642d7f5d67f6ee9f8d806070ed7244f39"
+  integrity sha512-XLi8ctbvOWhUWmuvBUSIBf8POEDH4zCh6bOuVxm/KGfARpgmVF1ku+vVNvyq85va+7qXxtl+MFmzyXQ2xzhAvw==
   dependencies:
-    "@vitest/utils" "0.29.2"
+    "@vitest/utils" "0.29.3"
     p-limit "^4.0.0"
     pathe "^1.1.0"
 
-"@vitest/spy@0.29.2":
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/@vitest/spy/-/spy-0.29.2.tgz#4210d844fabd9a68a1d2932d6a26c051bd089021"
-  integrity sha512-Hc44ft5kaAytlGL2PyFwdAsufjbdOvHklwjNy/gy/saRbg9Kfkxfh+PklLm1H2Ib/p586RkQeNFKYuJInUssyw==
+"@vitest/spy@0.29.3":
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/@vitest/spy/-/spy-0.29.3.tgz#2260daa94da036d44a1c91c56cb8e08ca1c189df"
+  integrity sha512-LLpCb1oOCOZcBm0/Oxbr1DQTuKLRBsSIHyLYof7z4QVE8/v8NcZKdORjMUq645fcfX55+nLXwU/1AQ+c2rND+w==
   dependencies:
     tinyspy "^1.0.2"
 
 "@vitest/ui@^0.29.2":
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/@vitest/ui/-/ui-0.29.2.tgz#b5c9d6e7c98163a5136c91760a602cf61edc473b"
-  integrity sha512-GpCExCMptrS1z3Xf6kz35Xdvjc2eTBy9OIIwW3HjePVxw9Q++ZoEaIBVimRTTGzSe40XiAI/ZyR0H0Ya9brqLA==
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/@vitest/ui/-/ui-0.29.3.tgz#568194b11d12d57610e755e0643fe8dc748cea68"
+  integrity sha512-6xJyLhfSBRCzMbI9ip4BI7KIMnIM5cqOFl1sj4GSuHfRai17Q3FYZRcNvgo4TlE0f38/MSXDfjOc35/ZepYIWw==
   dependencies:
     fast-glob "^3.2.12"
     flatted "^3.2.7"
@@ -2162,15 +2174,14 @@
     picocolors "^1.0.0"
     sirv "^2.0.2"
 
-"@vitest/utils@0.29.2":
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/@vitest/utils/-/utils-0.29.2.tgz#8990794a6855de19b59da80413dc5a1e1991da4d"
-  integrity sha512-F14/Uc+vCdclStS2KEoXJlOLAEyqRhnw0gM27iXw9bMTcyKRPJrQ+rlC6XZ125GIPvvKYMPpVxNhiou6PsEeYQ==
+"@vitest/utils@0.29.3":
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/@vitest/utils/-/utils-0.29.3.tgz#0e9eed6c61daa2d753031c1a5fda19755f48acd6"
+  integrity sha512-hg4Ff8AM1GtUnLpUJlNMxrf9f4lZr/xRJjh3uJ0QFP+vjaW82HAxKrmeBmLnhc8Os2eRf+f+VBu4ts7TafPPkA==
   dependencies:
     cli-truncate "^3.1.0"
     diff "^5.1.0"
     loupe "^2.3.6"
-    picocolors "^1.0.0"
     pretty-format "^27.5.1"
 
 "@vue-a11y/announcer@^2.1.0":
@@ -2183,10 +2194,12 @@
   resolved "https://registry.yarnpkg.com/@vue-a11y/skip-to/-/skip-to-2.1.2.tgz#a50f5b97605f5054ca7a7e222bdc721405e38f38"
   integrity sha512-oKx0YE/nfWSBI48RKHoRsUmpY0//rDPBZTGk1LxhkkUsXPwzuMlJBFrWGIswdd+3DiIE5OyiDaM45ZldYjtDIA==
 
-"@vue-leaflet/vue-leaflet@^0.8.0":
-  version "0.8.4"
-  resolved "https://registry.yarnpkg.com/@vue-leaflet/vue-leaflet/-/vue-leaflet-0.8.4.tgz#8a26606fd1c28e1ca8717aebd4c5c147057c6b29"
-  integrity sha512-FyD75jMKzBQCW4TrzRMrIBa8OwaUXaSeaDWJvp7FIjpZzk8niHBfpP+QirA/BT9536FJXviRkmwac3Z7YOQHKQ==
+"@vue-leaflet/vue-leaflet@^0.9.0":
+  version "0.9.0"
+  resolved "https://registry.yarnpkg.com/@vue-leaflet/vue-leaflet/-/vue-leaflet-0.9.0.tgz#f30bd18fedc6d9ef7bf4c6cc02f6fa7009658f6b"
+  integrity sha512-B5sxleSIFP0RK+7418BQirZ7oXa0t2dZrwfGI/0ABgaFLCWmHWP26w4soqrF5MlpThvhieAIUVIVuTdgXUenmA==
+  dependencies:
+    vue "^3.2.25"
 
 "@vue/apollo-composable@^4.0.0-beta.1":
   version "4.0.0-beta.4"
@@ -2310,9 +2323,9 @@
   integrity sha512-BHGyyGN3Q97EZx0taMQ+OLNuZcW3d37ZEVmEAyeoA9ERdGvm9Irc/0Fua8SNyOtV1w6BS4q25wbMzJujO9HIfQ==
 
 "@vue/test-utils@^2.0.2":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@vue/test-utils/-/test-utils-2.3.0.tgz#0793a2bd94135c0374a720c38f76244997c4316b"
-  integrity sha512-S8/9Z+B4VSsTUNtZtzS7J1TfxJbf10n+gcH9X8cASbG0Tp7qD6vqs/sUNlmpzk6i7+pP00ptauJp9rygyW89Ww==
+  version "2.3.1"
+  resolved "https://registry.yarnpkg.com/@vue/test-utils/-/test-utils-2.3.1.tgz#411883ea52091fa3e59d9b0b83f2934111c10776"
+  integrity sha512-tRtHRPEETQSUrqXgAewNZHm5iypxDFxwenfdcvMRm1kbGo4bcqHb1XHHlsaIjoDbLkuE2NYiF8vBQDNYrzlrSA==
   dependencies:
     js-beautify "1.14.6"
   optionalDependencies:
@@ -2330,14 +2343,14 @@
     vue-demi "*"
 
 "@vueuse/head@^1.0":
-  version "1.1.19"
-  resolved "https://registry.yarnpkg.com/@vueuse/head/-/head-1.1.19.tgz#41d397623cb9bbbf0cf206a24aa4c1e3633ceb60"
-  integrity sha512-ow6HqD0gDfz97rsS3CSJ3lKrQjMpvzK6gy2+N5reWyk6mOYzOpVx96iLYaq7KETDxC820aqx1SDukhXgEMwqCg==
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/@vueuse/head/-/head-1.1.23.tgz#a94a4457aed0768d4e9a595097b9d1716a67962b"
+  integrity sha512-bJiiQXrICvCI740jR2CLK+FhXyvMx2dIfyeF3FdOsYJn6OtexdBI2wchyuKNYmiAQ8cibAHxmDUytAFqIdIRJg==
   dependencies:
-    "@unhead/dom" "^1.1.19"
-    "@unhead/schema" "^1.1.19"
-    "@unhead/ssr" "^1.1.19"
-    "@unhead/vue" "^1.1.19"
+    "@unhead/dom" "^1.1.23"
+    "@unhead/schema" "^1.1.23"
+    "@unhead/ssr" "^1.1.23"
+    "@unhead/vue" "^1.1.23"
 
 "@vueuse/metadata@9.13.0":
   version "9.13.0"
@@ -2567,6 +2580,14 @@ argparse@^2.0.1:
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
   integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
 
+array-buffer-byte-length@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz#fabe8bc193fea865f317fe7807085ee0dee5aead"
+  integrity sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==
+  dependencies:
+    call-bind "^1.0.2"
+    is-array-buffer "^3.0.1"
+
 array-includes@^3.1.6:
   version "3.1.6"
   resolved "https://registry.yarnpkg.com/array-includes/-/array-includes-3.1.6.tgz#9e9e720e194f198266ba9e18c29e6a9b0e4b225f"
@@ -2629,12 +2650,12 @@ at-least-node@^1.0.0:
   integrity sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==
 
 autoprefixer@^10:
-  version "10.4.13"
-  resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.13.tgz#b5136b59930209a321e9fa3dca2e7c4d223e83a8"
-  integrity sha512-49vKpMqcZYsJjwotvt4+h/BCjJVnhGwcLpDt5xkcaOG3eLrG/HUYLagrihYsQ+qrIBgIzX1Rw7a6L8I/ZA1Atg==
+  version "10.4.14"
+  resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.14.tgz#e28d49902f8e759dd25b153264e862df2705f79d"
+  integrity sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==
   dependencies:
-    browserslist "^4.21.4"
-    caniuse-lite "^1.0.30001426"
+    browserslist "^4.21.5"
+    caniuse-lite "^1.0.30001464"
     fraction.js "^4.2.0"
     normalize-range "^0.1.2"
     picocolors "^1.0.0"
@@ -2738,7 +2759,7 @@ braces@^3.0.2, braces@~3.0.2:
   dependencies:
     fill-range "^7.0.1"
 
-browserslist@^4.21.3, browserslist@^4.21.4, browserslist@^4.21.5:
+browserslist@^4.21.3, browserslist@^4.21.5:
   version "4.21.5"
   resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.21.5.tgz#75c5dae60063ee641f977e00edd3cfb2fb7af6a7"
   integrity sha512-tUkiguQGW7S3IhB7N+c2MV/HZPSCPAAiYBZXLsBhFB/PCy6ZKKsZrmBayHV9fdGV/ARIfJ14NkxKzRDjvp7L6w==
@@ -2807,10 +2828,10 @@ camelcase-css@^2.0.1:
   resolved "https://registry.yarnpkg.com/camelcase-css/-/camelcase-css-2.0.1.tgz#ee978f6947914cc30c6b44741b6ed1df7f043fd5"
   integrity sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==
 
-caniuse-lite@^1.0.30001426, caniuse-lite@^1.0.30001449:
-  version "1.0.30001462"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001462.tgz#b2e801e37536d453731286857c8520d3dcee15fe"
-  integrity sha512-PDd20WuOBPiasZ7KbFnmQRyuLE7cFXW2PVd7dmALzbkUXEP46upAuCDm9eY9vho8fgNMGmbAX92QBZHzcnWIqw==
+caniuse-lite@^1.0.30001449, caniuse-lite@^1.0.30001464:
+  version "1.0.30001467"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001467.tgz#1afc9c16ed61f50dd87139da87ca43a3e0051c77"
+  integrity sha512-cEdN/5e+RPikvl9AHm4uuLXxeCNq8rFsQ+lPHTfe/OtypP3WwnVVbjn+6uBV7PaFL6xUFzTh+sSCOz1rKhcO+Q==
 
 capital-case@^1.0.4:
   version "1.0.4"
@@ -3015,9 +3036,9 @@ convert-source-map@^1.6.0, convert-source-map@^1.7.0:
   integrity sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==
 
 core-js-compat@^3.25.1:
-  version "3.29.0"
-  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.29.0.tgz#1b8d9eb4191ab112022e7f6364b99b65ea52f528"
-  integrity sha512-ScMn3uZNAFhK2DGoEfErguoiAHhV2Ju+oJo/jK08p7B3f3UhocUrCCkTvnZaiS+edl5nlIoiBXKcwMc6elv4KQ==
+  version "3.29.1"
+  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.29.1.tgz#15c0fb812ea27c973c18d425099afa50b934b41b"
+  integrity sha512-QmchCua884D8wWskMX8tW5ydINzd8oSJVx38lx/pVkFGqztxt73GYre3pm/hyYq8bPf+MW5In4I/uRShFDsbrA==
   dependencies:
     browserslist "^4.21.5"
 
@@ -3072,6 +3093,13 @@ cssstyle@^2.3.0:
   dependencies:
     cssom "~0.3.6"
 
+cssstyle@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/cssstyle/-/cssstyle-3.0.0.tgz#17ca9c87d26eac764bb8cfd00583cff21ce0277a"
+  integrity sha512-N4u2ABATi3Qplzf0hWbVCdjenim8F3ojEXpBDF5hBpjzW182MjNGLqfmQ0SkSPeQ+V86ZXgeH8aXj6kayd4jgg==
+  dependencies:
+    rrweb-cssom "^0.6.0"
+
 csstype@^2.6.8:
   version "2.6.21"
   resolved "https://registry.yarnpkg.com/csstype/-/csstype-2.6.21.tgz#2efb85b7cc55c80017c66a5ad7cbd931fda3a90e"
@@ -3091,6 +3119,15 @@ data-urls@^3.0.2:
     whatwg-mimetype "^3.0.0"
     whatwg-url "^11.0.0"
 
+data-urls@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-4.0.0.tgz#333a454eca6f9a5b7b0f1013ff89074c3f522dd4"
+  integrity sha512-/mMTei/JXPqvFqQtfyTowxmJVwr2PVAeCcDxyFf6LhoOu/09TX2OX3kb2wzi4DMXcfj4OItwDOnhl5oziPnT6g==
+  dependencies:
+    abab "^2.0.6"
+    whatwg-mimetype "^3.0.0"
+    whatwg-url "^12.0.0"
+
 date-fns-tz@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/date-fns-tz/-/date-fns-tz-2.0.0.tgz#1b14c386cb8bc16fc56fe333d4fc34ae1d1099d5"
@@ -3122,7 +3159,7 @@ debug@^3.2.7:
   dependencies:
     ms "^2.1.1"
 
-decimal.js@^10.4.2:
+decimal.js@^10.4.2, decimal.js@^10.4.3:
   version "10.4.3"
   resolved "https://registry.yarnpkg.com/decimal.js/-/decimal.js-10.4.3.tgz#1044092884d245d1b7f65725fa4ad4c6f781cc23"
   integrity sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA==
@@ -3140,9 +3177,9 @@ deep-is@^0.1.3, deep-is@~0.1.3:
   integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==
 
 deepmerge@^4.2.2:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.3.0.tgz#65491893ec47756d44719ae520e0e2609233b59b"
-  integrity sha512-z2wJZXrmeHdvYJp/Ux55wIjqo81G5Bp4c+oELTW+7ar6SogWHajt5a9gO3s3IDaGSAXjDk0vlQKN3rms8ab3og==
+  version "4.3.1"
+  resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.3.1.tgz#44b5f2147cd3b00d4b56137685966f26fd25dd4a"
+  integrity sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==
 
 define-lazy-prop@^2.0.0:
   version "2.0.0"
@@ -3296,16 +3333,16 @@ ee-first@1.1.1:
   integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
 
 ejs@^3.1.6:
-  version "3.1.8"
-  resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.8.tgz#758d32910c78047585c7ef1f92f9ee041c1c190b"
-  integrity sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==
+  version "3.1.9"
+  resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.9.tgz#03c9e8777fe12686a9effcef22303ca3d8eeb361"
+  integrity sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==
   dependencies:
     jake "^10.8.5"
 
 electron-to-chromium@^1.4.284:
-  version "1.4.322"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.322.tgz#e0afa1d115b66c1d47869db40d8f2f3729cecc16"
-  integrity sha512-KovjizNC9XB7dno/2GjxX8VS0SlfPpCjtyoKft+bCO+UfD8bFy16hY4Sh9s0h9BDxbRH2U0zX5VBjpM1LTcNlg==
+  version "1.4.332"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.332.tgz#b981fcf61587abe03c24b301b2cfbdcc2b70e8a5"
+  integrity sha512-c1Vbv5tuUlBFp0mb3mCIjw+REEsgthRgNE8BlbEDKmvzb8rxjcVki6OkQP83vLN34s0XCxpSkq7AZNep1a6xhw==
 
 emoji-regex@^8.0.0:
   version "8.0.0"
@@ -3338,17 +3375,17 @@ entities@~3.0.1:
   integrity sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==
 
 es-abstract@^1.19.0, es-abstract@^1.20.4:
-  version "1.21.1"
-  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.21.1.tgz#e6105a099967c08377830a0c9cb589d570dd86c6"
-  integrity sha512-QudMsPOz86xYz/1dG1OuGBKOELjCh99IIWHLzy5znUB6j8xG2yMA7bfTV86VSqKF+Y/H08vQPR+9jyXpuC6hfg==
+  version "1.21.2"
+  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.21.2.tgz#a56b9695322c8a185dc25975aa3b8ec31d0e7eff"
+  integrity sha512-y/B5POM2iBnIxCiernH1G7rC9qQoM77lLIMQLuob0zhp8C56Po81+2Nj0WFKnd0pNReDTnkYryc+zhOzpEIROg==
   dependencies:
+    array-buffer-byte-length "^1.0.0"
     available-typed-arrays "^1.0.5"
     call-bind "^1.0.2"
     es-set-tostringtag "^2.0.1"
     es-to-primitive "^1.2.1"
-    function-bind "^1.1.1"
     function.prototype.name "^1.1.5"
-    get-intrinsic "^1.1.3"
+    get-intrinsic "^1.2.0"
     get-symbol-description "^1.0.0"
     globalthis "^1.0.3"
     gopd "^1.0.1"
@@ -3356,8 +3393,8 @@ es-abstract@^1.19.0, es-abstract@^1.20.4:
     has-property-descriptors "^1.0.0"
     has-proto "^1.0.1"
     has-symbols "^1.0.3"
-    internal-slot "^1.0.4"
-    is-array-buffer "^3.0.1"
+    internal-slot "^1.0.5"
+    is-array-buffer "^3.0.2"
     is-callable "^1.2.7"
     is-negative-zero "^2.0.2"
     is-regex "^1.1.4"
@@ -3365,11 +3402,12 @@ es-abstract@^1.19.0, es-abstract@^1.20.4:
     is-string "^1.0.7"
     is-typed-array "^1.1.10"
     is-weakref "^1.0.2"
-    object-inspect "^1.12.2"
+    object-inspect "^1.12.3"
     object-keys "^1.1.1"
     object.assign "^4.1.4"
     regexp.prototype.flags "^1.4.3"
     safe-regex-test "^1.0.0"
+    string.prototype.trim "^1.2.7"
     string.prototype.trimend "^1.0.6"
     string.prototype.trimstart "^1.0.6"
     typed-array-length "^1.0.4"
@@ -3401,33 +3439,33 @@ es-to-primitive@^1.2.1:
     is-date-object "^1.0.1"
     is-symbol "^1.0.2"
 
-esbuild@^0.16.14:
-  version "0.16.17"
-  resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.16.17.tgz#fc2c3914c57ee750635fee71b89f615f25065259"
-  integrity sha512-G8LEkV0XzDMNwXKgM0Jwu3nY3lSTwSGY6XbxM9cr9+s0T/qSV1q1JVPBGzm3dcjhCic9+emZDmMffkwgPeOeLg==
+esbuild@^0.17.5:
+  version "0.17.12"
+  resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.17.12.tgz#2ad7523bf1bc01881e9d904bc04e693bd3bdcf2f"
+  integrity sha512-bX/zHl7Gn2CpQwcMtRogTTBf9l1nl+H6R8nUbjk+RuKqAE3+8FDulLA+pHvX7aA7Xe07Iwa+CWvy9I8Y2qqPKQ==
   optionalDependencies:
-    "@esbuild/android-arm" "0.16.17"
-    "@esbuild/android-arm64" "0.16.17"
-    "@esbuild/android-x64" "0.16.17"
-    "@esbuild/darwin-arm64" "0.16.17"
-    "@esbuild/darwin-x64" "0.16.17"
-    "@esbuild/freebsd-arm64" "0.16.17"
-    "@esbuild/freebsd-x64" "0.16.17"
-    "@esbuild/linux-arm" "0.16.17"
-    "@esbuild/linux-arm64" "0.16.17"
-    "@esbuild/linux-ia32" "0.16.17"
-    "@esbuild/linux-loong64" "0.16.17"
-    "@esbuild/linux-mips64el" "0.16.17"
-    "@esbuild/linux-ppc64" "0.16.17"
-    "@esbuild/linux-riscv64" "0.16.17"
-    "@esbuild/linux-s390x" "0.16.17"
-    "@esbuild/linux-x64" "0.16.17"
-    "@esbuild/netbsd-x64" "0.16.17"
-    "@esbuild/openbsd-x64" "0.16.17"
-    "@esbuild/sunos-x64" "0.16.17"
-    "@esbuild/win32-arm64" "0.16.17"
-    "@esbuild/win32-ia32" "0.16.17"
-    "@esbuild/win32-x64" "0.16.17"
+    "@esbuild/android-arm" "0.17.12"
+    "@esbuild/android-arm64" "0.17.12"
+    "@esbuild/android-x64" "0.17.12"
+    "@esbuild/darwin-arm64" "0.17.12"
+    "@esbuild/darwin-x64" "0.17.12"
+    "@esbuild/freebsd-arm64" "0.17.12"
+    "@esbuild/freebsd-x64" "0.17.12"
+    "@esbuild/linux-arm" "0.17.12"
+    "@esbuild/linux-arm64" "0.17.12"
+    "@esbuild/linux-ia32" "0.17.12"
+    "@esbuild/linux-loong64" "0.17.12"
+    "@esbuild/linux-mips64el" "0.17.12"
+    "@esbuild/linux-ppc64" "0.17.12"
+    "@esbuild/linux-riscv64" "0.17.12"
+    "@esbuild/linux-s390x" "0.17.12"
+    "@esbuild/linux-x64" "0.17.12"
+    "@esbuild/netbsd-x64" "0.17.12"
+    "@esbuild/openbsd-x64" "0.17.12"
+    "@esbuild/sunos-x64" "0.17.12"
+    "@esbuild/win32-arm64" "0.17.12"
+    "@esbuild/win32-ia32" "0.17.12"
+    "@esbuild/win32-x64" "0.17.12"
 
 escalade@^3.1.1:
   version "3.1.1"
@@ -3557,12 +3595,14 @@ eslint-visitor-keys@^3.1.0, eslint-visitor-keys@^3.3.0:
   integrity sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==
 
 eslint@^8.21.0, eslint@^8.7.0:
-  version "8.35.0"
-  resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.35.0.tgz#fffad7c7e326bae606f0e8f436a6158566d42323"
-  integrity sha512-BxAf1fVL7w+JLRQhWl2pzGeSiGqbWumV4WNvc9Rhp6tiCtm4oHnyPBSEtMGZwrQgudFQ+otqzWoPB7x+hxoWsw==
+  version "8.36.0"
+  resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.36.0.tgz#1bd72202200a5492f91803b113fb8a83b11285cf"
+  integrity sha512-Y956lmS7vDqomxlaaQAHVmeb4tNMp2FWIvU/RnU5BD3IKMD/MJPr76xdyr68P8tV1iNMvN2mRK0yy3c+UjL+bw==
   dependencies:
-    "@eslint/eslintrc" "^2.0.0"
-    "@eslint/js" "8.35.0"
+    "@eslint-community/eslint-utils" "^4.2.0"
+    "@eslint-community/regexpp" "^4.4.0"
+    "@eslint/eslintrc" "^2.0.1"
+    "@eslint/js" "8.36.0"
     "@humanwhocodes/config-array" "^0.11.8"
     "@humanwhocodes/module-importer" "^1.0.1"
     "@nodelib/fs.walk" "^1.2.8"
@@ -3573,9 +3613,8 @@ eslint@^8.21.0, eslint@^8.7.0:
     doctrine "^3.0.0"
     escape-string-regexp "^4.0.0"
     eslint-scope "^7.1.1"
-    eslint-utils "^3.0.0"
     eslint-visitor-keys "^3.3.0"
-    espree "^9.4.0"
+    espree "^9.5.0"
     esquery "^1.4.2"
     esutils "^2.0.2"
     fast-deep-equal "^3.1.3"
@@ -3597,15 +3636,14 @@ eslint@^8.21.0, eslint@^8.7.0:
     minimatch "^3.1.2"
     natural-compare "^1.4.0"
     optionator "^0.9.1"
-    regexpp "^3.2.0"
     strip-ansi "^6.0.1"
     strip-json-comments "^3.1.0"
     text-table "^0.2.0"
 
-espree@^9.0.0, espree@^9.3.1, espree@^9.4.0:
-  version "9.4.1"
-  resolved "https://registry.yarnpkg.com/espree/-/espree-9.4.1.tgz#51d6092615567a2c2cff7833445e37c28c0065bd"
-  integrity sha512-XwctdmTO6SIvCzd9810yyNzIrOrqNYV9Koizx4C/mRhf9uq0o4yHoCEU/670pOxOL/MSraektvSAji79kX90Vg==
+espree@^9.0.0, espree@^9.3.1, espree@^9.5.0:
+  version "9.5.0"
+  resolved "https://registry.yarnpkg.com/espree/-/espree-9.5.0.tgz#3646d4e3f58907464edba852fa047e6a27bdf113"
+  integrity sha512-JPbJGhKc47++oo4JkEoTe2wjy4fmMwvFpgJT9cQzmfXKp22Dr6Hf1tdCteLz1h0P3t+mGvWZ+4Uankvh8+c6zw==
   dependencies:
     acorn "^8.8.0"
     acorn-jsx "^5.3.2"
@@ -3990,9 +4028,9 @@ gopd@^1.0.1:
     get-intrinsic "^1.1.3"
 
 graceful-fs@^4.1.6, graceful-fs@^4.2.0:
-  version "4.2.10"
-  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
-  integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
+  version "4.2.11"
+  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
+  integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==
 
 grapheme-splitter@^1.0.4:
   version "1.0.4"
@@ -4095,9 +4133,9 @@ header-case@^2.0.4:
     tslib "^2.0.3"
 
 histoire@^0.15.8:
-  version "0.15.8"
-  resolved "https://registry.yarnpkg.com/histoire/-/histoire-0.15.8.tgz#ac2eebcb59b0fb739b1b22a702dcc7695603e685"
-  integrity sha512-weDuhDeguNy+9MNTm04OCk2tyJCKndzxp9pcOivxrIeuwmxA1nv7L5bye1YG7gjKWEOuifxRt9VWYAHo2Nc8VA==
+  version "0.15.9"
+  resolved "https://registry.yarnpkg.com/histoire/-/histoire-0.15.9.tgz#f9c1862e07d5a0646015d1dcbd3d488abf892bff"
+  integrity sha512-Mb9185Sq/SckVhtHpUdf3dqSrAdf9HDsOFbTcBIZ6W9TYCdsSLY5kLzPU2sHaHHM/myxh5DC+9SLBaTFeNJSug==
   dependencies:
     "@akryum/tinypool" "^0.3.1"
     "@histoire/app" "^0.15.8"
@@ -4139,9 +4177,9 @@ hoist-non-react-statics@^3.3.2:
     react-is "^16.7.0"
 
 hookable@^5.4.2:
-  version "5.4.2"
-  resolved "https://registry.yarnpkg.com/hookable/-/hookable-5.4.2.tgz#6a1d3c4b3cb5b4262f99b3070ce0ee92c9c78049"
-  integrity sha512-6rOvaUiNKy9lET1X0ECnyZ5O5kSV0PJbtA5yZUgdEF7fGJEVwSLSislltyt7nFwVVALYHQJtfGeAR2Y0A0uJkg==
+  version "5.5.1"
+  resolved "https://registry.yarnpkg.com/hookable/-/hookable-5.5.1.tgz#3a842c66be72a9cb14043d8e6afa5bc094c831c5"
+  integrity sha512-ac50aYjbtRMMZEtTG0qnVaBDA+1lqL9fHzDnxMQlVuO6LZWcBB7NXjIu9H9iImClewNdrit4RiEzi9QpRTgKrg==
 
 html-encoding-sniffer@^3.0.0:
   version "3.0.0"
@@ -4200,9 +4238,9 @@ ignore@^5.2.0:
   integrity sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==
 
 immutable@^4.0.0:
-  version "4.2.4"
-  resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.2.4.tgz#83260d50889526b4b531a5e293709a77f7c55a2a"
-  integrity sha512-WDxL3Hheb1JkRN3sQkyujNlL/xRjAo3rJtaU5xeufUauG66JdMr32bLj4gF+vWl84DIA3Zxw7tiAjneYzRRw+w==
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.0.tgz#eb1738f14ffb39fd068b1dbe1296117484dd34be"
+  integrity sha512-0AOCmOip+xgJwEVTQj1EfiDDOkPmuyllDuTuEX+DDXUgapLAsBIfkg3sxCYyCEA8mQqZrrxPUGjcOQ2JS3WLkg==
 
 import-fresh@^3.0.0, import-fresh@^3.2.1:
   version "3.3.0"
@@ -4240,7 +4278,7 @@ ini@^1.3.4:
   resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
   integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
-internal-slot@^1.0.3, internal-slot@^1.0.4:
+internal-slot@^1.0.3, internal-slot@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.5.tgz#f2a2ee21f668f8627a4667f309dc0f4fb6674986"
   integrity sha512-Y+R5hJrzs52QCG2laLn4udYVnxsfny9CpOhNhUvk/SSSVyF6T27FzRbF0sroPidSu3X8oEAkOn2K804mjpt6UQ==
@@ -4254,7 +4292,7 @@ intersection-observer@^0.12.0:
   resolved "https://registry.yarnpkg.com/intersection-observer/-/intersection-observer-0.12.2.tgz#4a45349cc0cd91916682b1f44c28d7ec737dc375"
   integrity sha512-7m1vEcPCxXYI8HqnL8CKI6siDyD+eIWSwgB3DZA+ZTogxk9I4CDnj4wilt9x/+/QbHI4YG5YZNmC6458/e9Ktg==
 
-is-array-buffer@^3.0.1:
+is-array-buffer@^3.0.1, is-array-buffer@^3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.2.tgz#f2653ced8412081638ecb0ebbd0c41c6e0aecbbe"
   integrity sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==
@@ -4518,9 +4556,9 @@ jest-worker@^26.2.1:
     supports-color "^7.0.0"
 
 jiti@^1.16.0:
-  version "1.17.2"
-  resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.17.2.tgz#9e193d171c76b1c518a46c243c410c0462fe22d1"
-  integrity sha512-Xf0nU8+8wuiQpLcqdb2HRyHqYwGk2Pd+F7kstyp20ZuqTyCmB9dqpX2NxaxFc1kovraa2bG6c1RL3W7XfapiZg==
+  version "1.18.2"
+  resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.18.2.tgz#80c3ef3d486ebf2450d9335122b32d121f2a83cd"
+  integrity sha512-QAdOptna2NYiSSpv0O/BwoHBSmz4YhpzJHyi+fnMRTXFjp7B8i/YG5Z8IfusxB1ufjcD2Sre1F3R+nX3fvy7gg==
 
 js-beautify@1.14.6:
   version "1.14.6"
@@ -4590,17 +4628,16 @@ jsdom@^20.0.3:
     xml-name-validator "^4.0.0"
 
 jsdom@^21.1.0:
-  version "21.1.0"
-  resolved "https://registry.yarnpkg.com/jsdom/-/jsdom-21.1.0.tgz#d56ba4a84ed478260d83bd53dc181775f2d8e6ef"
-  integrity sha512-m0lzlP7qOtthD918nenK3hdItSd2I+V3W9IrBcB36sqDwG+KnUs66IF5GY7laGWUnlM9vTsD0W1QwSEBYWWcJg==
+  version "21.1.1"
+  resolved "https://registry.yarnpkg.com/jsdom/-/jsdom-21.1.1.tgz#ab796361e3f6c01bcfaeda1fea3c06197ac9d8ae"
+  integrity sha512-Jjgdmw48RKcdAIQyUD1UdBh2ecH7VqwaXPN3ehoZN6MqgVbMn+lRm1aAT1AsdJRAJpwfa4IpwgzySn61h2qu3w==
   dependencies:
     abab "^2.0.6"
-    acorn "^8.8.1"
+    acorn "^8.8.2"
     acorn-globals "^7.0.0"
-    cssom "^0.5.0"
-    cssstyle "^2.3.0"
-    data-urls "^3.0.2"
-    decimal.js "^10.4.2"
+    cssstyle "^3.0.0"
+    data-urls "^4.0.0"
+    decimal.js "^10.4.3"
     domexception "^4.0.0"
     escodegen "^2.0.0"
     form-data "^4.0.0"
@@ -4609,7 +4646,8 @@ jsdom@^21.1.0:
     https-proxy-agent "^5.0.1"
     is-potential-custom-element-name "^1.0.1"
     nwsapi "^2.2.2"
-    parse5 "^7.1.1"
+    parse5 "^7.1.2"
+    rrweb-cssom "^0.6.0"
     saxes "^6.0.0"
     symbol-tree "^3.2.4"
     tough-cookie "^4.1.2"
@@ -4617,8 +4655,8 @@ jsdom@^21.1.0:
     webidl-conversions "^7.0.0"
     whatwg-encoding "^2.0.0"
     whatwg-mimetype "^3.0.0"
-    whatwg-url "^11.0.0"
-    ws "^8.11.0"
+    whatwg-url "^12.0.1"
+    ws "^8.13.0"
     xml-name-validator "^4.0.0"
 
 jsesc@^2.5.1:
@@ -4981,14 +5019,14 @@ minimist@^1.2.0, minimist@^1.2.6:
   integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
 
 mlly@^1.1.0, mlly@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/mlly/-/mlly-1.1.1.tgz#f1838b14795e2cc284aa4ebcc76a258a52e6f537"
-  integrity sha512-Jnlh4W/aI4GySPo6+DyTN17Q75KKbLTyFK8BrGhjNP4rxuUjbRWhE6gHg3bs33URWAF44FRm7gdQA348i3XxRw==
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/mlly/-/mlly-1.2.0.tgz#f0f6c2fc8d2d12ea6907cd869066689b5031b613"
+  integrity sha512-+c7A3CV0KGdKcylsI6khWyts/CYrGTrRVo4R/I7u/cUsy0Conxa6LUhiEzVKIw14lc2L5aiO4+SeVe4TeGRKww==
   dependencies:
     acorn "^8.8.2"
     pathe "^1.1.0"
-    pkg-types "^1.0.1"
-    ufo "^1.1.0"
+    pkg-types "^1.0.2"
+    ufo "^1.1.1"
 
 mock-apollo-client@^1.1.0:
   version "1.2.1"
@@ -5092,7 +5130,7 @@ object-hash@^3.0.0:
   resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-3.0.0.tgz#73f97f753e7baffc0e2cc9d6e079079744ac82e9"
   integrity sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==
 
-object-inspect@^1.12.2, object-inspect@^1.9.0:
+object-inspect@^1.12.3, object-inspect@^1.9.0:
   version "1.12.3"
   resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9"
   integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==
@@ -5241,7 +5279,7 @@ parse-srcset@^1.0.2:
   resolved "https://registry.yarnpkg.com/parse-srcset/-/parse-srcset-1.0.2.tgz#f2bd221f6cc970a938d88556abc589caaaa2bde1"
   integrity sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==
 
-parse5@^7.1.1:
+parse5@^7.1.1, parse5@^7.1.2:
   version "7.1.2"
   resolved "https://registry.yarnpkg.com/parse5/-/parse5-7.1.2.tgz#0736bebbfd77793823240a23b7fc5e010b7f8e32"
   integrity sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==
@@ -5329,7 +5367,7 @@ pify@^2.3.0:
   resolved "https://registry.yarnpkg.com/pify/-/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c"
   integrity sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==
 
-pkg-types@^1.0.1:
+pkg-types@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/pkg-types/-/pkg-types-1.0.2.tgz#c233efc5210a781e160e0cafd60c0d0510a4b12e"
   integrity sha512-hM58GKXOcj8WTqUXnsQyJYXdeAPbythQgEF3nTcEo+nkD49chjQ9IKm/QJy9xf6JakXptz86h7ecP2024rrLaQ==
@@ -5633,9 +5671,9 @@ prosemirror-transform@^1.0.0, prosemirror-transform@^1.1.0, prosemirror-transfor
     prosemirror-model "^1.0.0"
 
 prosemirror-view@^1.0.0, prosemirror-view@^1.1.0, prosemirror-view@^1.13.3, prosemirror-view@^1.27.0, prosemirror-view@^1.28.2:
-  version "1.30.1"
-  resolved "https://registry.yarnpkg.com/prosemirror-view/-/prosemirror-view-1.30.1.tgz#7cf0ae8dc8553a02c32961e82eca25079c4d8fc9"
-  integrity sha512-pZUfr7lICJkEY7XwzldAKrkflZDeIvnbfuu2RIS01N5NwJmR/dfZzDzJRzhb3SM2QtT/bM8b4Nnib8X3MGpAhA==
+  version "1.30.2"
+  resolved "https://registry.yarnpkg.com/prosemirror-view/-/prosemirror-view-1.30.2.tgz#57a9d15c5baa454f0d0f4a3028ddbd9be1e8ed9b"
+  integrity sha512-nTNzZvalQf9kHeEyO407LiV6DoOs/pXsid88UqW9Vvybo4ozJW2PJhkfZUxCUF1hR/9vJLdhxX84wuw9P9HsXA==
   dependencies:
     prosemirror-model "^1.16.0"
     prosemirror-state "^1.0.0"
@@ -5656,7 +5694,7 @@ psl@^1.1.33:
   resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7"
   integrity sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==
 
-punycode@^2.1.0, punycode@^2.1.1:
+punycode@^2.1.0, punycode@^2.1.1, punycode@^2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.0.tgz#f67fa67c94da8f4d0cfff981aee4118064199b8f"
   integrity sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==
@@ -5755,15 +5793,10 @@ regexp.prototype.flags@^1.4.3:
     define-properties "^1.1.3"
     functions-have-names "^1.2.2"
 
-regexpp@^3.2.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-3.2.0.tgz#0425a2768d8f23bad70ca4b90461fa2f1213e1b2"
-  integrity sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==
-
 regexpu-core@^5.3.1:
-  version "5.3.1"
-  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-5.3.1.tgz#66900860f88def39a5cb79ebd9490e84f17bcdfb"
-  integrity sha512-nCOzW2V/X15XpLsK2rlgdwrysrBq+AauCn+omItIz4R1pIcmeot5zvjdmOBRLzEH/CkC6IxMJVmxDe3QcMuNVQ==
+  version "5.3.2"
+  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-5.3.2.tgz#11a2b06884f3527aec3e93dbbf4a3b958a95546b"
+  integrity sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ==
   dependencies:
     "@babel/regjsgen" "^0.8.0"
     regenerate "^1.4.2"
@@ -5862,10 +5895,10 @@ rollup@^2.43.1:
   optionalDependencies:
     fsevents "~2.3.2"
 
-rollup@^3.10.0, rollup@^3.7.2:
-  version "3.18.0"
-  resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.18.0.tgz#2354ba63ba66d6a09c652c3ea0dbcd9dad72bbde"
-  integrity sha512-J8C6VfEBjkvYPESMQYxKHxNOh4A5a3FlP+0BETGo34HEcE4eTlgCrO2+eWzlu2a/sHs2QUkZco+wscH7jhhgWg==
+rollup@^3.18.0, rollup@^3.7.2:
+  version "3.19.1"
+  resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.19.1.tgz#2b3a31ac1ff9f3afab2e523fa687fef5b0ee20fc"
+  integrity sha512-lAbrdN7neYCg/8WaoWn/ckzCtz+jr70GFfYdlf50OF7387HTg+wiuiqJRFYawwSPpqfqDNYqK7smY/ks2iAudg==
   optionalDependencies:
     fsevents "~2.3.2"
 
@@ -5874,6 +5907,11 @@ rope-sequence@^1.3.0:
   resolved "https://registry.yarnpkg.com/rope-sequence/-/rope-sequence-1.3.3.tgz#3f67fc106288b84b71532b4a5fd9d4881e4457f0"
   integrity sha512-85aZYCxweiD5J8yTEbw+E6A27zSnLPNDL0WfPdw3YYodq7WjnTKo0q4dtyQ2gz23iPT8Q9CUyJtAaUNcTxRf5Q==
 
+rrweb-cssom@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/rrweb-cssom/-/rrweb-cssom-0.6.0.tgz#ed298055b97cbddcdeb278f904857629dec5e0e1"
+  integrity sha512-APM0Gt1KoXBz0iIkkdB/kfvGOwC4UuJFeG/c+yV7wSc7q96cG/kJ0HiYCnzivD9SB53cLV1MlHFNfOuPaadYSw==
+
 run-parallel@^1.1.9:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/run-parallel/-/run-parallel-1.2.0.tgz#66d1368da7bdf921eb9d95bd1a9229e7f21a43ee"
@@ -5927,9 +5965,9 @@ sanitize-html@^2.5.3:
     postcss "^8.3.11"
 
 sass@^1.34.1:
-  version "1.58.3"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.58.3.tgz#2348cc052061ba4f00243a208b09c40e031f270d"
-  integrity sha512-Q7RaEtYf6BflYrQ+buPudKR26/lH+10EmO9bBqbmPh/KeLqv8bjpTNqxe71ocONqXq+jYiCbpPUmQMS+JJPk4A==
+  version "1.59.3"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.59.3.tgz#a1ddf855d75c70c26b4555df4403e1bbf8e4403f"
+  integrity sha512-QCq98N3hX1jfTCoUAsF3eyGuXLsY7BCnCEg9qAact94Yc21npG2/mVOqoDvE0fCbWDqiM4WlcJQla0gWG2YlxQ==
   dependencies:
     chokidar ">=3.0.0 <4.0.0"
     immutable "^4.0.0"
@@ -6156,6 +6194,15 @@ string.prototype.matchall@^4.0.6:
     regexp.prototype.flags "^1.4.3"
     side-channel "^1.0.4"
 
+string.prototype.trim@^1.2.7:
+  version "1.2.7"
+  resolved "https://registry.yarnpkg.com/string.prototype.trim/-/string.prototype.trim-1.2.7.tgz#a68352740859f6893f14ce3ef1bb3037f7a90533"
+  integrity sha512-p6TmeT1T3411M8Cgg9wBTMRtY2q9+PNy9EV1i2lIXUN/btt763oIfxwN3RR8VU6wHX8j/1CFy0L+YuThm6bgOg==
+  dependencies:
+    call-bind "^1.0.2"
+    define-properties "^1.1.4"
+    es-abstract "^1.20.4"
+
 string.prototype.trimend@^1.0.6:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz#c4a27fa026d979d79c04f17397f250a462944533"
@@ -6232,9 +6279,9 @@ strip-literal@^1.0.0:
     acorn "^8.8.2"
 
 style-mod@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/style-mod/-/style-mod-4.0.0.tgz#97e7c2d68b592975f2ca7a63d0dd6fcacfe35a01"
-  integrity sha512-OPhtyEjyyN9x3nhPsu76f52yUGXiZcgvsrFVtvTkyGRQJ0XK+GPc6ov1z+lRpbeabka+MYEQxOYRnt5nF30aMw==
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/style-mod/-/style-mod-4.0.2.tgz#ef9e14c4c67428bcf31cc886787e81ca7f8f5021"
+  integrity sha512-C4myMmRTO8iaC5Gg+N1ftK2WT4eXUTMAa+HEFPPrfVeO/NtqLTtAmV1HbqnuGtLwCek44Ra76fdGUkSqjiMPcQ==
 
 supports-color@^2.0.0:
   version "2.0.0"
@@ -6315,9 +6362,9 @@ tempy@^0.6.0:
     unique-string "^2.0.0"
 
 terser@^5.0.0:
-  version "5.16.5"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-5.16.5.tgz#1c285ca0655f467f92af1bbab46ab72d1cb08e5a"
-  integrity sha512-qcwfg4+RZa3YvlFh0qjifnzBHjKGNbtDo9yivMqMFDy9Q6FSaQWSB/j1xKhsoUFJIqDOM3TsN6D5xbrMrFcHbg==
+  version "5.16.6"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.16.6.tgz#f6c7a14a378ee0630fbe3ac8d1f41b4681109533"
+  integrity sha512-IBZ+ZQIA9sMaXmRZCUMDjNH0D5AQQfdn4WUjHL0+1lF4TP1IHRJbrhb6fNaXWikrYQTSkb7SLxkeXAiy1p7mbg==
   dependencies:
     "@jridgewell/source-map" "^0.3.2"
     acorn "^8.5.0"
@@ -6406,6 +6453,13 @@ tr46@^3.0.0:
   dependencies:
     punycode "^2.1.1"
 
+tr46@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/tr46/-/tr46-4.1.1.tgz#281a758dcc82aeb4fe38c7dfe4d11a395aac8469"
+  integrity sha512-2lv/66T7e5yNyhAAC4NaKe5nVavzuGJQVVtRYLyQ2OI8tsJ61PMLlelehb0wi2Hx6+hT/OJUWZcw8MjlSRnxvw==
+  dependencies:
+    punycode "^2.3.0"
+
 ts-essentials@^9.1.2:
   version "9.3.1"
   resolved "https://registry.yarnpkg.com/ts-essentials/-/ts-essentials-9.3.1.tgz#f2d1e1584ef53c0251012258338421d7cf78a4d0"
@@ -6495,17 +6549,22 @@ typed-array-length@^1.0.4:
     for-each "^0.3.3"
     is-typed-array "^1.1.9"
 
-typescript@^4.5.4, typescript@~4.9.4:
+typescript@^4.5.4:
   version "4.9.5"
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.5.tgz#095979f9bcc0d09da324d58d03ce8f8374cbe65a"
   integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==
 
+typescript@~5.0.0:
+  version "5.0.2"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.0.2.tgz#891e1a90c5189d8506af64b9ef929fca99ba1ee5"
+  integrity sha512-wVORMBGO/FAs/++blGNeAVdbNKtIh1rbBL2EyQ1+J9lClJ93KiiKe8PmFIVdXhHcyv44SL9oglmfeSsndo0jRw==
+
 uc.micro@^1.0.1, uc.micro@^1.0.5:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/uc.micro/-/uc.micro-1.0.6.tgz#9c411a802a409a91fc6cf74081baba34b24499ac"
   integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==
 
-ufo@^1.1.0:
+ufo@^1.1.1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.1.1.tgz#e70265e7152f3aba425bd013d150b2cdf4056d7c"
   integrity sha512-MvlCc4GHrmZdAllBc0iUDowff36Q9Ndw/UzqmEKyrfSzokTd9ZCy1i+IIk5hrYKkjoYVQyNbrw7/F8XJ2rEwTg==
@@ -6525,14 +6584,14 @@ unfetch@^5.0.0:
   resolved "https://registry.yarnpkg.com/unfetch/-/unfetch-5.0.0.tgz#8a5b6e5779ebe4dde0049f7d7a81d4a1af99d142"
   integrity sha512-3xM2c89siXg0nHvlmYsQ2zkLASvVMBisZm5lF3gFDqfF2xonNStDJyMpvaOBe0a1Edxmqrf2E0HBdmy9QyZaeg==
 
-unhead@1.1.20:
-  version "1.1.20"
-  resolved "https://registry.yarnpkg.com/unhead/-/unhead-1.1.20.tgz#4b100432ab34e24f6b2b07a7dfb3db19f382b955"
-  integrity sha512-fic5YOINP2BD5PvyF05FIayIRaRYjujhuJ2uo2dIpLItAIBHYmBsTEkljsrwC+EULNfeC3Rf4UHxmr8u0EewCA==
+unhead@1.1.23:
+  version "1.1.23"
+  resolved "https://registry.yarnpkg.com/unhead/-/unhead-1.1.23.tgz#061f1eecaed1f25ed85e0a226ec83c9b942e9eac"
+  integrity sha512-nM74sM3+puqhHLC9cbwk0rOsjZR41aP0UJeQcoYVuzFlX0+abECgPkpkSI+/HZsXeRVTGxs9WWmjiFHaG18DrQ==
   dependencies:
-    "@unhead/dom" "1.1.20"
-    "@unhead/schema" "1.1.20"
-    "@unhead/shared" "1.1.20"
+    "@unhead/dom" "1.1.23"
+    "@unhead/schema" "1.1.23"
+    "@unhead/shared" "1.1.23"
     hookable "^5.4.2"
 
 unicode-canonical-property-names-ecmascript@^2.0.0:
@@ -6655,10 +6714,10 @@ vite-node@0.28.4:
     source-map-support "^0.5.21"
     vite "^3.0.0 || ^4.0.0"
 
-vite-node@0.29.2:
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/vite-node/-/vite-node-0.29.2.tgz#463626197e248971774075faf3d6896c29cf8062"
-  integrity sha512-5oe1z6wzI3gkvc4yOBbDBbgpiWiApvuN4P55E8OI131JGrSuo4X3SOZrNmZYo4R8Zkze/dhi572blX0zc+6SdA==
+vite-node@0.29.3:
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/vite-node/-/vite-node-0.29.3.tgz#6f02808cc699e83c5d77455be48c43c16a3a9302"
+  integrity sha512-QYzYSA4Yt2IiduEjYbccfZQfxKp+T1Do8/HEpSX/G5WIECTFKJADwLs9c94aQH4o0A+UtCKU61lj1m5KvbxxQA==
   dependencies:
     cac "^6.7.14"
     debug "^4.3.4"
@@ -6681,29 +6740,29 @@ vite-plugin-pwa@^0.14.1:
     workbox-window "^6.5.4"
 
 "vite@^3.0.0 || ^4.0.0", vite@^4.0.4:
-  version "4.1.4"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-4.1.4.tgz#170d93bcff97e0ebc09764c053eebe130bfe6ca0"
-  integrity sha512-3knk/HsbSTKEin43zHu7jTwYWv81f8kgAL99G5NWBcA1LKvtvcVAC4JjBH1arBunO9kQka+1oGbrMKOjk4ZrBg==
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-4.2.0.tgz#d4e6eafbc034f3faf0ab376bd5b76ac15775eb99"
+  integrity sha512-AbDTyzzwuKoRtMIRLGNxhLRuv1FpRgdIw+1y6AQG73Q5+vtecmvzKo/yk8X/vrHDpETRTx01ABijqUHIzBXi0g==
   dependencies:
-    esbuild "^0.16.14"
+    esbuild "^0.17.5"
     postcss "^8.4.21"
     resolve "^1.22.1"
-    rollup "^3.10.0"
+    rollup "^3.18.0"
   optionalDependencies:
     fsevents "~2.3.2"
 
 vitest@^0.29.2:
-  version "0.29.2"
-  resolved "https://registry.yarnpkg.com/vitest/-/vitest-0.29.2.tgz#0376b547169ddefbde3fbc040b48569ec61d6179"
-  integrity sha512-ydK9IGbAvoY8wkg29DQ4ivcVviCaUi3ivuPKfZEVddMTenFHUfB8EEDXQV8+RasEk1ACFLgMUqAaDuQ/Nk+mQA==
+  version "0.29.3"
+  resolved "https://registry.yarnpkg.com/vitest/-/vitest-0.29.3.tgz#fd4503eb8acff6b500069e3633169c1abad49edb"
+  integrity sha512-muMsbXnZsrzDGiyqf/09BKQsGeUxxlyLeLK/sFFM4EXdURPQRv8y7dco32DXaRORYP0bvyN19C835dT23mL0ow==
   dependencies:
     "@types/chai" "^4.3.4"
     "@types/chai-subset" "^1.3.3"
     "@types/node" "*"
-    "@vitest/expect" "0.29.2"
-    "@vitest/runner" "0.29.2"
-    "@vitest/spy" "0.29.2"
-    "@vitest/utils" "0.29.2"
+    "@vitest/expect" "0.29.3"
+    "@vitest/runner" "0.29.3"
+    "@vitest/spy" "0.29.3"
+    "@vitest/utils" "0.29.3"
     acorn "^8.8.1"
     acorn-walk "^8.2.0"
     cac "^6.7.14"
@@ -6719,7 +6778,7 @@ vitest@^0.29.2:
     tinypool "^0.3.1"
     tinyspy "^1.0.2"
     vite "^3.0.0 || ^4.0.0"
-    vite-node "0.29.2"
+    vite-node "0.29.3"
     why-is-node-running "^2.2.2"
 
 vue-demi@*, vue-demi@^0.13.1:
@@ -6818,7 +6877,7 @@ vue-use-route-query@^1.1.0:
     async-queue-chain "^1.1.0"
     vue-demi "^0.13.1"
 
-vue@^3.2.37:
+vue@^3.2.25, vue@^3.2.37:
   version "3.2.47"
   resolved "https://registry.yarnpkg.com/vue/-/vue-3.2.47.tgz#3eb736cbc606fc87038dbba6a154707c8a34cff0"
   integrity sha512-60188y/9Dc9WVrAZeUVSDxRQOZ+z+y5nO2ts9jWXSTkMvayiWxCWOWtBQoYjLeccfXkiiPZWAHcV+WTPhkqJHQ==
@@ -6871,6 +6930,14 @@ whatwg-url@^11.0.0:
     tr46 "^3.0.0"
     webidl-conversions "^7.0.0"
 
+whatwg-url@^12.0.0, whatwg-url@^12.0.1:
+  version "12.0.1"
+  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-12.0.1.tgz#fd7bcc71192e7c3a2a97b9a8d6b094853ed8773c"
+  integrity sha512-Ed/LrqB8EPlGxjS+TrsXcpUond1mhccS3pchLhzSgPCnTimUCKj3IZE75pAs5m6heB2U2TMerKFUXheyHY+VDQ==
+  dependencies:
+    tr46 "^4.1.1"
+    webidl-conversions "^7.0.0"
+
 whatwg-url@^7.0.0:
   version "7.1.0"
   resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-7.1.0.tgz#c2c492f1eca612988efd3d2266be1b9fc6170d06"
@@ -7095,10 +7162,10 @@ wrappy@1:
   resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
   integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
 
-ws@^8.11.0:
-  version "8.12.1"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.12.1.tgz#c51e583d79140b5e42e39be48c934131942d4a8f"
-  integrity sha512-1qo+M9Ba+xNhPB+YTWUlK6M17brTut5EXbcBaMRN5pH5dFrXz7lzz1ChFSUq3bOUl8yEvSenhHmYUNJxFzdJew==
+ws@^8.11.0, ws@^8.13.0:
+  version "8.13.0"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.13.0.tgz#9a9fb92f93cf41512a0735c8f4dd09b8a1211cd0"
+  integrity sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==
 
 xml-name-validator@^4.0.0:
   version "4.0.0"
diff --git a/lib/web/endpoint.ex b/lib/web/endpoint.ex
index 5d24620f7..1f53c865e 100644
--- a/lib/web/endpoint.ex
+++ b/lib/web/endpoint.ex
@@ -48,8 +48,7 @@ defmodule Mobilizon.Web.Endpoint do
     at: "/",
     from: {:mobilizon, "priv/static"},
     gzip: false,
-    only:
-      ~w(index.html manifest.json service-worker.js css fonts img js favicon.ico robots.txt assets),
+    only: Mobilizon.Web.static_paths(),
     only_matching: ["precache-manifest"]
   )
 
diff --git a/lib/web/mobilizon_web.ex b/lib/web/mobilizon_web.ex
index 059b9eb92..2c955e952 100644
--- a/lib/web/mobilizon_web.ex
+++ b/lib/web/mobilizon_web.ex
@@ -17,12 +17,17 @@ defmodule Mobilizon.Web do
   and import those modules here.
   """
 
+  def static_paths,
+    do:
+      ~w(index.html manifest.json service-worker.js css fonts img js favicon.ico robots.txt assets)
+
   def controller do
     quote do
       use Phoenix.Controller, namespace: Mobilizon.Web
       import Plug.Conn
       import Mobilizon.Web.Gettext
       alias Mobilizon.Web.Router.Helpers, as: Routes
+      unquote(verified_routes())
     end
   end
 
@@ -40,6 +45,7 @@ defmodule Mobilizon.Web do
       import Mobilizon.Web.ErrorHelpers
       import Mobilizon.Web.Gettext
       alias Mobilizon.Web.Router.Helpers, as: Routes
+      unquote(verified_routes())
     end
   end
 
@@ -64,4 +70,13 @@ defmodule Mobilizon.Web do
   defmacro __using__(which) when is_atom(which) do
     apply(__MODULE__, which, [])
   end
+
+  def verified_routes do
+    quote do
+      use Phoenix.VerifiedRoutes,
+        endpoint: Mobilizon.Web.Endpoint,
+        router: Mobilizon.Web.Router,
+        statics: Mobilizon.Web.static_paths()
+    end
+  end
 end
diff --git a/mix.exs b/mix.exs
index 34f368afd..499ce41c7 100644
--- a/mix.exs
+++ b/mix.exs
@@ -128,12 +128,13 @@ defmodule Mobilizon.Mixfile do
   # Type `mix help deps` for examples and options.
   defp deps do
     [
-      {:phoenix, "~> 1.6.0"},
+      {:phoenix, "~> 1.7.0"},
       {:phoenix_pubsub, "~> 2.0"},
       {:phoenix_ecto, "~> 4.0"},
       {:postgrex, ">= 0.15.3"},
       {:phoenix_html, "~> 3.0"},
-      {:phoenix_live_view, "~> 0.18.0"},
+      {:phoenix_live_view, "~> 0.18.3"},
+      {:phoenix_view, "~> 2.0"},
       {:gettext, "~> 0.20.0"},
       {:cowboy, "~> 2.6"},
       {:guardian, "~> 2.0"},
@@ -176,7 +177,7 @@ defmodule Mobilizon.Mixfile do
       {:floki, "~> 0.31"},
       {:ip_reserved, "~> 0.1.0"},
       {:fast_sanitize, "~> 0.1"},
-      {:ueberauth, "~> 0.9", override: true},
+      {:ueberauth, "~> 0.10", override: true},
       {:ueberauth_twitter, "~> 0.4"},
       {:ueberauth_discord, "~> 0.7"},
       {:ueberauth_github, "~> 0.8.1"},
@@ -213,7 +214,7 @@ defmodule Mobilizon.Mixfile do
       # Dev and test dependencies
       {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
       {:ex_machina, "~> 2.3", only: [:dev, :test]},
-      {:excoveralls, "~> 0.15.0", only: :test},
+      {:excoveralls, "~> 0.16.0", only: :test},
       {:ex_doc, "~> 0.25", only: [:dev, :test], runtime: false},
       {:mix_test_watch, "~> 1.0", only: :dev, runtime: false},
       {:ex_unit_notifier, "~> 1.0", only: :test},
diff --git a/mix.lock b/mix.lock
index 9fa872a7e..06a5a101e 100644
--- a/mix.lock
+++ b/mix.lock
@@ -1,14 +1,14 @@
 %{
-  "absinthe": {:hex, :absinthe, "1.7.0", "36819e7b1fd5046c9c734f27fe7e564aed3bda59f0354c37cd2df88fd32dd014", [:mix], [{:dataloader, "~> 1.0.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 0.5 or ~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "566a5b5519afc9b29c4d367f0c6768162de3ec03e9bf9916f9dc2bcbe7c09643"},
+  "absinthe": {:hex, :absinthe, "1.7.1", "aca6f64994f0914628429ddbdfbf24212747b51780dae189dd98909da911757b", [:mix], [{:dataloader, "~> 1.0.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c0c4dbd93881fa3bfbad255608234b104b877c2a901850c1fe8c53b408a72a57"},
   "absinthe_phoenix": {:hex, :absinthe_phoenix, "2.0.2", "e607b438db900049b9b3760f8ecd0591017a46122fffed7057bf6989020992b5", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.5", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.5", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.13 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}], "hexpm", "d36918925c380dc7d2ed7d039c9a3b4182ec36723f7417a68745ade5aab22f8d"},
   "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"},
   "argon2_elixir": {:hex, :argon2_elixir, "3.0.0", "fd4405f593e77b525a5c667282172dd32772d7c4fa58cdecdaae79d2713b6c5f", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "8b753b270af557d51ba13fcdebc0f0ab27a2a6792df72fd5a6cf9cfaffcedc57"},
   "atomex": {:hex, :atomex, "0.5.1", "706a8241fd6d1719b27a77b6d1192d2f85e6ecc78e6eadab29207d8cb9bb7ae5", [:mix], [{:xml_builder, "~> 2.1", [hex: :xml_builder, repo: "hexpm", optional: false]}], "hexpm", "6248891b5fcab8503982e090eedeeadb757a6311c2ef2e2998b874f7d319ab3f"},
   "bunt": {:hex, :bunt, "0.2.1", "e2d4792f7bc0ced7583ab54922808919518d0e57ee162901a16a1b6664ef3b14", [:mix], [], "hexpm", "a330bfb4245239787b15005e66ae6845c9cd524a288f0d141c148b02603777a5"},
-  "cachex": {:hex, :cachex, "3.5.0", "f715390a9e93125980187dcd7c4036ece92d273fbd9ec009a8ffa480abdc51f8", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:jumper, "~> 1.0", [hex: :jumper, repo: "hexpm", optional: false]}, {:sleeplocks, "~> 1.1", [hex: :sleeplocks, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm", "fac2ebfa200dd9ffba08cdcef404426ccadfcb92281ca34f810535712d02b049"},
+  "cachex": {:hex, :cachex, "3.6.0", "14a1bfbeee060dd9bec25a5b6f4e4691e3670ebda28c8ba2884b12fe30b36bf8", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:jumper, "~> 1.0", [hex: :jumper, repo: "hexpm", optional: false]}, {:sleeplocks, "~> 1.1", [hex: :sleeplocks, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm", "ebf24e373883bc8e0c8d894a63bbe102ae13d918f790121f5cfe6e485cc8e2e2"},
   "castore": {:hex, :castore, "0.1.22", "4127549e411bedd012ca3a308dede574f43819fe9394254ca55ab4895abfa1a2", [:mix], [], "hexpm", "c17576df47eb5aa1ee40cc4134316a99f5cad3e215d5c77b8dd3cfef12a22cac"},
   "certifi": {:hex, :certifi, "2.9.0", "6f2a475689dd47f19fb74334859d460a2dc4e3252a3324bd2111b8f0429e7e21", [:rebar3], [], "hexpm", "266da46bdb06d6c6d35fde799bcb28d36d985d424ad7c08b5bb48f5b5cdd4641"},
-  "cldr_utils": {:hex, :cldr_utils, "2.19.2", "f4b70c807d165ac6cd1bf26d0acaf99681ca029a660d9a996bd7ea87c7d0c05b", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:certifi, "~> 2.5", [hex: :certifi, repo: "hexpm", optional: true]}, {:decimal, "~> 1.9 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "2ba5896faffd0c07bc8b284cb2f06d28d4988b85de72c51e933aeaccec5d998b"},
+  "cldr_utils": {:hex, :cldr_utils, "2.21.0", "1bdbb8de3870ab4831f11f877b40cce838a03bf7da272430c232c19726d53f14", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:certifi, "~> 2.5", [hex: :certifi, repo: "hexpm", optional: true]}, {:decimal, "~> 1.9 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "26f56101663f5aca4e727e0eb983b578ba5b170e2f12e8456df9995809a7a93b"},
   "codepagex": {:hex, :codepagex, "0.1.6", "49110d09a25ee336a983281a48ef883da4c6190481e0b063afe2db481af6117e", [:mix], [], "hexpm", "1521461097dde281edf084062f525a4edc6a5e49f4fd1f5ec41c9c4955d5bd59"},
   "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
   "comeonin": {:hex, :comeonin, "5.3.3", "2c564dac95a35650e9b6acfe6d2952083d8a08e4a89b93a481acb552b325892e", [:mix], [], "hexpm", "3e38c9c2cb080828116597ca8807bb482618a315bfafd98c90bc22a821cc84df"},
@@ -18,38 +18,38 @@
   "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"},
   "cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"},
   "credo": {:hex, :credo, "1.6.7", "323f5734350fd23a456f2688b9430e7d517afb313fbd38671b8a4449798a7854", [:mix], [{:bunt, "~> 0.2.1", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2.8", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "41e110bfb007f7eda7f897c10bf019ceab9a0b269ce79f015d54b0dcf4fc7dd3"},
-  "dataloader": {:hex, :dataloader, "1.0.10", "a42f07641b1a0572e0b21a2a5ae1be11da486a6790f3d0d14512d96ff3e3bbe9", [:mix], [{:ecto, ">= 3.4.3 and < 4.0.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "54cd70cec09addf4b2ace14cc186a283a149fd4d3ec5475b155951bf33cd963f"},
+  "dataloader": {:hex, :dataloader, "1.0.10", "a42f07641b1a0572e0b21a2a5ae1be11da486a6790f3d0d14512d96ff3e3bbe9", [:mix], [{:ecto, ">= 3.4.3 and < 4.0.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "54cd70cec09addf4b2ace14cc186a283a149fd4d3ec5475b155951bf33cd963f"},
   "db_connection": {:hex, :db_connection, "2.4.3", "3b9aac9f27347ec65b271847e6baeb4443d8474289bd18c1d6f4de655b70c94d", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c127c15b0fa6cfb32eed07465e05da6c815b032508d4ed7c116122871df73c12"},
   "decimal": {:hex, :decimal, "2.0.0", "a78296e617b0f5dd4c6caf57c714431347912ffb1d0842e998e9792b5642d697", [:mix], [], "hexpm", "34666e9c55dea81013e77d9d87370fe6cb6291d1ef32f46a1600230b1d44f577"},
   "dialyxir": {:hex, :dialyxir, "1.2.0", "58344b3e87c2e7095304c81a9ae65cb68b613e28340690dfe1a5597fd08dec37", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "61072136427a851674cab81762be4dbeae7679f85b1272b6d25c3a839aff8463"},
   "digital_token": {:hex, :digital_token, "0.4.0", "2ad6894d4a40be8b2890aad286ecd5745fa473fa5699d80361a8c94428edcd1f", [:mix], [{:cldr_utils, "~> 2.17", [hex: :cldr_utils, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "a178edf61d1fee5bb3c34e14b0f4ee21809ee87cade8738f87337e59e5e66e26"},
   "doctor": {:hex, :doctor, "0.21.0", "20ef89355c67778e206225fe74913e96141c4d001cb04efdeba1a2a9704f1ab5", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "a227831daa79784eb24cdeedfa403c46a4cb7d0eab0e31232ec654314447e4e0"},
-  "earmark_parser": {:hex, :earmark_parser, "1.4.29", "149d50dcb3a93d9f3d6f3ecf18c918fb5a2d3c001b5d3305c926cddfbd33355b", [:mix], [], "hexpm", "4902af1b3eb139016aed210888748db8070b8125c2342ce3dcae4f38dcc63503"},
+  "earmark_parser": {:hex, :earmark_parser, "1.4.31", "a93921cdc6b9b869f519213d5bc79d9e218ba768d7270d46fdcf1c01bacff9e2", [:mix], [], "hexpm", "317d367ee0335ef037a87e46c91a2269fef6306413f731e8ec11fc45a7efd059"},
   "eblurhash": {:hex, :eblurhash, "1.2.2", "7da4255aaea984b31bb71155f673257353b0e0554d0d30dcf859547e74602582", [:rebar3], [], "hexpm", "8c20ca00904de023a835a9dcb7b7762fed32264c85a80c3cafa85288e405044c"},
   "ecto": {:hex, :ecto, "3.9.4", "3ee68e25dbe0c36f980f1ba5dd41ee0d3eb0873bccae8aeaf1a2647242bffa35", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "de5f988c142a3aa4ec18b85a4ec34a2390b65b24f02385c1144252ff6ff8ee75"},
   "ecto_autoslug_field": {:hex, :ecto_autoslug_field, "3.0.0", "37fbc2f07e6691136afff246f2cf5b159ad395b665a55d06db918975fd2397db", [:mix], [{:ecto, ">= 3.7.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:slugger, ">= 0.3.0", [hex: :slugger, repo: "hexpm", optional: false]}], "hexpm", "8ec252c7cf85f13132062f56a484d6a0ef1f981f7be9ce4ad7e9546dd8c0cc0f"},
-  "ecto_dev_logger": {:hex, :ecto_dev_logger, "0.8.0", "eddec531543ec60106b157b39a6df16fa00a9dc033cbc4237055aaf0170579d3", [:mix], [{:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "1792fc589285d638f7e36138d2d75dc5fc32ebc8e4012e1e546d5ec951ec78e1"},
+  "ecto_dev_logger": {:hex, :ecto_dev_logger, "0.9.0", "cb631469ac1940e97655d6fce85905b792ac9250ab18b19c664978b79f8dad59", [:mix], [{:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "2e8bc98b4ae4fcc7108896eef7da5a109afad829f4fb2eb46d677fdc9101c2d5"},
   "ecto_enum": {:hex, :ecto_enum, "1.4.0", "d14b00e04b974afc69c251632d1e49594d899067ee2b376277efd8233027aec8", [:mix], [{:ecto, ">= 3.0.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "> 3.0.0", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:mariaex, ">= 0.0.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "8fb55c087181c2b15eee406519dc22578fa60dd82c088be376d0010172764ee4"},
   "ecto_shortuuid": {:hex, :ecto_shortuuid, "0.1.3", "d36aede64edf256e4b769be2ad15a8ad5d9d1ff8ad46befe39e8cb4489abcd05", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:shortuuid, "~> 2.1.1", [hex: :shortuuid, repo: "hexpm", optional: false]}], "hexpm", "d215c8ced7125265de94d55abc696125942caef33439cf281fafded9744a4294"},
-  "ecto_sql": {:hex, :ecto_sql, "3.9.2", "34227501abe92dba10d9c3495ab6770e75e79b836d114c41108a4bf2ce200ad5", [:mix], [{:db_connection, "~> 2.5 or ~> 2.4.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "1eb5eeb4358fdbcd42eac11c1fbd87e3affd7904e639d77903c1358b2abd3f70"},
+  "ecto_sql": {:hex, :ecto_sql, "3.9.2", "34227501abe92dba10d9c3495ab6770e75e79b836d114c41108a4bf2ce200ad5", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "1eb5eeb4358fdbcd42eac11c1fbd87e3affd7904e639d77903c1358b2abd3f70"},
   "elixir_feed_parser": {:hex, :elixir_feed_parser, "2.1.0", "bb96fb6422158dc7ad59de62ef211cc69d264acbbe63941a64a5dce97bbbc2e6", [:mix], [{:timex, "~> 3.4", [hex: :timex, repo: "hexpm", optional: false]}], "hexpm", "2d3c62fe7b396ee3b73d7160bc8fadbd78bfe9597c98c7d79b3f1038d9cba28f"},
-  "elixir_make": {:hex, :elixir_make, "0.7.3", "c37fdae1b52d2cc51069713a58c2314877c1ad40800a57efb213f77b078a460d", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "24ada3e3996adbed1fa024ca14995ef2ba3d0d17b678b0f3f2b1f66e6ce2b274"},
+  "elixir_make": {:hex, :elixir_make, "0.7.5", "784cc00f5fa24239067cc04d449437dcc5f59353c44eb08f188b2b146568738a", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "c3d63e8d5c92fa3880d89ecd41de59473fa2e83eeb68148155e25e8b95aa2887"},
   "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},
   "erlport": {:git, "https://github.com/tcitworld/erlport.git", "04bcfd732fa458735001328b44e8b3a1764316a5", [branch: "0.10.1-compat"]},
   "eternal": {:hex, :eternal, "1.2.2", "d1641c86368de99375b98d183042dd6c2b234262b8d08dfd72b9eeaafc2a1abd", [:mix], [], "hexpm", "2c9fe32b9c3726703ba5e1d43a1d255a4f3f2d8f8f9bc19f094c7cb1a7a9e782"},
-  "ex_cldr": {:hex, :ex_cldr, "2.34.1", "b4e32d9fb4f7d49211faa45e8a871afff5c5eb3c2f0763b5dd49e3c7df16a0dd", [:mix], [{:cldr_utils, "~> 2.19", [hex: :cldr_utils, repo: "hexpm", optional: false]}, {:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:gettext, "~> 0.19", [hex: :gettext, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 0.5 or ~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: true]}], "hexpm", "bd635b9e76271baa5db67a7c224be485f31cea8f7c05d6b0daeefa9d04cf76c0"},
+  "ex_cldr": {:hex, :ex_cldr, "2.36.0", "ccd7c61c4126aa42d3cd9d93097642930f1b8a10c9c8351fc58bb2c627bad839", [:mix], [{:cldr_utils, "~> 2.21", [hex: :cldr_utils, repo: "hexpm", optional: false]}, {:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:gettext, "~> 0.19", [hex: :gettext, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 0.5 or ~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: true]}], "hexpm", "5a56c66cd61ebde42277baa828cd1587959b781ac7e2aee135328a78a4de3fe9"},
   "ex_cldr_calendars": {:hex, :ex_cldr_calendars, "1.21.0", "5f3c71a145926cfa7f8691aa3566921957543f635ec345e52282c613e8985ba8", [:mix], [{:calendar_interval, "~> 0.2", [hex: :calendar_interval, repo: "hexpm", optional: true]}, {:ex_cldr_lists, "~> 2.10", [hex: :ex_cldr_lists, repo: "hexpm", optional: true]}, {:ex_cldr_numbers, "~> 2.25", [hex: :ex_cldr_numbers, repo: "hexpm", optional: false]}, {:ex_cldr_units, "~> 3.12", [hex: :ex_cldr_units, repo: "hexpm", optional: true]}, {:ex_doc, "~> 0.21", [hex: :ex_doc, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "8ce8737b70f9c36828324995f96464a1a4c87cf2f76e5868e20662ca31c4098f"},
-  "ex_cldr_currencies": {:hex, :ex_cldr_currencies, "2.14.2", "354b48134faa011d58ae2e89be69b7de607d81fcc74c7ac684c5fb77b20186f5", [:mix], [{:ex_cldr, "~> 2.27", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "c970533103cdc97b1dedc2fead2209c0f5ae0aee0f1e504fdea5be5ee1466cd1"},
-  "ex_cldr_dates_times": {:hex, :ex_cldr_dates_times, "2.13.1", "bab1284590528b410a8d2488673642f3e3d84c1fa3fa3fbe91569ac4a5016e43", [:mix], [{:calendar_interval, "~> 0.2", [hex: :calendar_interval, repo: "hexpm", optional: true]}, {:ex_cldr_calendars, "~> 1.18", [hex: :ex_cldr_calendars, repo: "hexpm", optional: false]}, {:ex_cldr_numbers, "~> 2.28", [hex: :ex_cldr_numbers, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "b3d49035642c6ab7ed8f0f565524cd10d3b25dc57df3edd8ceba5e5c2caa730c"},
+  "ex_cldr_currencies": {:hex, :ex_cldr_currencies, "2.15.0", "aadd34e91cfac7ef6b03fe8f47f8c6fa8c5daf3f89b5d9fee64ec545ded839cf", [:mix], [{:ex_cldr, "~> 2.34", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "0521316396c66877a2d636219767560bb2397c583341fcb154ecf9f3000e6ff8"},
+  "ex_cldr_dates_times": {:hex, :ex_cldr_dates_times, "2.13.3", "bd01c75f017b3a024d0d4c189f2ee0573c15023e98ae16759228a7b57f9414bc", [:mix], [{:calendar_interval, "~> 0.2", [hex: :calendar_interval, repo: "hexpm", optional: true]}, {:ex_cldr, "~> 2.36", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:ex_cldr_calendars, "~> 1.18", [hex: :ex_cldr_calendars, repo: "hexpm", optional: false]}, {:ex_cldr_numbers, "~> 2.28", [hex: :ex_cldr_numbers, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "f5b2216189bd9118bb2e5c1abd48f95f48b2eac954fe0e53370806d23b1641ac"},
   "ex_cldr_languages": {:hex, :ex_cldr_languages, "0.3.3", "9787002803552b15a7ade19496c9e46fc921baca992ea80d0394e11fe3acea45", [:mix], [{:ex_cldr, "~> 2.25", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "22fb1fef72b7b4b4872d243b34e7b83734247a78ad87377986bf719089cc447a"},
-  "ex_cldr_numbers": {:hex, :ex_cldr_numbers, "2.29.0", "ce20899a734ac33cf088c57685035ca1626d5564f50e0ac4d3da24202b112d5a", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:digital_token, "~> 0.3 or ~> 1.0", [hex: :digital_token, repo: "hexpm", optional: false]}, {:ex_cldr, "~> 2.34", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:ex_cldr_currencies, ">= 2.14.2", [hex: :ex_cldr_currencies, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "134e5e82d3894f0e06f096124c24f4ef1f54f1874c35714d52aa7d370a25c306"},
-  "ex_cldr_plugs": {:hex, :ex_cldr_plugs, "1.2.0", "e02cc03a4cb19bb028c331680cf09f826b4180f1545f8c35825fb5d4b918ac8a", [:mix], [{:ex_cldr, "~> 2.29", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:gettext, "~> 0.19", [hex: :gettext, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "e111249ed7a7e2ef6322c93ff2d1c930d9e296dc8181351ff6c6a1be50b1cf8e"},
-  "ex_doc": {:hex, :ex_doc, "0.29.1", "b1c652fa5f92ee9cf15c75271168027f92039b3877094290a75abcaac82a9f77", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "b7745fa6374a36daf484e2a2012274950e084815b936b1319aeebcf7809574f6"},
+  "ex_cldr_numbers": {:hex, :ex_cldr_numbers, "2.30.0", "55bc321a31c3d928c2bd0c31586ef8b848a7fae744315a1ef1a0fcc741ced8fc", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:digital_token, "~> 0.3 or ~> 1.0", [hex: :digital_token, repo: "hexpm", optional: false]}, {:ex_cldr, "~> 2.35", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:ex_cldr_currencies, ">= 2.14.2", [hex: :ex_cldr_currencies, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ca2bfab9cadf7afb0474124ddb1d1b71307ddd8b2032aa6e345d4e9db9c304c8"},
+  "ex_cldr_plugs": {:hex, :ex_cldr_plugs, "1.2.1", "fa8339e0be9be6296edfcacafc1ecddda80c88b33ef689c77f757e48b7e4b935", [:mix], [{:ex_cldr, "~> 2.29", [hex: :ex_cldr, repo: "hexpm", optional: false]}, {:gettext, "~> 0.19", [hex: :gettext, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c99fa57e265e1746262d09f2f6612164c9706b612a546854f75122c7c14c72c9"},
+  "ex_doc": {:hex, :ex_doc, "0.29.3", "f07444bcafb302db86e4f02d8bbcd82f2e881a0dcf4f3e4740e4b8128b9353f7", [:mix], [{:earmark_parser, "~> 1.4.31", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "3dc6787d7b08801ec3b51e9bd26be5e8826fbf1a17e92d1ebc252e1a1c75bfe1"},
   "ex_ical": {:hex, :ex_ical, "0.2.0", "4b928b554614704016cc0c9ee226eb854da9327a1cc460457621ceacb1ac29a6", [:mix], [{:timex, "~> 3.1", [hex: :timex, repo: "hexpm", optional: false]}], "hexpm", "db76473b2ae0259e6633c6c479a5a4d8603f09497f55c88f9ef4d53d2b75befb"},
   "ex_machina": {:hex, :ex_machina, "2.7.0", "b792cc3127fd0680fecdb6299235b4727a4944a09ff0fa904cc639272cd92dc7", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "419aa7a39bde11894c87a615c4ecaa52d8f107bbdd81d810465186f783245bf8"},
   "ex_optimizer": {:hex, :ex_optimizer, "0.1.1", "62da37e206fc2233ff7a4e54e40eae365c40f96c81992fcd15b782eb25169b80", [:mix], [{:file_info, "~> 0.0.4", [hex: :file_info, repo: "hexpm", optional: false]}], "hexpm", "e6f5c059bcd58b66be2f6f257fdc4f69b74b0fa5c9ddd669486af012e4b52286"},
   "ex_unit_notifier": {:hex, :ex_unit_notifier, "1.2.0", "73ced2ecee0f2da0705e372c21ce61e4e5d927ddb797f73928e52818b9cc1754", [:mix], [], "hexpm", "f38044c9d50de68ad7f0aec4d781a10d9f1c92c62b36bf0227ec0aaa96aee332"},
-  "excoveralls": {:hex, :excoveralls, "0.15.3", "54bb54043e1cf5fe431eb3db36b25e8fd62cf3976666bafe491e3fa5e29eba47", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "f8eb5d8134d84c327685f7bb8f1db4147f1363c3c9533928234e496e3070114e"},
+  "excoveralls": {:hex, :excoveralls, "0.16.0", "41f4cfbf7caaa3bc2cf411db6f89c1f53afedf0f1fe8debac918be1afa19c668", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "401205356482ab99fb44d9812cd14dd83b65de8e7ae454697f8b34ba02ecd916"},
   "exgravatar": {:hex, :exgravatar, "2.0.3", "2349709832ee535f826f48db98cddd294ae62b01acb44d539a16419bd8ebc3e5", [:mix], [], "hexpm", "aca18ff9bd8991d3be3e5446d3bdefc051be084c1ffc9ab2d43b3e65339300e1"},
   "exkismet": {:git, "https://github.com/tcitworld/exkismet.git", "8b5485fde00fafbde20f315bec387a77f7358334", []},
   "expo": {:hex, :expo, "0.1.0", "d4e932bdad052c374118e312e35280f1919ac13881cb3ac07a209a54d0c81dd8", [:mix], [], "hexpm", "c22c536021c56de058aaeedeabb4744eb5d48137bacf8c29f04d25b6c6bbbf45"},
@@ -58,7 +58,7 @@
   "fast_sanitize": {:hex, :fast_sanitize, "0.2.3", "67b93dfb34e302bef49fec3aaab74951e0f0602fd9fa99085987af05bd91c7a5", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "e8ad286d10d0386e15d67d0ee125245ebcfbc7d7290b08712ba9013c8c5e56e2"},
   "file_info": {:hex, :file_info, "0.0.4", "2e0e77f211e833f38ead22cb29ce53761d457d80b3ffe0ffe0eb93880b0963b2", [:mix], [{:mimetype_parser, "~> 0.1.2", [hex: :mimetype_parser, repo: "hexpm", optional: false]}], "hexpm", "50e7ad01c2c8b9339010675fe4dc4a113b8d6ca7eddce24d1d74fd0e762781a5"},
   "file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"},
-  "floki": {:hex, :floki, "0.34.0", "002d0cc194b48794d74711731db004fafeb328fe676976f160685262d43706a8", [:mix], [], "hexpm", "9c3a9f43f40dde00332a589bd9d389b90c1f518aef500364d00636acc5ebc99c"},
+  "floki": {:hex, :floki, "0.34.2", "5fad07ef153b3b8ec110b6b155ec3780c4b2c4906297d0b4be1a7162d04a7e02", [:mix], [], "hexpm", "26b9d50f0f01796bc6be611ca815c5e0de034d2128e39cc9702eee6b66a4d1c8"},
   "gen_smtp": {:hex, :gen_smtp, "1.2.0", "9cfc75c72a8821588b9b9fe947ae5ab2aed95a052b81237e0928633a13276fd3", [:rebar3], [{:ranch, ">= 1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "5ee0375680bca8f20c4d85f58c2894441443a743355430ff33a783fe03296779"},
   "geo": {:hex, :geo, "3.4.3", "0ddf3f681993d32c397e5ef346e7b4b6f36f39ed138502429832fa4000ebb9d5", [:mix], [{:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "e23f2892e5437ec8b063cee1beccec89c58fd841ae11133304700235feb25552"},
   "geo_postgis": {:hex, :geo_postgis, "3.4.2", "5a3462b2a2271d6949ba355ceed0212dc89ecfd6d0073ff1dd8fd53de78af867", [:mix], [{:geo, "~> 3.4", [hex: :geo, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0 or ~> 4.0", [hex: :poison, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "48d8c9f97f03805546db19217c42a57e972a3eb69fabaa3d11740285d25aaad4"},
@@ -69,20 +69,20 @@
   "guardian": {:hex, :guardian, "2.3.1", "2b2d78dc399a7df182d739ddc0e566d88723299bfac20be36255e2d052fd215d", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "bbe241f9ca1b09fad916ad42d6049d2600bbc688aba5b3c4a6c82592a54274c3"},
   "guardian_db": {:hex, :guardian_db, "2.1.0", "ec95a9d99cdd1e550555d09a7bb4a340d8887aad0697f594590c2fd74be02426", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:guardian, "~> 1.0 or ~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "f8e7d543ac92c395f3a7fd5acbe6829faeade57d688f7562e2f0fca8f94a0d70"},
   "guardian_phoenix": {:hex, :guardian_phoenix, "2.0.1", "89a817265af09a6ddf7cb1e77f17ffca90cea2db10ff888375ef34502b2731b1", [:mix], [{:guardian, "~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.3", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "21f439246715192b231f228680465d1ed5fbdf01555a4a3b17165532f5f9a08c"},
-  "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~>2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~>6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~>1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~>1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
+  "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~> 2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
   "haversine": {:hex, :haversine, "0.1.0", "14240e90dae07c9459f538d12a811492f655d95fc68f999403503b4f6c4ec522", [:mix], [], "hexpm", "54dc48e895bc18a59437a37026c873634e17b648a64cb87bfafb96f64d607060"},
   "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},
   "http_signatures": {:hex, :http_signatures, "0.1.1", "ca7ebc1b61542b163644c8c3b1f0e0f41037d35f2395940d3c6c7deceab41fd8", [:mix], [], "hexpm", "cc3b8a007322cc7b624c0c15eec49ee58ac977254ff529a3c482f681465942a3"},
   "httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
   "icalendar": {:git, "https://github.com/tcitworld/icalendar.git", "1033d922c82a7223db0ec138e2316557b70ff49f", []},
-  "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
+  "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
   "inet_cidr": {:hex, :inet_cidr, "1.0.4", "a05744ab7c221ca8e395c926c3919a821eb512e8f36547c062f62c4ca0cf3d6e", [:mix], [], "hexpm", "64a2d30189704ae41ca7dbdd587f5291db5d1dda1414e0774c29ffc81088c1bc"},
   "ip_reserved": {:hex, :ip_reserved, "0.1.1", "e5112d71f1abf05207f82fd9597d369a5fde1e0b6d1bbe77c02a99bb26ecdc33", [:mix], [{:inet_cidr, "~> 1.0.0", [hex: :inet_cidr, repo: "hexpm", optional: false]}], "hexpm", "55fcd2b6e211caef09ea3f54ef37d43030bec486325d12fe865ab5ed8140a4fe"},
   "jason": {:hex, :jason, "1.4.0", "e855647bc964a44e2f67df589ccf49105ae039d4179db7f6271dfd3843dc27e6", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "79a3791085b2a0f743ca04cec0f7be26443738779d09302e01318f97bdb82121"},
   "jose": {:hex, :jose, "1.11.5", "3bc2d75ffa5e2c941ca93e5696b54978323191988eb8d225c2e663ddfefd515e", [:mix, :rebar3], [], "hexpm", "dcd3b215bafe02ea7c5b23dafd3eb8062a5cd8f2d904fd9caa323d37034ab384"},
   "jumper": {:hex, :jumper, "1.0.1", "3c00542ef1a83532b72269fab9f0f0c82bf23a35e27d278bfd9ed0865cecabff", [:mix], [], "hexpm", "318c59078ac220e966d27af3646026db9b5a5e6703cb2aa3e26bcfaba65b7433"},
   "junit_formatter": {:hex, :junit_formatter, "3.3.1", "c729befb848f1b9571f317d2fefa648e9d4869befc4b2980daca7c1edc468e40", [:mix], [], "hexpm", "761fc5be4b4c15d8ba91a6dafde0b2c2ae6db9da7b8832a55b5a1deb524da72b"},
-  "linkify": {:hex, :linkify, "0.5.2", "fb66be139fdf1656ecb31f78a93592724d1b78d960a1b3598bd661013ea0e3c7", [:mix], [], "hexpm", "8d71ac690218d8952c90cbeb63cb8cc33738bb230d8a56d487d9447f2a5eab86"},
+  "linkify": {:hex, :linkify, "0.5.3", "5f8143d8f61f5ff08d3aeeff47ef6509492b4948d8f08007fbf66e4d2246a7f2", [:mix], [], "hexpm", "3ef35a1377d47c25506e07c1c005ea9d38d700699d92ee92825f024434258177"},
   "makeup": {:hex, :makeup, "1.1.0", "6b67c8bc2882a6b6a445859952a602afc1a41c2e08379ca057c0f525366fc3ca", [:mix], [{:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "0a45ed501f4a8897f580eabf99a2e5234ea3e75a4373c8a52824f6e873be57a6"},
   "makeup_elixir": {:hex, :makeup_elixir, "0.16.0", "f8c570a0d33f8039513fbccaf7108c5d750f47d8defd44088371191b76492b0b", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "28b2cbdc13960a46ae9a8858c4bebdec3c9a6d7b4b9e7f4ed1502f8159f338e7"},
   "makeup_erlang": {:hex, :makeup_erlang, "0.1.1", "3fcb7f09eb9d98dc4d208f49cc955a34218fc41ff6b84df7c75b3e6e533cc65f", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "174d0809e98a4ef0b3309256cbf97101c6ec01c4ab0b23e926a9e17df2077cbb"},
@@ -101,21 +101,21 @@
   "nimble_pool": {:hex, :nimble_pool, "0.2.6", "91f2f4c357da4c4a0a548286c84a3a28004f68f05609b4534526871a22053cde", [:mix], [], "hexpm", "1c715055095d3f2705c4e236c18b618420a35490da94149ff8b580a2144f653f"},
   "oauth2": {:hex, :oauth2, "2.1.0", "beb657f393814a3a7a8a15bd5e5776ecae341fd344df425342a3b6f1904c2989", [:mix], [{:tesla, "~> 1.5", [hex: :tesla, repo: "hexpm", optional: false]}], "hexpm", "8ac07f85b3307dd1acfeb0ec852f64161b22f57d0ce0c15e616a1dfc8ebe2b41"},
   "oauther": {:hex, :oauther, "1.3.0", "82b399607f0ca9d01c640438b34d74ebd9e4acd716508f868e864537ecdb1f76", [:mix], [], "hexpm", "78eb888ea875c72ca27b0864a6f550bc6ee84f2eeca37b093d3d833fbcaec04e"},
-  "oban": {:hex, :oban, "2.14.1", "99e28a814ca9faa759cd3f88d9adc56eb5dd0b8d4a5dabb8d2e989cb57c86f52", [:mix], [{:ecto_sql, "~> 3.6", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:ecto_sqlite3, "~> 0.9", [hex: :ecto_sqlite3, repo: "hexpm", optional: true]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.16", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "6c368b5face9b1e96ba42a1d39710c5193f4b38b62c8aeb651e37897aa3feecd"},
+  "oban": {:hex, :oban, "2.14.2", "ae925d9a33e110addaa59ff7ec1b2fd84270ac7eb00fbb4b4a179d74c407bba3", [:mix], [{:ecto_sql, "~> 3.6", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:ecto_sqlite3, "~> 0.9", [hex: :ecto_sqlite3, repo: "hexpm", optional: true]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.16", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "32bf30127c8c44ac42f05f229a50fadc2177b3e799c29499f5daf90d5e5b5d3c"},
   "paasaa": {:hex, :paasaa, "0.6.0", "07c8ed81010caa25db351d474f0c053072c809821c60f9646f7b1547bec52f6d", [:mix], [], "hexpm", "732ddfc21bac0831edb26aec468af3ec2b8997d74f6209810b1cc53199c29f2e"},
   "parse_trans": {:hex, :parse_trans, "3.3.1", "16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8", [:rebar3], [], "hexpm", "07cd9577885f56362d414e8c4c4e6bdf10d43a8767abb92d24cbe8b24c54888b"},
-  "phoenix": {:hex, :phoenix, "1.6.15", "0a1d96bbc10747fd83525370d691953cdb6f3ccbac61aa01b4acb012474b047d", [:mix], [{:castore, ">= 0.0.0", [hex: :castore, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 1.0 or ~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "d70ab9fbf6b394755ea88b644d34d79d8b146e490973151f248cacd122d20672"},
+  "phoenix": {:hex, :phoenix, "1.7.1", "a029bde19d9c3b559e5c3d06c78b76e81396bedd456a6acedb42f9c7b2e535a9", [:mix], [{:castore, ">= 0.0.0", [hex: :castore, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: true]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.6", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}, {:websock_adapter, "~> 0.4", [hex: :websock_adapter, repo: "hexpm", optional: false]}], "hexpm", "ea9d4a85c3592e37efa07d0dc013254fda445885facaefddcbf646375c116457"},
   "phoenix_ecto": {:hex, :phoenix_ecto, "4.4.0", "0672ed4e4808b3fbed494dded89958e22fb882de47a97634c0b13e7b0b5f7720", [:mix], [{:ecto, "~> 3.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "09864e558ed31ee00bd48fcc1d4fc58ae9678c9e81649075431e69dbabb43cc1"},
-  "phoenix_html": {:hex, :phoenix_html, "3.2.0", "1c1219d4b6cb22ac72f12f73dc5fad6c7563104d083f711c3fcd8551a1f4ae11", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "36ec97ba56d25c0136ef1992c37957e4246b649d620958a1f9fa86165f8bc54f"},
+  "phoenix_html": {:hex, :phoenix_html, "3.3.1", "4788757e804a30baac6b3fc9695bf5562465dd3f1da8eb8460ad5b404d9a2178", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "bed1906edd4906a15fd7b412b85b05e521e1f67c9a85418c55999277e553d0d3"},
   "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.4.1", "2aff698f5e47369decde4357ba91fc9c37c6487a512b41732818f2204a8ef1d3", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "9bffb834e7ddf08467fe54ae58b5785507aaba6255568ae22b4d46e2bb3615ab"},
-  "phoenix_live_view": {:hex, :phoenix_live_view, "0.18.11", "c50eac83dae6b5488859180422dfb27b2c609de87f4aa5b9c926ecd0501cd44f", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.6.15 or ~> 1.7.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 3.1", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "76c99a0ffb47cd95bf06a917e74f282a603f3e77b00375f3c2dd95110971b102"},
+  "phoenix_live_view": {:hex, :phoenix_live_view, "0.18.18", "1f38fbd7c363723f19aad1a04b5490ff3a178e37daaf6999594d5f34796c47fc", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.6.15 or ~> 1.7.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 3.3", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "a5810d0472f3189ede6d2a95bda7f31c6113156b91784a3426cb0ab6a6d85214"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.1.1", "ba04e489ef03763bf28a17eb2eaddc2c20c6d217e2150a61e3298b0f4c2012b5", [:mix], [], "hexpm", "81367c6d1eea5878ad726be80808eb5a787a23dee699f96e72b1109c57cdd8d9"},
-  "phoenix_swoosh": {:hex, :phoenix_swoosh, "1.1.0", "f8e4780705c9f254cc853f7a40e25f7198ba4d91102bcfad2226669b69766b35", [:mix], [{:finch, "~> 0.8", [hex: :finch, repo: "hexpm", optional: true]}, {:hackney, "~> 1.10", [hex: :hackney, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.6", [hex: :phoenix, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_view, "~> 1.0 or ~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:swoosh, "~> 1.5", [hex: :swoosh, repo: "hexpm", optional: false]}], "hexpm", "aa82f10afd9a4b6080fdf3274dbb9432b25b210d42b4b6b55308f6e59cd87c3d"},
-  "phoenix_template": {:hex, :phoenix_template, "1.0.0", "c57bc5044f25f007dc86ab21895688c098a9f846a8dda6bc40e2d0ddc146e38f", [:mix], [{:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}], "hexpm", "1b066f99a26fd22064c12b2600a9a6e56700f591bf7b20b418054ea38b4d4357"},
+  "phoenix_swoosh": {:hex, :phoenix_swoosh, "1.2.0", "a544d83fde4a767efb78f45404a74c9e37b2a9c5ea3339692e65a6966731f935", [:mix], [{:finch, "~> 0.8", [hex: :finch, repo: "hexpm", optional: true]}, {:hackney, "~> 1.10", [hex: :hackney, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.6", [hex: :phoenix, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_view, "~> 1.0 or ~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:swoosh, "~> 1.5", [hex: :swoosh, repo: "hexpm", optional: false]}], "hexpm", "e88d117251e89a16b92222415a6d87b99a96747ddf674fc5c7631de734811dba"},
+  "phoenix_template": {:hex, :phoenix_template, "1.0.1", "85f79e3ad1b0180abb43f9725973e3b8c2c3354a87245f91431eec60553ed3ef", [:mix], [{:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}], "hexpm", "157dc078f6226334c91cb32c1865bf3911686f8bcd6bcff86736f6253e6993ee"},
   "phoenix_view": {:hex, :phoenix_view, "2.0.2", "6bd4d2fd595ef80d33b439ede6a19326b78f0f1d8d62b9a318e3d9c1af351098", [:mix], [{:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}], "hexpm", "a929e7230ea5c7ee0e149ffcf44ce7cf7f4b6d2bfe1752dd7c084cdff152d36f"},
-  "plug": {:hex, :plug, "1.14.0", "ba4f558468f69cbd9f6b356d25443d0b796fbdc887e03fa89001384a9cac638f", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "bf020432c7d4feb7b3af16a0c2701455cbbbb95e5b6866132cb09eb0c29adc14"},
-  "plug_cowboy": {:hex, :plug_cowboy, "2.6.0", "d1cf12ff96a1ca4f52207c5271a6c351a4733f413803488d75b70ccf44aebec2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "073cf20b753ce6682ed72905cd62a2d4bd9bad1bf9f7feb02a1b8e525bd94fa6"},
-  "plug_crypto": {:hex, :plug_crypto, "1.2.3", "8f77d13aeb32bfd9e654cb68f0af517b371fb34c56c9f2b58fe3df1235c1251a", [:mix], [], "hexpm", "b5672099c6ad5c202c45f5a403f21a3411247f164e4a8fab056e5cd8a290f4a2"},
+  "plug": {:hex, :plug, "1.14.1", "3148623796853ae96c628960b833bf6b6a894d6bdc8c199ef7160c41149b71f2", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "a0e789be21a576b11ec55a0983e4e8f7c7b07d88dfb3b8da9e97767132271d40"},
+  "plug_cowboy": {:hex, :plug_cowboy, "2.6.1", "9a3bbfceeb65eff5f39dab529e5cd79137ac36e913c02067dba3963a26efe9b2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "de36e1a21f451a18b790f37765db198075c25875c64834bcc82d90b309eb6613"},
+  "plug_crypto": {:hex, :plug_crypto, "1.2.5", "918772575e48e81e455818229bf719d4ab4181fcbf7f85b68a35620f78d89ced", [:mix], [], "hexpm", "26549a1d6345e2172eb1c233866756ae44a9609bd33ee6f99147ab3fd87fd842"},
   "postgrex": {:hex, :postgrex, "0.16.5", "fcc4035cc90e23933c5d69a9cd686e329469446ef7abba2cf70f08e2c4b69810", [:mix], [{:connection, "~> 1.1", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:table, "~> 0.1.0", [hex: :table, repo: "hexpm", optional: true]}], "hexpm", "edead639dc6e882618c01d8fc891214c481ab9a3788dfe38dd5e37fd1d5fb2e8"},
   "progress_bar": {:hex, :progress_bar, "2.0.1", "7b40200112ae533d5adceb80ff75fbe66dc753bca5f6c55c073bfc122d71896d", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "2519eb58a2f149a3a094e729378256d8cb6d96a259ec94841bd69fdc71f18f87"},
   "rajska": {:git, "https://github.com/churcho/rajska.git", "5da424969d5f40dcab690d3a25b248f85f712823", [branch: "fix/update-absinthe"]},
@@ -133,15 +133,15 @@
   "sweet_xml": {:hex, :sweet_xml, "0.7.3", "debb256781c75ff6a8c5cbf7981146312b66f044a2898f453709a53e5031b45b", [:mix], [], "hexpm", "e110c867a1b3fe74bfc7dd9893aa851f0eed5518d0d7cad76d7baafd30e4f5ba"},
   "swoosh": {:hex, :swoosh, "1.9.1", "0a5d7bf9954eb41d7e55525bc0940379982b090abbaef67cd8e1fd2ed7f8ca1a", [:mix], [{:cowboy, "~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:ex_aws, "~> 2.1", [hex: :ex_aws, repo: "hexpm", optional: true]}, {:finch, "~> 0.6", [hex: :finch, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13 or ~> 1.0", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "76dffff3ffcab80f249d5937a592eaef7cc49ac6f4cdd27e622868326ed6371e"},
   "telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"},
-  "tesla": {:hex, :tesla, "1.5.0", "7ee3616be87024a2b7231ae14474310c9b999c3abb1f4f8dbc70f86bd9678eef", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}, {:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:finch, "~> 0.13", [hex: :finch, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:gun, "~> 1.3", [hex: :gun, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:msgpax, "~> 2.3", [hex: :msgpax, repo: "hexpm", optional: true]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "1d0385e41fbd76af3961809088aef15dec4c2fdaab97b1c93c6484cb3695a122"},
+  "tesla": {:hex, :tesla, "1.5.1", "f2ba04f5e6ace0f1954f1fb4375f55809a5f2ff491c18ccb09fbc98370d4280b", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:finch, "~> 0.13", [hex: :finch, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:gun, "~> 1.3", [hex: :gun, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:msgpax, "~> 2.3", [hex: :msgpax, repo: "hexpm", optional: true]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "2815d4f6550973d1ed65692d545d079174f6a1f8cb4775f6eb606cbc0666a9de"},
   "timex": {:hex, :timex, "3.7.9", "790cdfc4acfce434e442f98c02ea6d84d0239073bfd668968f82ac63e9a6788d", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 1.1", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "64691582e5bb87130f721fc709acfb70f24405833998fabf35be968984860ce1"},
   "tz_world": {:hex, :tz_world, "1.2.0", "74ae7ef660a70ab35a25af4dfba46b1354fc904eb5da9b2464151cf885fc1a2c", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}, {:certifi, "~> 2.5", [hex: :certifi, repo: "hexpm", optional: true]}, {:geo, "~> 1.0 or ~> 2.0 or ~> 3.3", [hex: :geo, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "3cdd255f0a96942496a9edf61c86976a07fa6c0552ad287604c282b9bc1d9cf8"},
   "tzdata": {:hex, :tzdata, "1.1.1", "20c8043476dfda8504952d00adac41c6eda23912278add38edc140ae0c5bcc46", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a69cec8352eafcd2e198dea28a34113b60fdc6cb57eb5ad65c10292a6ba89787"},
-  "ueberauth": {:hex, :ueberauth, "0.10.3", "4a3bd7ab7b5d93d301d264f0f6858392654ee92171f4437d067d1ae227c051d9", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "1394f36a6c64e97f2038cf95228e7e52b4cb75417962e30418fbe9902b30e6d3"},
+  "ueberauth": {:hex, :ueberauth, "0.10.5", "806adb703df87e55b5615cf365e809f84c20c68aa8c08ff8a416a5a6644c4b02", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "3efd1f31d490a125c7ed453b926f7c31d78b97b8a854c755f5c40064bf3ac9e1"},
   "ueberauth_cas": {:hex, :ueberauth_cas, "2.3.1", "df45a1f2c5df8bc80191cbca4baeeed808d697702ec5ebe5bd5d5a264481752f", [:mix], [{:httpoison, "~> 1.8", [hex: :httpoison, repo: "hexpm", optional: false]}, {:sweet_xml, "~> 0.7", [hex: :sweet_xml, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.6", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "5068ae2b9e217c2f05aa9a67483a6531e21ba0be9a6f6c8749bb7fd1599be321"},
   "ueberauth_discord": {:hex, :ueberauth_discord, "0.7.0", "463f6dfe1ed10a76739331ce8e1dd3600ab611f10524dd828eb3aa50e76e9d43", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "d6f98ef91abb4ddceada4b7acba470e0e68c4d2de9735ff2f24172a8e19896b4"},
   "ueberauth_facebook": {:hex, :ueberauth_facebook, "0.10.0", "0d607fbd1b7c6e0449981571027d869c2d156b8ad20c42e3672346678c05ccf1", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "bf8ce5d66b1c50da8abff77e8086c1b710bdde63f4acaef19a651ba43a9537a8"},
-  "ueberauth_github": {:hex, :ueberauth_github, "0.8.1", "0be487b5afc29bc805fa5e31636f37c8f09d5159ef73fc08c4c7a98c9cfe2c18", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "143d6130b945ea9bdbd0ef94987f40788f1d7e8090decbfc0722773155e7a74a"},
+  "ueberauth_github": {:hex, :ueberauth_github, "0.8.2", "6e12332172ebfadb6fbe2feaeddbd8c421f8ebf9d425d1367c2dce2a35f6bf21", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "98ed414ee313bd754135ab9689e8f16863c5691d11c8526800457cce6153d4e2"},
   "ueberauth_gitlab_strategy": {:hex, :ueberauth_gitlab_strategy, "0.4.0", "96605d304ebb87ce508eccbeb1f94da9ea1c9da20d8913771b6cf24a6cc6c633", [:mix], [{:oauth2, "~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "e86e2e794bb063c07c05a6b1301b73f2be3ba9308d8f47ecc4d510ef9226091e"},
   "ueberauth_google": {:hex, :ueberauth_google, "0.10.2", "b85b3de6070e7bc71bbec3d4dbe2de805b004ae9c19efeb31531f9134ede4033", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.10.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "fcf987749db5e2d890240ce61223c61ee6ac1d638c3378bf1eeeb0e6332e5a12"},
   "ueberauth_keycloak_strategy": {:hex, :ueberauth_keycloak_strategy, "0.3.0", "262f25ae9a38886e13a954919a873ae6ea9adf73cf8875eec74b945f0b2c7b2b", [:mix], [{:oauth2, "~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "d1a0abad08cd5e39722a9899200583b03ac63fee0c264799018ef06eb989db31"},
@@ -151,5 +151,7 @@
   "unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"},
   "vite_phx": {:hex, :vite_phx, "0.3.1", "0f7d8cd98018547a7d97122552fff3e2d70df2820bc70e8d4f31156dcb60f23a", [:mix], [{:jason, ">= 0.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, ">= 0.0.0", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "08b1726094a131490ff0a2c7764c4cdd4b5cdf8ba9762638a5dd4bcd9e5fc936"},
   "web_push_encryption": {:git, "https://github.com/danhper/elixir-web-push-encryption.git", "70f00d06cbd88c9ac382e0ad2539e54448e9d8da", []},
+  "websock": {:hex, :websock, "0.5.0", "f6bbce90226121d62a0715bca7c986c5e43de0ccc9475d79c55381d1796368cc", [:mix], [], "hexpm", "b51ac706df8a7a48a2c622ee02d09d68be8c40418698ffa909d73ae207eb5fb8"},
+  "websock_adapter": {:hex, :websock_adapter, "0.5.0", "cea35d8bbf1a6964e32d4b02ceb561dfb769c04f16d60d743885587e7d2ca55b", [:mix], [{:bandit, "~> 0.6", [hex: :bandit, repo: "hexpm", optional: true]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.6", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:websock, "~> 0.5", [hex: :websock, repo: "hexpm", optional: false]}], "hexpm", "16318b124effab8209b1eb7906c636374f623dc9511a8278ad09c083cea5bb83"},
   "xml_builder": {:hex, :xml_builder, "2.2.0", "cc5f1eeefcfcde6e90a9b77fb6c490a20bc1b856a7010ce6396f6da9719cbbab", [:mix], [], "hexpm", "9d66d52fb917565d358166a4314078d39ef04d552904de96f8e73f68f64a62c9"},
 }
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index dc9a4798a..3fe243a05 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -29,6 +29,8 @@ defmodule Mobilizon.Web.ConnCase do
 
       import Mobilizon.Web.Router.Helpers
 
+      use Mobilizon.Web, :verified_routes
+
       # The default endpoint for testing
       @endpoint Mobilizon.Web.Endpoint
 

From 647efad9820b8cee3bed1aabe7333b661a1eccbd Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 17 Mar 2023 19:16:15 +0100
Subject: [PATCH 07/12] Add Codeclimate report from Credo to CI

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .credo.exs     | 3 +++
 .gitignore     | 1 +
 .gitlab-ci.yml | 4 ++++
 mix.exs        | 3 ++-
 mix.lock       | 1 +
 5 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.credo.exs b/.credo.exs
index e4a3bc12a..bb63ed529 100644
--- a/.credo.exs
+++ b/.credo.exs
@@ -39,6 +39,9 @@
       # to `false` below:
       #
       color: true,
+      plugins: [
+        {CredoCodeClimate, []}
+      ],
       #
       # You can customize the parameters of any check by adding a second element
       # to the tuple.
diff --git a/.gitignore b/.gitignore
index 5e1d85557..8f2fa3108 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,3 +49,4 @@ test-junit-report.xml
 js/junit.xml
 .env
 demo/
+codeclimate.json
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9e748a66e..38c3e43b1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -67,6 +67,10 @@ lint-elixir:
     - mix credo diff --from-git-merge-base $TARGET_SHA1 --strict -a || export EXITVALUE=1
     - mix sobelow --config || export EXITVALUE=1
     - exit $EXITVALUE
+  artifacts:
+    reports:
+      codequality: codeclimate.json
+
 
 lint-front:
   image: node:16
diff --git a/mix.exs b/mix.exs
index 499ce41c7..a81301eec 100644
--- a/mix.exs
+++ b/mix.exs
@@ -227,7 +227,8 @@ defmodule Mobilizon.Mixfile do
       {:sobelow, "~> 0.8", only: [:dev, :test]},
       {:doctor, "~> 0.21", only: :dev},
       {:haversine, "~> 0.1.0"},
-      {:ecto_dev_logger, "~> 0.7"}
+      {:ecto_dev_logger, "~> 0.7"},
+      {:credo_code_climate, "~> 0.1.0", only: [:dev, :test]}
     ] ++ oauth_deps()
   end
 
diff --git a/mix.lock b/mix.lock
index 06a5a101e..ae55d543f 100644
--- a/mix.lock
+++ b/mix.lock
@@ -18,6 +18,7 @@
   "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"},
   "cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"},
   "credo": {:hex, :credo, "1.6.7", "323f5734350fd23a456f2688b9430e7d517afb313fbd38671b8a4449798a7854", [:mix], [{:bunt, "~> 0.2.1", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2.8", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "41e110bfb007f7eda7f897c10bf019ceab9a0b269ce79f015d54b0dcf4fc7dd3"},
+  "credo_code_climate": {:hex, :credo_code_climate, "0.1.0", "1c4efbd11cb0244622ed5f09246b9afbbf796316ce03e78f67db6d81271d2978", [:mix], [{:credo, "~> 1.5", [hex: :credo, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "75529fe38056f4e229821d604758282838b8397c82e2c12e409fda16b16821ca"},
   "dataloader": {:hex, :dataloader, "1.0.10", "a42f07641b1a0572e0b21a2a5ae1be11da486a6790f3d0d14512d96ff3e3bbe9", [:mix], [{:ecto, ">= 3.4.3 and < 4.0.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "54cd70cec09addf4b2ace14cc186a283a149fd4d3ec5475b155951bf33cd963f"},
   "db_connection": {:hex, :db_connection, "2.4.3", "3b9aac9f27347ec65b271847e6baeb4443d8474289bd18c1d6f4de655b70c94d", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c127c15b0fa6cfb32eed07465e05da6c815b032508d4ed7c116122871df73c12"},
   "decimal": {:hex, :decimal, "2.0.0", "a78296e617b0f5dd4c6caf57c714431347912ffb1d0842e998e9792b5642d697", [:mix], [], "hexpm", "34666e9c55dea81013e77d9d87370fe6cb6291d1ef32f46a1600230b1d44f577"},

From a28ce5e6b6a8ae11d9eb3c4d60f5bd5d991879ac Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Mon, 20 Mar 2023 16:38:43 +0100
Subject: [PATCH 08/12] Fetch config for export event participant formats

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/graphql/config.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/js/src/graphql/config.ts b/js/src/graphql/config.ts
index 64ca90a5e..1022b7845 100644
--- a/js/src/graphql/config.ts
+++ b/js/src/graphql/config.ts
@@ -113,6 +113,9 @@ export const CONFIG = gql`
           isDefault
         }
       }
+      exportFormats {
+        eventParticipants
+      }
     }
   }
 `;

From 986ae45f522daf56678a23dab3959ef5aaae0392 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 23 Mar 2023 18:37:53 +0100
Subject: [PATCH 09/12] Add worker to clean obsolete application data, token
 revokation and spec conformance

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .sobelow-skips                                |   3 +-
 config/config.exs                             |   6 +-
 lib/mobilizon/applications.ex                 |  19 ++
 lib/service/auth/applications.ex              |  69 +++-
 lib/service/workers/clean_application_data.ex |  32 ++
 lib/web/controllers/application_controller.ex | 314 +++++++++++++-----
 lib/web/router.ex                             |   1 +
 test/mobilizon/applications_test.exs          |   4 +-
 .../application_controller_test.exs           | 148 +++++----
 9 files changed, 436 insertions(+), 160 deletions(-)
 create mode 100644 lib/service/workers/clean_application_data.ex

diff --git a/.sobelow-skips b/.sobelow-skips
index 7bc6e895d..3e438cb32 100644
--- a/.sobelow-skips
+++ b/.sobelow-skips
@@ -38,4 +38,5 @@ FE1EEB91EA633570F703B251AE2D4D4E
 49DE9560D506F9E7EF3AFD8DA6E5564B
 759F752FA0768CCC7871895DC2A5CD51
 7EEC79571F3F7CEEB04A8B86D908382A
-E7967805C1EA5301F2722C7BDB2F25F3
\ No newline at end of file
+E7967805C1EA5301F2722C7BDB2F25F3
+BDFB0FB1AAF69C18212CBCFD42F8B717
\ No newline at end of file
diff --git a/config/config.exs b/config/config.exs
index 77591db87..ede8c0179 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -312,7 +312,11 @@ config :mobilizon, Oban,
        {"@hourly", Mobilizon.Service.Workers.CleanUnconfirmedUsersWorker, queue: :background},
        {"@hourly", Mobilizon.Service.Workers.ExportCleanerWorker, queue: :background},
        {"@hourly", Mobilizon.Service.Workers.SendActivityRecapWorker, queue: :notifications},
-       {"@daily", Mobilizon.Service.Workers.CleanOldActivityWorker, queue: :background}
+       {"@daily", Mobilizon.Service.Workers.CleanOldActivityWorker, queue: :background},
+       {"@hourly", Mobilizon.Service.Workers.CleanApplicationData,
+        queue: :background, args: %{type: :application_token}},
+       {"@hourly", Mobilizon.Service.Workers.CleanApplicationData,
+        queue: :background, args: %{type: :application_device_activation}}
      ]},
     {Oban.Plugins.Pruner, max_age: 300}
   ]
diff --git a/lib/mobilizon/applications.ex b/lib/mobilizon/applications.ex
index 6080ffe34..787fc05f7 100644
--- a/lib/mobilizon/applications.ex
+++ b/lib/mobilizon/applications.ex
@@ -285,6 +285,16 @@ defmodule Mobilizon.Applications do
     ApplicationToken.changeset(application_token, attrs)
   end
 
+  @spec prune_old_application_tokens(pos_integer()) :: {non_neg_integer(), nil}
+  def prune_old_application_tokens(lifetime) do
+    exp = DateTime.add(NaiveDateTime.utc_now(), -lifetime)
+
+    ApplicationToken
+    |> where([at], at.status != :success)
+    |> where([at], at.inserted_at < ^exp)
+    |> Repo.delete_all()
+  end
+
   alias Mobilizon.Applications.ApplicationDeviceActivation
 
   @doc """
@@ -413,4 +423,13 @@ defmodule Mobilizon.Applications do
       ) do
     ApplicationDeviceActivation.changeset(application_device_activation, attrs)
   end
+
+  @spec prune_old_application_device_activations(pos_integer()) :: {non_neg_integer(), nil}
+  def prune_old_application_device_activations(lifetime) do
+    exp = DateTime.add(NaiveDateTime.utc_now(), -lifetime)
+
+    ApplicationDeviceActivation
+    |> where([at], at.expires_in < ^exp)
+    |> Repo.delete_all()
+  end
 end
diff --git a/lib/service/auth/applications.ex b/lib/service/auth/applications.ex
index 95f4d4393..c5031c1ef 100644
--- a/lib/service/auth/applications.ex
+++ b/lib/service/auth/applications.ex
@@ -14,6 +14,12 @@ defmodule Mobilizon.Service.Auth.Applications do
   @app_access_tokens_ttl {8, :hour}
   @app_refresh_tokens_ttl {26, :week}
 
+  @device_code_expires_in 900
+  @device_code_interval 5
+
+  @authorization_code_lifetime 60
+  @application_device_activation_lifetime @device_code_expires_in * 2
+
   @type access_token_details :: %{
           required(:access_token) => String.t(),
           required(:expires_in) => pos_integer(),
@@ -58,7 +64,8 @@ defmodule Mobilizon.Service.Auth.Applications do
         user_id: user_id,
         application_id: app_id,
         authorization_code: code,
-        scope: scope
+        scope: scope,
+        status: :pending
       })
     else
       nil ->
@@ -113,22 +120,28 @@ defmodule Mobilizon.Service.Auth.Applications do
              | :provided_code_does_not_match
              | :invalid_client_secret
              | :invalid_or_expired
+             | :scope_not_included
              | any()}
   def generate_access_token(client_id, client_secret, code, redirect_uri, scope) do
     with {:application,
           %Application{
             id: application_id,
             client_secret: app_client_secret,
-            redirect_uris: redirect_uris
+            redirect_uris: redirect_uris,
+            scope: app_scope
           }} <-
            {:application, Applications.get_application_by_client_id(client_id)},
-         # TODO: check that app token scope still are acceptable
+         {:scope_included, true} <- {:scope_included, request_scope_valid?(app_scope, scope)},
          {:redirect_uri, true} <-
            {:redirect_uri, redirect_uri in redirect_uris},
          {:app_token, %ApplicationToken{} = app_token} <-
            {:app_token, Applications.get_application_token_by_authorization_code(code)},
+         {:expired, false} <- {:expired, authorization_code_expired?(app_token)},
          {:ok, %ApplicationToken{application_id: application_id_from_token} = app_token} <-
-           Applications.update_application_token(app_token, %{authorization_code: nil}),
+           Applications.update_application_token(app_token, %{
+             authorization_code: nil,
+             status: :success
+           }),
          {:same_app, true} <- {:same_app, application_id === application_id_from_token},
          {:same_client_secret, true} <- {:same_client_secret, app_client_secret == client_secret},
          {:ok, access_token} <-
@@ -160,6 +173,12 @@ defmodule Mobilizon.Service.Auth.Applications do
       {:app_token, _} ->
         {:error, :invalid_or_expired}
 
+      {:expired, true} ->
+        {:error, :invalid_or_expired}
+
+      {:scope_included, false} ->
+        {:error, :scope_not_included}
+
       {:error, err} ->
         {:error, err}
     end
@@ -184,7 +203,8 @@ defmodule Mobilizon.Service.Auth.Applications do
               user_id: user_id,
               application_id: app_id,
               authorization_code: nil,
-              scope: scope
+              scope: scope,
+              status: :success
             })
 
           {:ok, access_token} =
@@ -205,14 +225,12 @@ defmodule Mobilizon.Service.Auth.Applications do
         end
 
       %ApplicationDeviceActivation{status: :incorrect_device_code} ->
-        Logger.error("Incorrect device code set")
         {:error, :incorrect_device_code}
 
       %ApplicationDeviceActivation{status: :access_denied} ->
         {:error, :access_denied}
 
       nil ->
-        Logger.error("nil returned")
         {:error, :incorrect_device_code}
 
       err ->
@@ -231,9 +249,6 @@ defmodule Mobilizon.Service.Auth.Applications do
     |> Enum.join("")
   end
 
-  @expires_in 900
-  @interval 5
-
   @spec register_device_code(String.t(), String.t() | nil) ::
           {:ok, ApplicationDeviceActivation.t()}
           | {:error, :application_not_found}
@@ -250,7 +265,7 @@ defmodule Mobilizon.Service.Auth.Applications do
            Applications.create_application_device_activation(%{
              device_code: device_code,
              user_code: user_code,
-             expires_in: @expires_in,
+             expires_in: @device_code_expires_in,
              application_id: application.id,
              scope: scope
            }) do
@@ -260,7 +275,7 @@ defmodule Mobilizon.Service.Auth.Applications do
        |> Map.take([:device_code, :user_code, :expires_in])
        |> Map.update!(:user_code, &user_code_displayed/1)
        |> Map.merge(%{
-         interval: @interval,
+         interval: @device_code_interval,
          verification_uri: verification_uri
        })}
     else
@@ -359,9 +374,37 @@ defmodule Mobilizon.Service.Auth.Applications do
       :lt
   end
 
+  def prune_old_tokens do
+    Applications.prune_old_application_tokens(@authorization_code_lifetime)
+  end
+
+  def prune_old_application_device_activations do
+    Applications.prune_old_application_device_activations(@application_device_activation_lifetime)
+  end
+
+  @spec revoke_token(String.t()) ::
+          {:ok, map()}
+          | {:error, any(), any(), any()}
+          | {:error, :token_not_found}
+  def revoke_token(token) do
+    case Guardian.resource_from_token(token) do
+      {:ok, %ApplicationToken{} = app_token, _claims} ->
+        Guardian.revoke(token)
+        revoke_application_token(app_token)
+
+      {:error, _err} ->
+        {:error, :token_not_found}
+    end
+  end
+
+  defp authorization_code_expired?(%ApplicationToken{inserted_at: inserted_at}) do
+    NaiveDateTime.compare(NaiveDateTime.add(inserted_at, 60), NaiveDateTime.utc_now()) ==
+      :lt
+  end
+
   defp request_scope_valid?(app_scope, request_scope) do
     app_scopes = app_scope |> String.split(" ") |> MapSet.new()
     request_scopes = request_scope |> String.split(" ") |> MapSet.new()
-    MapSet.subset?(request_scopes, app_scopes)
+    MapSet.subset?(request_scopes, app_scopes) and AppScope.scopes_valid?(request_scope)
   end
 end
diff --git a/lib/service/workers/clean_application_data.ex b/lib/service/workers/clean_application_data.ex
new file mode 100644
index 000000000..16e265ac5
--- /dev/null
+++ b/lib/service/workers/clean_application_data.ex
@@ -0,0 +1,32 @@
+defmodule Mobilizon.Service.Workers.CleanApplicationData do
+  @moduledoc """
+  Worker to send activity recaps
+  """
+
+  use Oban.Worker, queue: "background"
+  alias Mobilizon.Service.Auth.Applications
+  require Logger
+
+  @impl Oban.Worker
+  def perform(%Job{args: %{type: :application}}) do
+    Logger.info("Cleaning expired applications data")
+
+    # TODO: Clear unused applications after a while
+  end
+
+  @impl Oban.Worker
+  def perform(%Job{args: %{type: :application_token}}) do
+    Logger.info("Cleaning expired application tokens data")
+
+    Applications.prune_old_tokens()
+    :ok
+  end
+
+  @impl Oban.Worker
+  def perform(%Job{args: %{type: :application_device_activation}}) do
+    Logger.info("Cleaning expired application device activation data")
+
+    Applications.prune_old_application_device_activations()
+    :ok
+  end
+end
diff --git a/lib/web/controllers/application_controller.ex b/lib/web/controllers/application_controller.ex
index c633b186b..cf695fa79 100644
--- a/lib/web/controllers/application_controller.ex
+++ b/lib/web/controllers/application_controller.ex
@@ -22,44 +22,51 @@ defmodule Mobilizon.Web.ApplicationController do
            Map.get(args, "website")
          ) do
       {:ok, %Application{} = app} ->
-        json(
-          conn,
+        conn
+        |> Plug.Conn.put_resp_header("cache-control", "no-store")
+        |> json(
           Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
         )
 
       {:error, :invalid_scope} ->
-        send_resp(
-          conn,
-          400,
-          dgettext(
-            "errors",
-            "The scope parameter is not a space separated list of valid scopes"
-          )
-        )
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_scope",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "The scope parameter is not a space separated list of valid scopes"
+            )
+        })
 
       {:error, error} ->
         Logger.error(inspect(error))
 
-        send_resp(
-          conn,
-          500,
-          dgettext(
-            "errors",
-            "Impossible to create application."
-          )
-        )
+        conn
+        |> Plug.Conn.put_status(500)
+        |> json(%{
+          "error" => "server_error",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "Impossible to create application."
+            )
+        })
     end
   end
 
   def create_application(conn, _args) do
-    send_resp(
-      conn,
-      400,
-      dgettext(
-        "errors",
-        "All of name, scope and redirect_uri parameters are required to create an application"
-      )
-    )
+    conn
+    |> Plug.Conn.put_status(400)
+    |> json(%{
+      "error" => "invalid_request",
+      "error_description" =>
+        dgettext(
+          "errors",
+          "All of name, scope and redirect_uri parameters are required to create an application"
+        )
+    })
   end
 
   @doc """
@@ -77,7 +84,8 @@ defmodule Mobilizon.Web.ApplicationController do
     state = conn.query_params["state"]
     scope = conn.query_params["scope"]
 
-    if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) and is_binary(scope) do
+    if is_binary(client_id) and is_binary(redirect_uri) and valid_uri?(redirect_uri) and
+         is_binary(state) and is_binary(scope) do
       redirect(conn,
         to:
           Routes.page_path(conn, :authorize,
@@ -88,46 +96,89 @@ defmodule Mobilizon.Web.ApplicationController do
           )
       )
     else
-      send_resp(
-        conn,
-        400,
-        dgettext(
-          "errors",
-          "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+      if is_binary(redirect_uri) and valid_uri?(redirect_uri) do
+        redirect(conn,
+          external:
+            append_parameters(redirect_uri,
+              error: "invalid_request",
+              error_description:
+                dgettext(
+                  "errors",
+                  "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+                )
+            )
         )
-      )
+      else
+        send_resp(
+          conn,
+          400,
+          dgettext(
+            "errors",
+            "You need to provide a valid redirect_uri to autorize an application"
+          )
+        )
+      end
     end
   end
 
   def device_code(conn, %{"client_id" => client_id, "scope" => scope}) do
     case Applications.register_device_code(client_id, scope) do
       {:ok, res} when is_map(res) ->
-        case get_format(conn) do
-          "json" ->
-            json(conn, res)
-
-          _ ->
-            send_resp(conn, 200, URI.encode_query(res))
-        end
+        conn
+        |> Plug.Conn.put_resp_header("cache-control", "no-store")
+        |> json(res)
 
       {:error, :scope_not_included} ->
-        send_resp(conn, 400, "The given scope is not in the list of the app declared scopes")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_scope",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "The given scope is not in the list of the app declared scopes"
+            )
+        })
 
       {:error, :application_not_found} ->
-        send_resp(conn, 400, "No application with this client_id was found")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_client",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "No application with this client_id was found"
+            )
+        })
 
       {:error, %Ecto.Changeset{} = err} ->
         Logger.error(inspect(err))
-        send_resp(conn, 500, "Unable to produce device code")
+
+        conn
+        |> Plug.Conn.put_status(500)
+        |> json(%{
+          "error" => "server_error",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "Unable to produce device code"
+            )
+        })
     end
   end
 
   def device_code(conn, _args) do
-    send_resp(
-      conn,
-      400,
-      "You need to pass both client_id and scope as parameters to obtain a device code"
-    )
+    conn
+    |> Plug.Conn.put_status(400)
+    |> json(%{
+      "error" => "invalid_request",
+      "error_description" =>
+        dgettext(
+          "errors",
+          "You need to pass both client_id and scope as parameters to obtain a device code"
+        )
+    })
   end
 
   @spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
@@ -141,11 +192,19 @@ defmodule Mobilizon.Web.ApplicationController do
       }) do
     case do_generate_access_token(client_id, client_secret, code, redirect_uri, scope) do
       {:ok, token} ->
-        json(conn, token)
+        conn
+        |> Plug.Conn.put_resp_header("cache-control", "no-store")
+        |> json(token)
 
-      {:error, msg} ->
+      {:error, code, msg} ->
         Logger.debug(msg)
-        json(conn, %{error: true, details: msg})
+
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => to_string(code),
+          "error_description" => msg
+        })
     end
   end
 
@@ -156,26 +215,45 @@ defmodule Mobilizon.Web.ApplicationController do
       }) do
     case Applications.generate_access_token_for_device_flow(client_id, device_code) do
       {:ok, res} ->
-        case get_format(conn) do
-          "json" ->
-            json(conn, res)
-
-          _ ->
-            send_resp(
-              conn,
-              200,
-              URI.encode_query(res)
-            )
-        end
+        conn
+        |> Plug.Conn.put_resp_header("cache-control", "no-store")
+        |> json(res)
 
       {:error, :incorrect_device_code} ->
-        send_resp(conn, 400, "The client_id provided or the device_code associated is invalid")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_grant",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "The client_id provided or the device_code associated is invalid"
+            )
+        })
 
       {:error, :access_denied} ->
-        send_resp(conn, 401, "The user rejected the requested authorization")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "access_denied",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "The user rejected the requested authorization"
+            )
+        })
 
       {:error, :expired} ->
-        send_resp(conn, 400, "The given device_code has expired")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_grant",
+          "error_description" =>
+            dgettext(
+              "errors",
+              "The given device_code has expired"
+            )
+        })
     end
   end
 
@@ -187,29 +265,74 @@ defmodule Mobilizon.Web.ApplicationController do
       }) do
     case Applications.refresh_tokens(refresh_token, client_id, client_secret) do
       {:ok, res} ->
-        json(conn, res)
+        conn
+        |> Plug.Conn.put_resp_header("cache-control", "no-store")
+        |> json(res)
 
       {:error, :invalid_client_credentials} ->
-        send_resp(conn, 400, "Invalid client credentials provided")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_client",
+          "error_description" => dgettext("errors", "Invalid client credentials provided")
+        })
 
       {:error, :invalid_refresh_token} ->
-        send_resp(conn, 400, "Invalid refresh token provided")
+        conn
+        |> Plug.Conn.put_status(400)
+        |> json(%{
+          "error" => "invalid_grant",
+          "error_description" => dgettext("errors", "Invalid refresh token provided")
+        })
 
       {:error, err} when is_atom(err) ->
-        send_resp(conn, 500, to_string(err))
+        conn
+        |> Plug.Conn.put_status(500)
+        |> json(%{
+          "error" => "server_error",
+          "error_description" => to_string(err)
+        })
     end
   end
 
   def generate_access_token(conn, _args) do
-    send_resp(
-      conn,
-      400,
-      "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
-    )
+    conn
+    |> Plug.Conn.put_status(400)
+    |> json(%{
+      "error" => "invalid_request",
+      "error_description" =>
+        dgettext(
+          "errors",
+          "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+        )
+    })
+  end
+
+  def revoke_token(conn, %{"token" => token} = _args) do
+    case Applications.revoke_token(token) do
+      {:ok, _res} ->
+        send_resp(conn, 200, "")
+
+      {:error, _, _, _} ->
+        conn
+        |> Plug.Conn.put_status(500)
+        |> json(%{
+          "error" => "server_error",
+          "error_description" => dgettext("errors", "Unable to revoke token")
+        })
+
+      {:error, :token_not_found} ->
+        conn
+        |> Plug.Conn.put_status(:not_found)
+        |> json(%{
+          "error" => "invalid_request",
+          "error_description" => dgettext("errors", "Token not found")
+        })
+    end
   end
 
   @spec do_generate_access_token(String.t(), String.t(), String.t(), String.t(), String.t()) ::
-          {:ok, Applications.access_token_details()} | {:error, String.t()}
+          {:ok, Applications.access_token_details()} | {:error, atom(), String.t()}
   defp do_generate_access_token(client_id, client_secret, code, redirect_uri, scope) do
     case Applications.generate_access_token(
            client_id,
@@ -222,19 +345,48 @@ defmodule Mobilizon.Web.ApplicationController do
         {:ok, token}
 
       {:error, :application_not_found} ->
-        {:error, dgettext("errors", "No application was found with this client_id")}
+        {:error, :invalid_request,
+         dgettext("errors", "No application was found with this client_id")}
 
       {:error, :redirect_uri_not_in_allowed} ->
-        {:error, dgettext("errors", "This redirect URI is not allowed")}
+        {:error, :invalid_request, dgettext("errors", "This redirect URI is not allowed")}
 
       {:error, :invalid_or_expired} ->
-        {:error, dgettext("errors", "The provided code is invalid or expired")}
+        {:error, :invalid_grant, dgettext("errors", "The provided code is invalid or expired")}
 
       {:error, :provided_code_does_not_match} ->
-        {:error, dgettext("errors", "The provided client_id does not match the provided code")}
+        {:error, :invalid_grant,
+         dgettext("errors", "The provided client_id does not match the provided code")}
 
       {:error, :invalid_client_secret} ->
-        {:error, dgettext("errors", "The provided client_secret is invalid")}
+        {:error, :invalid_client, dgettext("errors", "The provided client_secret is invalid")}
+
+      {:error, :scope_not_included} ->
+        {:error, :invalid_scope,
+         dgettext(
+           "errors",
+           "The provided scope is invalid or not included in the app declared scopes"
+         )}
+    end
+  end
+
+  defp valid_uri?(url) do
+    uri = URI.parse(url)
+    uri.scheme != nil and uri.host =~ "."
+  end
+
+  @spec append_parameters(String.t(), Enum.t()) :: String.t()
+  defp append_parameters(uri_str, parameters) do
+    query_parameters = URI.encode_query(parameters)
+
+    case URI.parse(uri_str) do
+      %URI{query: nil} = uri ->
+        uri
+        |> URI.merge(%URI{query: query_parameters})
+        |> URI.to_string()
+
+      uri ->
+        "#{URI.to_string(uri)}&#{query_parameters}"
     end
   end
 end
diff --git a/lib/web/router.ex b/lib/web/router.ex
index 06496b325..2657dea21 100644
--- a/lib/web/router.ex
+++ b/lib/web/router.ex
@@ -221,6 +221,7 @@ defmodule Mobilizon.Web.Router do
 
     post("/login/device/code", ApplicationController, :device_code)
     post("/oauth/token", ApplicationController, :generate_access_token)
+    post("/oauth/revoke", ApplicationController, :revoke_token)
   end
 
   scope "/proxy/", Mobilizon.Web do
diff --git a/test/mobilizon/applications_test.exs b/test/mobilizon/applications_test.exs
index 9e8fd57c6..2431d3159 100644
--- a/test/mobilizon/applications_test.exs
+++ b/test/mobilizon/applications_test.exs
@@ -183,7 +183,7 @@ defmodule Mobilizon.ApplicationsTest do
       assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
                Applications.create_application_device_activation(valid_attrs)
 
-      assert application_device_activation == "read"
+      assert application_device_activation.scope == "read"
     end
 
     test "create_application_device_activation/1 with invalid data returns error changeset" do
@@ -204,7 +204,7 @@ defmodule Mobilizon.ApplicationsTest do
                  update_attrs
                )
 
-      assert application_device_activation == "success"
+      assert application_device_activation.status == :success
     end
 
     test "update_application_device_activation/2 with invalid data returns error changeset" do
diff --git a/test/web/controllers/application_controller_test.exs b/test/web/controllers/application_controller_test.exs
index fd1f0d7f3..6e12c661d 100644
--- a/test/web/controllers/application_controller_test.exs
+++ b/test/web/controllers/application_controller_test.exs
@@ -11,7 +11,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
         conn
         |> post("/apps", %{"name" => "hello"})
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_request"
+
+      assert error["error_description"] ==
                "All of name, scope and redirect_uri parameters are required to create an application"
     end
 
@@ -25,7 +28,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           "scope" => "write nothing"
         })
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_scope"
+
+      assert error["error_description"] ==
                "The scope parameter is not a space separated list of valid scopes"
     end
 
@@ -57,18 +63,29 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
   end
 
   describe "authorize" do
-    test "without all required params", %{conn: conn} do
-      conn = get(conn, "/oauth/authorize?client_id=hello")
+    test "without a valid URI", %{conn: conn} do
+      conn = get(conn, "/oauth/authorize?client_id=hello&redirect_uri=toto")
 
       assert response(conn, 400) ==
-               "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+               "You need to provide a valid redirect_uri to autorize an application"
+    end
+
+    test "without all valid params", %{conn: conn} do
+      conn =
+        get(
+          conn,
+          "/oauth/authorize?client_id=hello&redirect_uri=#{URI.encode("https://somewhere.org/callback")}"
+        )
+
+      assert redirected_to(conn) =~
+               "error=invalid_request&error_description=#{URI.encode_www_form("You need to specify client_id, redirect_uri, scope and state to autorize an application")}"
     end
 
     test "with all required params redirects to authorization page", %{conn: conn} do
       conn =
         get(
           conn,
-          "/oauth/authorize?client_id=hello&redirect_uri=somewhere&state=something&scope=everything"
+          "/oauth/authorize?client_id=hello&redirect_uri=#{URI.encode("https://somewhere.org/callback&state=something&scope=everything")}"
         )
 
       assert redirected_to(conn) =~ "/oauth/autorize_approve"
@@ -79,14 +96,19 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
     test "without all required params", %{conn: conn} do
       conn = post(conn, "/login/device/code", client_id: "hello")
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_request"
+
+      assert error["error_description"] ==
                "You need to pass both client_id and scope as parameters to obtain a device code"
     end
 
     test "with an invalid client_id", %{conn: conn} do
       conn = post(conn, "/login/device/code", client_id: "hello", scope: "write:event:create")
 
-      assert response(conn, 400) == "No application with this client_id was found"
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_client"
+      assert error["error_description"] == "No application with this client_id was found"
     end
 
     test "with a scope not matching app registered scopes", %{conn: conn} do
@@ -96,7 +118,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
       conn =
         post(conn, "/login/device/code", client_id: app.client_id, scope: "write:event:delete")
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_scope"
+
+      assert error["error_description"] ==
                "The given scope is not in the list of the app declared scopes"
     end
 
@@ -107,14 +132,14 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
       conn =
         post(conn, "/login/device/code", client_id: app.client_id, scope: "write:event:create")
 
-      res = conn |> response(200) |> URI.decode_query()
+      res = json_response(conn, 200)
 
       verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
 
       assert %{
                "device_code" => _device_code,
-               "expires_in" => "900",
-               "interval" => "5",
+               "expires_in" => 900,
+               "interval" => 5,
                "user_code" => user_code,
                "verification_uri" => ^verification_uri
              } = res
@@ -151,7 +176,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
     test "without valid parameters", %{conn: conn} do
       conn = post(conn, "/oauth/token")
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_request"
+
+      assert error["error_description"] ==
                "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
     end
 
@@ -163,7 +191,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           device_code: "hello"
         )
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_grant"
+
+      assert error["error_description"] ==
                "The client_id provided or the device_code associated is invalid"
     end
 
@@ -188,7 +219,9 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           device_code: "hello"
         )
 
-      assert response(conn, 401) == "The user rejected the requested authorization"
+      assert error = json_response(conn, 400)
+      assert error["error"] == "access_denied"
+      assert error["error_description"] == "The user rejected the requested authorization"
     end
 
     test "with incorrect device code", %{conn: conn} do
@@ -212,7 +245,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           device_code: "hello"
         )
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_grant"
+
+      assert error["error_description"] ==
                "The client_id provided or the device_code associated is invalid"
     end
 
@@ -240,46 +276,13 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           device_code: "hello"
         )
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_grant"
+
+      assert error["error_description"] ==
                "The given device_code has expired"
     end
 
-    test "with valid params", %{conn: conn} do
-      user = insert(:user)
-
-      {:ok, app} =
-        Applications.create("My app", ["hello"], "write:event:create write:event:update")
-
-      assert {:ok, _res} =
-               Mobilizon.Applications.create_application_device_activation(%{
-                 device_code: "hello",
-                 user_code: "world",
-                 expires_in: 600,
-                 application_id: app.id,
-                 scope: "write:event:create write:event:update",
-                 status: "success",
-                 user_id: user.id
-               })
-
-      conn =
-        post(conn, "/oauth/token",
-          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
-          client_id: app.client_id,
-          device_code: "hello"
-        )
-
-      res = conn |> response(200) |> URI.decode_query()
-
-      assert %{
-               "access_token" => _access_token,
-               "expires_in" => "28800",
-               "refresh_token" => _refresh_token,
-               "refresh_token_expires_in" => "15724800",
-               "scope" => "write:event:create write:event:update",
-               "token_type" => "bearer"
-             } = res
-    end
-
     test "with valid params as JSON", %{conn: conn} do
       user = insert(:user)
 
@@ -331,7 +334,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           scope: "hello"
         )
 
-      assert json_response(conn, 200)["details"] ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_request"
+
+      assert json_response(conn, 400)["error_description"] ==
                "No application was found with this client_id"
     end
 
@@ -346,10 +352,13 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           client_secret: app.client_secret,
           code: "hello",
           redirect_uri: "nope",
-          scope: "hello"
+          scope: "write:event:create"
         )
 
-      assert json_response(conn, 200)["details"] ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_request"
+
+      assert error["error_description"] ==
                "This redirect URI is not allowed"
     end
 
@@ -364,10 +373,13 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           client_secret: app.client_secret,
           code: "hello",
           redirect_uri: "hello",
-          scope: "hello"
+          scope: "write:event:create"
         )
 
-      assert json_response(conn, 200)["details"] ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_grant"
+
+      assert error["error_description"] ==
                "The provided code is invalid or expired"
     end
 
@@ -394,7 +406,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           scope: "write:event:create write:event:update"
         )
 
-      assert json_response(conn, 200)["details"] ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_client"
+
+      assert error["error_description"] ==
                "The provided client_secret is invalid"
     end
 
@@ -424,7 +439,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           scope: "write:event:create write:event:update"
         )
 
-      assert json_response(conn, 200)["details"] ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_grant"
+
+      assert error["error_description"] ==
                "The provided client_id does not match the provided code"
     end
 
@@ -474,7 +492,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           refresh_token: "none"
         )
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_grant"
+
+      assert error["error_description"] ==
                "Invalid refresh token provided"
     end
 
@@ -511,7 +532,10 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
           refresh_token: res["refresh_token"]
         )
 
-      assert response(conn, 400) ==
+      assert error = json_response(conn, 400)
+      assert error["error"] == "invalid_client"
+
+      assert error["error_description"] ==
                "Invalid client credentials provided"
     end
 

From c4e9f88e8540d237161c818b7635403b3b4b6ce9 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 23 Mar 2023 20:39:39 +0100
Subject: [PATCH 10/12] Fix front-end stuff

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .../Group/Sections/DiscussionsSection.vue     |  4 +-
 .../Group/Sections/ResourcesSection.vue       |  4 +-
 js/src/components/Resource/FolderItem.vue     |  4 +-
 js/src/composition/apollo/config.ts           |  8 ++--
 js/src/composition/apollo/discussions.ts      | 44 +++++++++++++++++++
 js/src/composition/apollo/group.ts            |  4 +-
 js/src/composition/apollo/resources.ts        | 44 +++++++++++++++++++
 js/src/composition/apollo/user.ts             |  3 +-
 js/src/graphql/discussion.ts                  | 22 ++++++++++
 js/src/graphql/group.ts                       | 43 +++++++++---------
 js/src/graphql/resources.ts                   | 31 +++++++++++++
 js/src/router/user.ts                         |  4 +-
 js/src/types/actor/actor.model.ts             |  4 +-
 .../views/Discussions/DiscussionsListView.vue | 16 ++++---
 js/src/views/Event/EditView.vue               |  2 +-
 js/src/views/Group/GroupView.vue              | 24 +++++++---
 js/src/views/Posts/PostView.vue               |  5 ++-
 js/src/views/User/LoginView.vue               | 18 ++------
 js/src/views/User/RegisterView.vue            | 18 +++-----
 js/tests/e2e/login.spec.ts                    |  2 +-
 lib/graphql/schema/actors/group.ex            |  3 +-
 lib/graphql/schema/admin.ex                   |  2 +-
 lib/graphql/schema/discussions/discussion.ex  |  3 +-
 23 files changed, 229 insertions(+), 83 deletions(-)
 create mode 100644 js/src/composition/apollo/discussions.ts
 create mode 100644 js/src/composition/apollo/resources.ts

diff --git a/js/src/components/Group/Sections/DiscussionsSection.vue b/js/src/components/Group/Sections/DiscussionsSection.vue
index e8e598672..022ef7b45 100644
--- a/js/src/components/Group/Sections/DiscussionsSection.vue
+++ b/js/src/components/Group/Sections/DiscussionsSection.vue
@@ -44,5 +44,7 @@ import GroupSection from "@/components/Group/GroupSection.vue";
 
 const { t } = useI18n({ useScope: "global" });
 
-defineProps<{ group: IGroup }>();
+defineProps<{
+  group: Pick<IGroup, "preferredUsername" | "domain" | "discussions">;
+}>();
 </script>
diff --git a/js/src/components/Group/Sections/ResourcesSection.vue b/js/src/components/Group/Sections/ResourcesSection.vue
index 938b4f514..ff07f5a60 100644
--- a/js/src/components/Group/Sections/ResourcesSection.vue
+++ b/js/src/components/Group/Sections/ResourcesSection.vue
@@ -56,5 +56,7 @@ import GroupSection from "@/components/Group/GroupSection.vue";
 
 const { t } = useI18n({ useScope: "global" });
 
-defineProps<{ group: IGroup }>();
+defineProps<{
+  group: Pick<IGroup, "preferredUsername" | "domain" | "resources">;
+}>();
 </script>
diff --git a/js/src/components/Resource/FolderItem.vue b/js/src/components/Resource/FolderItem.vue
index af0129b85..003628e64 100644
--- a/js/src/components/Resource/FolderItem.vue
+++ b/js/src/components/Resource/FolderItem.vue
@@ -46,7 +46,7 @@ import { useRouter } from "vue-router";
 import Draggable from "zhyswan-vuedraggable";
 import { IResource } from "@/types/resource";
 import RouteName from "@/router/name";
-import { IGroup, usernameWithDomain } from "@/types/actor";
+import { IMinimalActor, usernameWithDomain } from "@/types/actor";
 import ResourceDropdown from "./ResourceDropdown.vue";
 import { UPDATE_RESOURCE } from "@/graphql/resources";
 import { inject, ref } from "vue";
@@ -59,7 +59,7 @@ import { Snackbar } from "@/plugins/snackbar";
 const props = withDefaults(
   defineProps<{
     resource: IResource;
-    group: IGroup;
+    group: IMinimalActor;
     inline?: boolean;
   }>(),
   { inline: false }
diff --git a/js/src/composition/apollo/config.ts b/js/src/composition/apollo/config.ts
index 06c28a29a..ce38d596c 100644
--- a/js/src/composition/apollo/config.ts
+++ b/js/src/composition/apollo/config.ts
@@ -215,12 +215,14 @@ export function useRegistrationConfig() {
   }>(REGISTRATIONS, undefined, { fetchPolicy: "cache-only" });
 
   const registrationsOpen = computed(
-    () => result.value?.config.registrationsOpen
+    () => result.value?.config?.registrationsOpen
   );
   const registrationsAllowlist = computed(
-    () => result.value?.config.registrationsAllowlist
+    () => result.value?.config?.registrationsAllowlist
+  );
+  const databaseLogin = computed(
+    () => result.value?.config?.auth?.databaseLogin
   );
-  const databaseLogin = computed(() => result.value?.config.auth.databaseLogin);
   return {
     registrationsOpen,
     registrationsAllowlist,
diff --git a/js/src/composition/apollo/discussions.ts b/js/src/composition/apollo/discussions.ts
new file mode 100644
index 000000000..c98a35978
--- /dev/null
+++ b/js/src/composition/apollo/discussions.ts
@@ -0,0 +1,44 @@
+import { useQuery } from "@vue/apollo-composable";
+import { computed, unref } from "vue";
+import { useCurrentUserClient } from "./user";
+import type { Ref } from "vue";
+import { IGroup } from "@/types/actor";
+import { GROUP_DISCUSSIONS_LIST } from "@/graphql/discussion";
+
+export function useGroupDiscussionsList(
+  name: string | undefined | Ref<string | undefined>,
+  options?: {
+    discussionsPage?: number;
+    discussionsLimit?: number;
+  }
+) {
+  const { currentUser } = useCurrentUserClient();
+  const { result, error, loading, onResult, onError, refetch } = useQuery<
+    {
+      group: Pick<
+        IGroup,
+        "id" | "preferredUsername" | "name" | "domain" | "discussions"
+      >;
+    },
+    {
+      name: string;
+      discussionsPage?: number;
+      discussionsLimit?: number;
+    }
+  >(
+    GROUP_DISCUSSIONS_LIST,
+    () => ({
+      name: unref(name),
+      ...options,
+    }),
+    () => ({
+      enabled:
+        unref(name) !== undefined &&
+        unref(name) !== "" &&
+        currentUser.value?.isLoggedIn,
+      fetchPolicy: "cache-and-network",
+    })
+  );
+  const group = computed(() => result.value?.group);
+  return { group, error, loading, onResult, onError, refetch };
+}
diff --git a/js/src/composition/apollo/group.ts b/js/src/composition/apollo/group.ts
index 0483d5872..a59cd7eb5 100644
--- a/js/src/composition/apollo/group.ts
+++ b/js/src/composition/apollo/group.ts
@@ -2,7 +2,7 @@ import { PERSON_MEMBERSHIPS } from "@/graphql/actor";
 import {
   CREATE_GROUP,
   DELETE_GROUP,
-  FETCH_GROUP,
+  FETCH_GROUP_PUBLIC,
   LEAVE_GROUP,
   UPDATE_GROUP,
 } from "@/graphql/group";
@@ -50,7 +50,7 @@ export function useGroup(
       discussionsLimit?: number;
     }
   >(
-    FETCH_GROUP,
+    FETCH_GROUP_PUBLIC,
     () => ({
       name: unref(name),
       ...options,
diff --git a/js/src/composition/apollo/resources.ts b/js/src/composition/apollo/resources.ts
new file mode 100644
index 000000000..1f60281a6
--- /dev/null
+++ b/js/src/composition/apollo/resources.ts
@@ -0,0 +1,44 @@
+import { useQuery } from "@vue/apollo-composable";
+import { computed, unref } from "vue";
+import { useCurrentUserClient } from "./user";
+import type { Ref } from "vue";
+import { IGroup } from "@/types/actor";
+import { GROUP_RESOURCES_LIST } from "@/graphql/resources";
+
+export function useGroupResourcesList(
+  name: string | undefined | Ref<string | undefined>,
+  options?: {
+    resourcesPage?: number;
+    resourcesLimit?: number;
+  }
+) {
+  const { currentUser } = useCurrentUserClient();
+  const { result, error, loading, onResult, onError, refetch } = useQuery<
+    {
+      group: Pick<
+        IGroup,
+        "id" | "preferredUsername" | "name" | "domain" | "resources"
+      >;
+    },
+    {
+      name: string;
+      resourcesPage?: number;
+      resourcesLimit?: number;
+    }
+  >(
+    GROUP_RESOURCES_LIST,
+    () => ({
+      name: unref(name),
+      ...options,
+    }),
+    () => ({
+      enabled:
+        unref(name) !== undefined &&
+        unref(name) !== "" &&
+        currentUser.value?.isLoggedIn,
+      fetchPolicy: "cache-and-network",
+    })
+  );
+  const group = computed(() => result.value?.group);
+  return { group, error, loading, onResult, onError, refetch };
+}
diff --git a/js/src/composition/apollo/user.ts b/js/src/composition/apollo/user.ts
index 0492e9c40..4e8128eb4 100644
--- a/js/src/composition/apollo/user.ts
+++ b/js/src/composition/apollo/user.ts
@@ -18,12 +18,13 @@ export function useCurrentUserClient() {
     result: currentUserResult,
     error,
     loading,
+    onResult,
   } = useQuery<{
     currentUser: ICurrentUser;
   }>(CURRENT_USER_CLIENT);
 
   const currentUser = computed(() => currentUserResult.value?.currentUser);
-  return { currentUser, error, loading };
+  return { currentUser, error, loading, onResult };
 }
 
 export function useLoggedUser() {
diff --git a/js/src/graphql/discussion.ts b/js/src/graphql/discussion.ts
index 1d14933b7..ce886b1de 100644
--- a/js/src/graphql/discussion.ts
+++ b/js/src/graphql/discussion.ts
@@ -148,3 +148,25 @@ export const DISCUSSION_COMMENT_CHANGED = gql`
   }
   ${ACTOR_FRAGMENT}
 `;
+
+export const GROUP_DISCUSSIONS_LIST = gql`
+  query GroupDiscussionsList(
+    $name: String!
+    $discussionsPage: Int
+    $discussionsLimit: Int
+  ) {
+    group(preferredUsername: $name) {
+      id
+      preferredUsername
+      name
+      domain
+      discussions(page: $discussionsPage, limit: $discussionsLimit) {
+        total
+        elements {
+          ...DiscussionBasicFields
+        }
+      }
+    }
+  }
+  ${DISCUSSION_BASIC_FIELDS_FRAGMENT}
+`;
diff --git a/js/src/graphql/group.ts b/js/src/graphql/group.ts
index ae45ef5ad..ea188955b 100644
--- a/js/src/graphql/group.ts
+++ b/js/src/graphql/group.ts
@@ -54,8 +54,8 @@ export const LIST_GROUPS = gql`
   ${ACTOR_FRAGMENT}
 `;
 
-export const GROUP_FIELDS_FRAGMENTS = gql`
-  fragment GroupFullFields on Group {
+export const GROUP_BASIC_FIELDS_FRAGMENTS = gql`
+  fragment GroupBasicFields on Group {
     ...ActorFragment
     suspended
     visibility
@@ -137,18 +137,23 @@ export const GROUP_FIELDS_FRAGMENTS = gql`
       }
       total
     }
-    discussions(page: $discussionsPage, limit: $discussionsLimit) {
-      total
-      elements {
-        ...DiscussionBasicFields
-      }
-    }
     posts(page: $postsPage, limit: $postsLimit) {
       total
       elements {
         ...PostBasicFields
       }
     }
+  }
+  ${ACTOR_FRAGMENT}
+  ${ADDRESS_FRAGMENT}
+  ${EVENT_OPTIONS_FRAGMENT}
+  ${TAG_FRAGMENT}
+  ${POST_BASIC_FIELDS}
+`;
+
+export const GROUP_FIELDS_FRAGMENTS = gql`
+  fragment GroupFullFields on Group {
+    ...GroupBasicFields
     members(page: $membersPage, limit: $membersLimit) {
       elements {
         id
@@ -196,14 +201,13 @@ export const GROUP_FIELDS_FRAGMENTS = gql`
       total
     }
   }
-  ${ACTOR_FRAGMENT}
-  ${ADDRESS_FRAGMENT}
-  ${EVENT_OPTIONS_FRAGMENT}
-  ${TAG_FRAGMENT}
+  ${GROUP_BASIC_FIELDS_FRAGMENTS}
+  ${DISCUSSION_BASIC_FIELDS_FRAGMENT}
+  ${RESOURCE_METADATA_BASIC_FIELDS_FRAGMENT}
 `;
 
-export const FETCH_GROUP = gql`
-  query FetchGroup(
+export const FETCH_GROUP_PUBLIC = gql`
+  query FetchGroupPublic(
     $name: String!
     $afterDateTime: DateTime
     $beforeDateTime: DateTime
@@ -211,19 +215,12 @@ export const FETCH_GROUP = gql`
     $organisedEventsLimit: Int
     $postsPage: Int
     $postsLimit: Int
-    $membersPage: Int
-    $membersLimit: Int
-    $discussionsPage: Int
-    $discussionsLimit: Int
   ) {
     group(preferredUsername: $name) {
-      ...GroupFullFields
+      ...GroupBasicFields
     }
   }
-  ${GROUP_FIELDS_FRAGMENTS}
-  ${DISCUSSION_BASIC_FIELDS_FRAGMENT}
-  ${POST_BASIC_FIELDS}
-  ${RESOURCE_METADATA_BASIC_FIELDS_FRAGMENT}
+  ${GROUP_BASIC_FIELDS_FRAGMENTS}
 `;
 
 export const GET_GROUP = gql`
diff --git a/js/src/graphql/resources.ts b/js/src/graphql/resources.ts
index ecc5523eb..0a90bb6e9 100644
--- a/js/src/graphql/resources.ts
+++ b/js/src/graphql/resources.ts
@@ -161,3 +161,34 @@ export const PREVIEW_RESOURCE_LINK = gql`
   }
   ${RESOURCE_METADATA_BASIC_FIELDS_FRAGMENT}
 `;
+
+export const GROUP_RESOURCES_LIST = gql`
+  query GroupResourcesList(
+    $name: String!
+    $resourcesPage: Int
+    $resourcesLimit: Int
+  ) {
+    group(preferredUsername: $name) {
+      id
+      preferredUsername
+      name
+      domain
+      resources(page: $resourcesPage, limit: $resourcesLimit) {
+        elements {
+          id
+          title
+          resourceUrl
+          summary
+          updatedAt
+          type
+          path
+          metadata {
+            ...ResourceMetadataBasicFields
+          }
+        }
+        total
+      }
+    }
+  }
+  ${RESOURCE_METADATA_BASIC_FIELDS_FRAGMENT}
+`;
diff --git a/js/src/router/user.ts b/js/src/router/user.ts
index cd80c2973..e65590c67 100644
--- a/js/src/router/user.ts
+++ b/js/src/router/user.ts
@@ -44,7 +44,7 @@ export const userRoutes: RouteRecordRaw[] = [
     },
   },
   {
-    path: "/resend-instructions",
+    path: "/resend-instructions/:email?",
     name: UserRouteName.RESEND_CONFIRMATION,
     component: (): Promise<any> =>
       import("@/views/User/ResendConfirmation.vue"),
@@ -57,7 +57,7 @@ export const userRoutes: RouteRecordRaw[] = [
     },
   },
   {
-    path: "/password-reset/send",
+    path: "/password-reset/send/:email?",
     name: UserRouteName.SEND_PASSWORD_RESET,
     component: (): Promise<any> => import("@/views/User/SendPasswordReset.vue"),
     props: true,
diff --git a/js/src/types/actor/actor.model.ts b/js/src/types/actor/actor.model.ts
index 088fd0da6..2eab8c583 100644
--- a/js/src/types/actor/actor.model.ts
+++ b/js/src/types/actor/actor.model.ts
@@ -15,6 +15,8 @@ export interface IActor {
   type: ActorType;
 }
 
+export type IMinimalActor = Pick<IActor, "preferredUsername" | "domain">;
+
 export class Actor implements IActor {
   id?: string;
 
@@ -57,7 +59,7 @@ export class Actor implements IActor {
 }
 
 export function usernameWithDomain(
-  actor: IActor | undefined,
+  actor: IMinimalActor | undefined,
   force = false
 ): string {
   if (!actor) return "";
diff --git a/js/src/views/Discussions/DiscussionsListView.vue b/js/src/views/Discussions/DiscussionsListView.vue
index 60c718ea4..607efa379 100644
--- a/js/src/views/Discussions/DiscussionsListView.vue
+++ b/js/src/views/Discussions/DiscussionsListView.vue
@@ -77,10 +77,9 @@ import { displayName, usernameWithDomain } from "@/types/actor";
 import DiscussionListItem from "@/components/Discussion/DiscussionListItem.vue";
 import RouteName from "../../router/name";
 import { MemberRole } from "@/types/enums";
-
+import { useGroupDiscussionsList } from "@/composition/apollo/discussions";
 import { IMember } from "@/types/actor/member.model";
 import EmptyContent from "@/components/Utils/EmptyContent.vue";
-import { useGroup } from "@/composition/apollo/group";
 import { usePersonStatusGroup } from "@/composition/apollo/actor";
 import { useI18n } from "vue-i18n";
 import { useRouteQuery, integerTransformer } from "vue-use-route-query";
@@ -92,10 +91,13 @@ const DISCUSSIONS_PER_PAGE = 10;
 
 const props = defineProps<{ preferredUsername: string }>();
 
-const { group, loading: groupLoading } = useGroup(props.preferredUsername, {
-  discussionsPage: page.value,
-  discussionsLimit: DISCUSSIONS_PER_PAGE,
-});
+const { group, loading: groupLoading } = useGroupDiscussionsList(
+  props.preferredUsername,
+  {
+    discussionsPage: page.value,
+    discussionsLimit: DISCUSSIONS_PER_PAGE,
+  }
+);
 
 const { person, loading: personLoading } = usePersonStatusGroup(
   props.preferredUsername
@@ -109,7 +111,7 @@ useHead({
 
 const groupMemberships = computed((): (string | undefined)[] => {
   if (!person.value || !person.value.id) return [];
-  return person.value.memberships.elements
+  return (person.value.memberships?.elements ?? [])
     .filter(
       (membership: IMember) =>
         ![
diff --git a/js/src/views/Event/EditView.vue b/js/src/views/Event/EditView.vue
index d917583fa..cbe8791ee 100644
--- a/js/src/views/Event/EditView.vue
+++ b/js/src/views/Event/EditView.vue
@@ -649,7 +649,7 @@ const FullAddressAutoComplete = defineAsyncComponent(
 //     },
 //   },
 //   group: {
-//     query: FETCH_GROUP,
+//     query: FETCH_GROUP_PUBLIC,
 //     fetchPolicy: "cache-and-network",
 //     variables() {
 //       return {
diff --git a/js/src/views/Group/GroupView.vue b/js/src/views/Group/GroupView.vue
index 4b2b06d2e..775820624 100644
--- a/js/src/views/Group/GroupView.vue
+++ b/js/src/views/Group/GroupView.vue
@@ -73,9 +73,9 @@
                   t(
                     "{count} members",
                     {
-                      count: group.members.total,
+                      count: group.members?.total,
                     },
-                    group.members.total
+                    group.members?.total
                   )
                 }}
                 <router-link
@@ -388,9 +388,9 @@
       <!-- Private things -->
       <div class="flex-1 m-0 flex flex-col flex-wrap gap-2">
         <!-- Group discussions -->
-        <Discussions :group="group" class="flex-1" />
+        <Discussions :group="discussionGroup ?? group" class="flex-1" />
         <!-- Resources -->
-        <Resources :group="group" class="flex-1" />
+        <Resources :group="resourcesGroup ?? group" class="flex-1" />
       </div>
       <!-- Public things -->
       <div class="flex-1 m-0 flex flex-col flex-wrap gap-2">
@@ -452,9 +452,9 @@
               t(
                 "{count} members",
                 {
-                  count: group.members.total,
+                  count: group.members?.total,
                 },
-                group.members.total
+                group.members?.total
               )
             }}
           </event-metadata-block>
@@ -671,6 +671,7 @@ import { useAnonymousReportsConfig } from "../../composition/apollo/config";
 import { computed, defineAsyncComponent, inject, ref, watch } from "vue";
 import { useCurrentActorClient } from "@/composition/apollo/actor";
 import { useGroup, useLeaveGroup } from "@/composition/apollo/group";
+import { useGroupDiscussionsList } from "@/composition/apollo/discussions";
 import { useRouter } from "vue-router";
 import { useMutation, useQuery } from "@vue/apollo-composable";
 import AccountGroup from "vue-material-design-icons/AccountGroup.vue";
@@ -691,6 +692,7 @@ import Posts from "@/components/Group/Sections/PostsSection.vue";
 import Events from "@/components/Group/Sections/EventsSection.vue";
 import { Dialog } from "@/plugins/dialog";
 import { Notifier } from "@/plugins/notifier";
+import { useGroupResourcesList } from "@/composition/apollo/resources";
 
 const props = defineProps<{
   preferredUsername: string;
@@ -705,6 +707,14 @@ const {
 } = useGroup(props.preferredUsername, { afterDateTime: new Date() });
 const router = useRouter();
 
+const { group: discussionGroup } = useGroupDiscussionsList(
+  props.preferredUsername
+);
+const { group: resourcesGroup } = useGroupResourcesList(
+  props.preferredUsername,
+  { resourcesPage: 1, resourcesLimit: 3 }
+);
+
 const { t } = useI18n({ useScope: "global" });
 
 // const { person } = usePersonStatusGroup(group);
@@ -1037,7 +1047,7 @@ const isCurrentActorOnADifferentDomainThanGroup = computed((): boolean => {
 
 const members = computed((): IMember[] => {
   return (
-    group.value?.members.elements.filter(
+    (group.value?.members?.elements ?? []).filter(
       (member: IMember) =>
         ![
           MemberRole.INVITED,
diff --git a/js/src/views/Posts/PostView.vue b/js/src/views/Posts/PostView.vue
index bcb2332e1..8aacfecb4 100644
--- a/js/src/views/Posts/PostView.vue
+++ b/js/src/views/Posts/PostView.vue
@@ -290,7 +290,10 @@ const { result: membershipsResult, loading: membershipsLoading } = useQuery<{
 }>(
   PERSON_MEMBERSHIPS,
   () => ({ id: currentActor.value?.id }),
-  () => ({ enabled: currentActor.value?.id !== undefined })
+  () => ({
+    enabled:
+      currentActor.value?.id !== undefined && currentActor.value?.id !== null,
+  })
 );
 const memberships = computed(() => membershipsResult.value?.person.memberships);
 
diff --git a/js/src/views/User/LoginView.vue b/js/src/views/User/LoginView.vue
index 115c73559..c5645cc5b 100644
--- a/js/src/views/User/LoginView.vue
+++ b/js/src/views/User/LoginView.vue
@@ -106,7 +106,7 @@
             variant="text"
             :to="{
               name: RouteName.REGISTER,
-              params: {
+              query: {
                 default_email: credentials.email,
                 default_password: credentials.password,
               },
@@ -143,14 +143,6 @@ import { LoginError, LoginErrorCode } from "@/types/enums";
 import { useCurrentUserClient } from "@/composition/apollo/user";
 import { useHead } from "@vueuse/head";
 
-const props = withDefaults(
-  defineProps<{
-    email?: string;
-    password?: string;
-  }>(),
-  { email: "", password: "" }
-);
-
 const { t } = useI18n({ useScope: "global" });
 const router = useRouter();
 const route = useRoute();
@@ -177,8 +169,9 @@ const errors = ref<string[]>([]);
 const submitted = ref(false);
 
 const credentials = reactive({
-  email: "",
-  password: "",
+  email: typeof route.query.email === "string" ? route.query.email : "",
+  password:
+    typeof route.query.password === "string" ? route.query.password : "",
 });
 
 const redirect = ref<string | undefined>("");
@@ -298,9 +291,6 @@ const currentProvider = computed(() => {
 });
 
 onMounted(() => {
-  credentials.email = props.email;
-  credentials.password = props.password;
-
   const query = route?.query;
   errorCode.value = query?.code as LoginErrorCode;
   redirect.value = query?.redirect as string | undefined;
diff --git a/js/src/views/User/RegisterView.vue b/js/src/views/User/RegisterView.vue
index 1f138cdae..2a7857b9f 100644
--- a/js/src/views/User/RegisterView.vue
+++ b/js/src/views/User/RegisterView.vue
@@ -181,7 +181,7 @@
               variant="text"
               :to="{
                 name: RouteName.LOGIN,
-                params: {
+                query: {
                   email: credentials.email,
                   password: credentials.password,
                 },
@@ -212,7 +212,7 @@ import AuthProviders from "../../components/User/AuthProviders.vue";
 import { computed, reactive, ref, watch } from "vue";
 import { useMutation, useQuery } from "@vue/apollo-composable";
 import { useI18n } from "vue-i18n";
-import { useRouter } from "vue-router";
+import { useRoute, useRouter } from "vue-router";
 import { useHead } from "@vueuse/head";
 import { AbsintheGraphQLErrors } from "@/types/errors.model";
 
@@ -221,6 +221,7 @@ type errorMessage = { type: errorType; message: string };
 type credentialsType = { email: string; password: string; locale: string };
 
 const { t, locale } = useI18n({ useScope: "global" });
+const route = useRoute();
 const router = useRouter();
 
 const { result: configResult } = useQuery<{ config: IConfig }>(CONFIG);
@@ -229,17 +230,10 @@ const config = computed(() => configResult.value?.config);
 
 const showGravatar = ref(false);
 
-const props = withDefaults(
-  defineProps<{
-    email?: string;
-    password?: string;
-  }>(),
-  { email: "", password: "" }
-);
-
 const credentials = reactive<credentialsType>({
-  email: props.email,
-  password: props.password,
+  email: typeof route.query.email === "string" ? route.query.email : "",
+  password:
+    typeof route.query.password === "string" ? route.query.password : "",
   locale: "en",
 });
 
diff --git a/js/tests/e2e/login.spec.ts b/js/tests/e2e/login.spec.ts
index 85ecc31ed..8e74aa32b 100644
--- a/js/tests/e2e/login.spec.ts
+++ b/js/tests/e2e/login.spec.ts
@@ -36,7 +36,7 @@ test("Login has everything we need", async ({ page }) => {
   await page.goBack();
 
   await registerLink.click();
-  await page.waitForURL("/register/user");
+  await page.waitForURL("/register/user?default_email=&default_password=");
   expect(page.url()).toContain("/register/user");
   await page.goBack();
 });
diff --git a/lib/graphql/schema/actors/group.ex b/lib/graphql/schema/actors/group.ex
index 804c3fda9..adfe41afe 100644
--- a/lib/graphql/schema/actors/group.ex
+++ b/lib/graphql/schema/actors/group.ex
@@ -80,8 +80,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
     )
 
     # This one should have a privacy setting
-    field :organized_events, :paginated_event_list,
-      meta: [private: true, rule: :"read:group:events"] do
+    field :organized_events, :paginated_event_list do
       arg(:after_datetime, :datetime,
         default_value: nil,
         description: "Filter events that begin after this datetime"
diff --git a/lib/graphql/schema/admin.ex b/lib/graphql/schema/admin.ex
index ec432a08a..97e428ffc 100644
--- a/lib/graphql/schema/admin.ex
+++ b/lib/graphql/schema/admin.ex
@@ -85,7 +85,7 @@ defmodule Mobilizon.GraphQL.Schema.AdminType do
   Language information
   """
   object :language do
-    meta(:authorize, :administrator)
+    meta(:authorize, :all)
     field(:code, :string, description: "The iso-639-3 language code")
     field(:name, :string, description: "The language name")
   end
diff --git a/lib/graphql/schema/discussions/discussion.ex b/lib/graphql/schema/discussions/discussion.ex
index b13ae6a9d..bed070a95 100644
--- a/lib/graphql/schema/discussions/discussion.ex
+++ b/lib/graphql/schema/discussions/discussion.ex
@@ -51,7 +51,8 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.DiscussionType do
       middleware(Rajska.QueryAuthorization,
         permit: :user,
         scope: Mobilizon.Discussions.Discussion,
-        rule: :"read:group:discussions"
+        rule: :"read:group:discussions",
+        args: %{slug: :slug}
       )
 
       resolve(&Discussion.get_discussion/3)

From c07ba3a5d19c419ef8aaf3ea9ca6e7f48e4f4487 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 24 Mar 2023 12:13:42 +0100
Subject: [PATCH 11/12] Add rate-limiting on queries with Hammer

Closes #67

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .sobelow-skips                                |   3 +-
 config/config.exs                             |   3 +
 lib/graphql/authorization.ex                  |   3 +
 lib/graphql/schema/event.ex                   |   8 ++
 lib/graphql/schema/media.ex                   |   8 ++
 lib/graphql/schema/user.ex                    |  23 +++-
 lib/service/auth/applications.ex              |   3 +
 lib/web/controllers/application_controller.ex | 110 +++++++++++++-----
 mix.exs                                       |   3 +-
 mix.lock                                      |   4 +-
 test/graphql/resolvers/user_test.exs          |   1 +
 .../application_controller_test.exs           |  50 +++++++-
 12 files changed, 183 insertions(+), 36 deletions(-)

diff --git a/.sobelow-skips b/.sobelow-skips
index 3e438cb32..840e346bb 100644
--- a/.sobelow-skips
+++ b/.sobelow-skips
@@ -39,4 +39,5 @@ FE1EEB91EA633570F703B251AE2D4D4E
 759F752FA0768CCC7871895DC2A5CD51
 7EEC79571F3F7CEEB04A8B86D908382A
 E7967805C1EA5301F2722C7BDB2F25F3
-BDFB0FB1AAF69C18212CBCFD42F8B717
\ No newline at end of file
+BDFB0FB1AAF69C18212CBCFD42F8B717
+40220A533CCACB3A1CE9DBF1A8A430A1
\ No newline at end of file
diff --git a/config/config.exs b/config/config.exs
index ede8c0179..67536ba98 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -321,6 +321,9 @@ config :mobilizon, Oban,
     {Oban.Plugins.Pruner, max_age: 300}
   ]
 
+config :hammer,
+  backend: {Hammer.Backend.ETS, [expiry_ms: 60_000 * 60 * 4, cleanup_interval_ms: 60_000 * 10]}
+
 config :mobilizon, :rich_media,
   parsers: [
     Mobilizon.Service.RichMedia.Parsers.OEmbed,
diff --git a/lib/graphql/authorization.ex b/lib/graphql/authorization.ex
index c0bf78224..c30675dd9 100644
--- a/lib/graphql/authorization.ex
+++ b/lib/graphql/authorization.ex
@@ -44,6 +44,9 @@ defmodule Mobilizon.GraphQL.Authorization do
   def get_user_role(%{role: role}), do: role
   def get_user_role(nil), do: nil
 
+  @impl true
+  def get_ip(%{ip: ip}), do: ip
+
   @impl true
   def unauthorized_message(resolution) do
     case Map.get(resolution.context, :current_user) do
diff --git a/lib/graphql/schema/event.ex b/lib/graphql/schema/event.ex
index efea17154..a44294ef6 100644
--- a/lib/graphql/schema/event.ex
+++ b/lib/graphql/schema/event.ex
@@ -15,6 +15,9 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
   import_types(Schema.Events.ParticipantType)
   import_types(Schema.TagType)
 
+  @env Application.compile_env(:mobilizon, :env)
+  @event_rate_limiting 60
+
   @desc "An event"
   object :event do
     meta(:authorize, :all)
@@ -437,6 +440,8 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
         args: %{organizer_actor_id: :organizer_actor_id}
       )
 
+      middleware(Rajska.RateLimiter, limit: event_rate_limiting(@env))
+
       resolve(&Event.create_event/3)
     end
 
@@ -505,4 +510,7 @@ defmodule Mobilizon.GraphQL.Schema.EventType do
       resolve(&Event.delete_event/3)
     end
   end
+
+  defp event_rate_limiting(:test), do: @event_rate_limiting * 1000
+  defp event_rate_limiting(_), do: @event_rate_limiting
 end
diff --git a/lib/graphql/schema/media.ex b/lib/graphql/schema/media.ex
index 72a1f5e4b..7e77b9fcb 100644
--- a/lib/graphql/schema/media.ex
+++ b/lib/graphql/schema/media.ex
@@ -6,6 +6,9 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
 
   alias Mobilizon.GraphQL.Resolvers.Media
 
+  @env Application.compile_env(:mobilizon, :env)
+  @media_rate_limiting 60
+
   @desc "A media"
   object :media do
     meta(:authorize, :all)
@@ -77,6 +80,8 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
         args: %{}
       )
 
+      middleware(Rajska.RateLimiter, limit: media_rate_limiting(@env))
+
       resolve(&Media.upload_media/3)
     end
 
@@ -95,4 +100,7 @@ defmodule Mobilizon.GraphQL.Schema.MediaType do
       resolve(&Media.remove_media/3)
     end
   end
+
+  defp media_rate_limiting(:test), do: @media_rate_limiting * 1000
+  defp media_rate_limiting(_), do: @media_rate_limiting
 end
diff --git a/lib/graphql/schema/user.ex b/lib/graphql/schema/user.ex
index 47f927dac..9fc640538 100644
--- a/lib/graphql/schema/user.ex
+++ b/lib/graphql/schema/user.ex
@@ -7,12 +7,17 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
   import Absinthe.Resolution.Helpers, only: [dataloader: 2]
 
   alias Mobilizon.Events
-  alias Mobilizon.GraphQL.Resolvers.{Application, Media, User}
+  alias Mobilizon.GraphQL.Resolvers.Application, as: ApplicationResolver
+  alias Mobilizon.GraphQL.Resolvers.{Media, User}
   alias Mobilizon.GraphQL.Resolvers.Users.ActivitySettings
   alias Mobilizon.GraphQL.Schema
 
   import_types(Schema.SortType)
 
+  @env Application.compile_env(:mobilizon, :env)
+  @user_ip_limit 10
+  @user_email_limit 5
+
   @desc "A local user of Mobilizon"
   object :user do
     meta(:authorize, :all)
@@ -180,7 +185,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       description: "The user's authorized authentication apps",
       meta: [private: true, rule: :forbid_app_access]
     ) do
-      resolve(&Application.get_user_applications/3)
+      resolve(&ApplicationResolver.get_user_applications/3)
     end
   end
 
@@ -331,6 +336,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       arg(:password, non_null(:string), description: "The new user's password")
       arg(:locale, :string, description: "The new user's locale")
       middleware(Rajska.QueryAuthorization, permit: :all)
+      middleware(Rajska.RateLimiter, limit: user_ip_limiter(@env))
+      middleware(Rajska.RateLimiter, keys: :email, limit: user_email_limiter(@env))
       resolve(&User.create_user/3)
     end
 
@@ -349,6 +356,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       arg(:email, non_null(:string), description: "The email used to register")
       arg(:locale, :string, description: "The user's locale")
       middleware(Rajska.QueryAuthorization, permit: :all)
+      middleware(Rajska.RateLimiter, limit: user_ip_limiter(@env))
+      middleware(Rajska.RateLimiter, keys: :email, limit: user_email_limiter(@env))
       resolve(&User.resend_confirmation_email/3)
     end
 
@@ -357,6 +366,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       arg(:email, non_null(:string), description: "The user's email")
       arg(:locale, :string, description: "The user's locale")
       middleware(Rajska.QueryAuthorization, permit: :all)
+      middleware(Rajska.RateLimiter, limit: user_ip_limiter(@env))
+      middleware(Rajska.RateLimiter, keys: :email, limit: user_email_limiter(@env))
       resolve(&User.send_reset_password/3)
     end
 
@@ -377,6 +388,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       arg(:email, non_null(:string), description: "The user's email")
       arg(:password, non_null(:string), description: "The user's password")
       middleware(Rajska.QueryAuthorization, permit: :all)
+      middleware(Rajska.RateLimiter, limit: user_ip_limiter(@env))
+      middleware(Rajska.RateLimiter, keys: :email, limit: user_email_limiter(@env))
       resolve(&User.login_user/3)
     end
 
@@ -480,4 +493,10 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       resolve(&User.update_locale/3)
     end
   end
+
+  defp user_ip_limiter(:test), do: @user_ip_limit * 1000
+  defp user_ip_limiter(_), do: @user_ip_limit
+
+  defp user_email_limiter(:test), do: @user_email_limit * 1000
+  defp user_email_limiter(_), do: @user_email_limit
 end
diff --git a/lib/service/auth/applications.ex b/lib/service/auth/applications.ex
index c5031c1ef..52c22092a 100644
--- a/lib/service/auth/applications.ex
+++ b/lib/service/auth/applications.ex
@@ -230,6 +230,9 @@ defmodule Mobilizon.Service.Auth.Applications do
       %ApplicationDeviceActivation{status: :access_denied} ->
         {:error, :access_denied}
 
+      %ApplicationDeviceActivation{status: :pending} ->
+        {:error, :pending, @device_code_interval}
+
       nil ->
         {:error, :incorrect_device_code}
 
diff --git a/lib/web/controllers/application_controller.ex b/lib/web/controllers/application_controller.ex
index cf695fa79..ef5067da4 100644
--- a/lib/web/controllers/application_controller.ex
+++ b/lib/web/controllers/application_controller.ex
@@ -15,42 +15,63 @@ defmodule Mobilizon.Web.ApplicationController do
         conn,
         %{"name" => name, "redirect_uris" => redirect_uris, "scope" => scope} = args
       ) do
-    case Applications.create(
-           name,
-           String.split(redirect_uris, "\n"),
-           scope,
-           Map.get(args, "website")
+    ip = conn.remote_ip |> :inet.ntoa() |> to_string()
+
+    case Hammer.check_rate(
+           "create_application:#{ip}",
+           60_000,
+           10
          ) do
-      {:ok, %Application{} = app} ->
-        conn
-        |> Plug.Conn.put_resp_header("cache-control", "no-store")
-        |> json(
-          Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
-        )
-
-      {:error, :invalid_scope} ->
-        conn
-        |> Plug.Conn.put_status(400)
-        |> json(%{
-          "error" => "invalid_scope",
-          "error_description" =>
-            dgettext(
-              "errors",
-              "The scope parameter is not a space separated list of valid scopes"
+      {:allow, _} ->
+        case Applications.create(
+               name,
+               String.split(redirect_uris, "\n"),
+               scope,
+               Map.get(args, "website")
+             ) do
+          {:ok, %Application{} = app} ->
+            conn
+            |> Plug.Conn.put_resp_header("cache-control", "no-store")
+            |> json(
+              Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
             )
-        })
 
-      {:error, error} ->
-        Logger.error(inspect(error))
+          {:error, :invalid_scope} ->
+            conn
+            |> Plug.Conn.put_status(400)
+            |> json(%{
+              "error" => "invalid_scope",
+              "error_description" =>
+                dgettext(
+                  "errors",
+                  "The scope parameter is not a space separated list of valid scopes"
+                )
+            })
 
+          {:error, error} ->
+            Logger.error(inspect(error))
+
+            conn
+            |> Plug.Conn.put_status(500)
+            |> json(%{
+              "error" => "server_error",
+              "error_description" =>
+                dgettext(
+                  "errors",
+                  "Impossible to create application."
+                )
+            })
+        end
+
+      {:deny, _} ->
         conn
-        |> Plug.Conn.put_status(500)
+        |> Plug.Conn.put_status(429)
         |> json(%{
-          "error" => "server_error",
+          "error" => "slow_down",
           "error_description" =>
             dgettext(
               "errors",
-              "Impossible to create application."
+              "Too many requests"
             )
         })
     end
@@ -148,7 +169,7 @@ defmodule Mobilizon.Web.ApplicationController do
           "error_description" =>
             dgettext(
               "errors",
-              "No application with this client_id was found"
+              "No application was found with this client_id"
             )
         })
 
@@ -231,6 +252,37 @@ defmodule Mobilizon.Web.ApplicationController do
             )
         })
 
+      {:error, :pending, interval} ->
+        case Hammer.check_rate(
+               "generate_device_access_token:#{client_id}:#{device_code}",
+               interval * 1_000,
+               1
+             ) do
+          {:allow, _} ->
+            conn
+            |> Plug.Conn.put_status(400)
+            |> json(%{
+              "error" => "authorization_pending",
+              "error_description" =>
+                dgettext(
+                  "errors",
+                  "The authorization request is still pending"
+                )
+            })
+
+          {:deny, _} ->
+            conn
+            |> Plug.Conn.put_status(400)
+            |> json(%{
+              "error" => "slow_down",
+              "error_description" =>
+                dgettext(
+                  "errors",
+                  "Please slow down the rate of your requests"
+                )
+            })
+        end
+
       {:error, :access_denied} ->
         conn
         |> Plug.Conn.put_status(400)
@@ -247,7 +299,7 @@ defmodule Mobilizon.Web.ApplicationController do
         conn
         |> Plug.Conn.put_status(400)
         |> json(%{
-          "error" => "invalid_grant",
+          "error" => "expired_token",
           "error_description" =>
             dgettext(
               "errors",
diff --git a/mix.exs b/mix.exs
index a81301eec..4d44498e0 100644
--- a/mix.exs
+++ b/mix.exs
@@ -210,7 +210,8 @@ defmodule Mobilizon.Mixfile do
       {:unplug, "~> 1.0.0"},
       {:replug, "~> 0.1.0"},
       {:exkismet, github: "tcitworld/exkismet"},
-      {:rajska, github: "churcho/rajska", branch: "fix/update-absinthe"},
+      {:rajska, github: "tcitworld/rajska", branch: "mobilizon"},
+      {:hammer, "~> 6.1"},
       # Dev and test dependencies
       {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
       {:ex_machina, "~> 2.3", only: [:dev, :test]},
diff --git a/mix.lock b/mix.lock
index ae55d543f..dfbabde3c 100644
--- a/mix.lock
+++ b/mix.lock
@@ -71,6 +71,7 @@
   "guardian_db": {:hex, :guardian_db, "2.1.0", "ec95a9d99cdd1e550555d09a7bb4a340d8887aad0697f594590c2fd74be02426", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:guardian, "~> 1.0 or ~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "f8e7d543ac92c395f3a7fd5acbe6829faeade57d688f7562e2f0fca8f94a0d70"},
   "guardian_phoenix": {:hex, :guardian_phoenix, "2.0.1", "89a817265af09a6ddf7cb1e77f17ffca90cea2db10ff888375ef34502b2731b1", [:mix], [{:guardian, "~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.3", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "21f439246715192b231f228680465d1ed5fbdf01555a4a3b17165532f5f9a08c"},
   "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~> 2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
+  "hammer": {:hex, :hammer, "6.1.0", "f263e3c3e9946bd410ea0336b2abe0cb6260af4afb3a221e1027540706e76c55", [:make, :mix], [{:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}], "hexpm", "b47e415a562a6d072392deabcd58090d8a41182cf9044cdd6b0d0faaaf68ba57"},
   "haversine": {:hex, :haversine, "0.1.0", "14240e90dae07c9459f538d12a811492f655d95fc68f999403503b4f6c4ec522", [:mix], [], "hexpm", "54dc48e895bc18a59437a37026c873634e17b648a64cb87bfafb96f64d607060"},
   "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},
   "http_signatures": {:hex, :http_signatures, "0.1.1", "ca7ebc1b61542b163644c8c3b1f0e0f41037d35f2395940d3c6c7deceab41fd8", [:mix], [], "hexpm", "cc3b8a007322cc7b624c0c15eec49ee58ac977254ff529a3c482f681465942a3"},
@@ -117,9 +118,10 @@
   "plug": {:hex, :plug, "1.14.1", "3148623796853ae96c628960b833bf6b6a894d6bdc8c199ef7160c41149b71f2", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "a0e789be21a576b11ec55a0983e4e8f7c7b07d88dfb3b8da9e97767132271d40"},
   "plug_cowboy": {:hex, :plug_cowboy, "2.6.1", "9a3bbfceeb65eff5f39dab529e5cd79137ac36e913c02067dba3963a26efe9b2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "de36e1a21f451a18b790f37765db198075c25875c64834bcc82d90b309eb6613"},
   "plug_crypto": {:hex, :plug_crypto, "1.2.5", "918772575e48e81e455818229bf719d4ab4181fcbf7f85b68a35620f78d89ced", [:mix], [], "hexpm", "26549a1d6345e2172eb1c233866756ae44a9609bd33ee6f99147ab3fd87fd842"},
+  "poolboy": {:hex, :poolboy, "1.5.2", "392b007a1693a64540cead79830443abf5762f5d30cf50bc95cb2c1aaafa006b", [:rebar3], [], "hexpm", "dad79704ce5440f3d5a3681c8590b9dc25d1a561e8f5a9c995281012860901e3"},
   "postgrex": {:hex, :postgrex, "0.16.5", "fcc4035cc90e23933c5d69a9cd686e329469446ef7abba2cf70f08e2c4b69810", [:mix], [{:connection, "~> 1.1", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:table, "~> 0.1.0", [hex: :table, repo: "hexpm", optional: true]}], "hexpm", "edead639dc6e882618c01d8fc891214c481ab9a3788dfe38dd5e37fd1d5fb2e8"},
   "progress_bar": {:hex, :progress_bar, "2.0.1", "7b40200112ae533d5adceb80ff75fbe66dc753bca5f6c55c073bfc122d71896d", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "2519eb58a2f149a3a094e729378256d8cb6d96a259ec94841bd69fdc71f18f87"},
-  "rajska": {:git, "https://github.com/churcho/rajska.git", "5da424969d5f40dcab690d3a25b248f85f712823", [branch: "fix/update-absinthe"]},
+  "rajska": {:git, "https://github.com/tcitworld/rajska.git", "0c036448e261e8be6a512581c592fadf48982d84", [branch: "mobilizon"]},
   "ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"},
   "remote_ip": {:hex, :remote_ip, "1.1.0", "cb308841595d15df3f9073b7c39243a1dd6ca56e5020295cb012c76fbec50f2d", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "616ffdf66aaad6a72fc546dabf42eed87e2a99e97b09cbd92b10cc180d02ed74"},
   "replug": {:hex, :replug, "0.1.0", "61d35f8c873c0078a23c49579a48f36e45789414b1ec0daee3fd5f4e34221f23", [:mix], [{:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f71f7a57e944e854fe4946060c6964098e53958074c69fb844b96e0bd58cfa60"},
diff --git a/test/graphql/resolvers/user_test.exs b/test/graphql/resolvers/user_test.exs
index 0dd1affb1..5581ff5bc 100644
--- a/test/graphql/resolvers/user_test.exs
+++ b/test/graphql/resolvers/user_test.exs
@@ -384,6 +384,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
           variables: @user_creation
         )
 
+      assert res["errors"] == nil
       assert res["data"]["createUser"]["email"] == @user_creation.email
 
       res =
diff --git a/test/web/controllers/application_controller_test.exs b/test/web/controllers/application_controller_test.exs
index 6e12c661d..196791ade 100644
--- a/test/web/controllers/application_controller_test.exs
+++ b/test/web/controllers/application_controller_test.exs
@@ -108,7 +108,7 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
 
       assert error = json_response(conn, 400)
       assert error["error"] == "invalid_client"
-      assert error["error_description"] == "No application with this client_id was found"
+      assert error["error_description"] == "No application was found with this client_id"
     end
 
     test "with a scope not matching app registered scopes", %{conn: conn} do
@@ -277,12 +277,58 @@ defmodule Mobilizon.Web.ApplicationControllerTest do
         )
 
       assert error = json_response(conn, 400)
-      assert error["error"] == "invalid_grant"
+      assert error["error"] == "expired_token"
 
       assert error["error_description"] ==
                "The given device_code has expired"
     end
 
+    test "with a pending authorization", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, app} =
+        Applications.create("My app", ["hello"], "write:event:create write:event:update")
+
+      assert {:ok, _res} =
+               Mobilizon.Applications.create_application_device_activation(%{
+                 device_code: "hello",
+                 user_code: "world",
+                 expires_in: 600,
+                 application_id: app.id,
+                 scope: "write:event:create write:event:update",
+                 status: "pending",
+                 user_id: user.id
+               })
+
+      conn =
+        conn
+        |> Plug.Conn.put_req_header("accept", "application/json")
+        |> post("/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      error = json_response(conn, 400)
+
+      assert error["error"] == "authorization_pending"
+      assert error["error_description"] == "The authorization request is still pending"
+
+      conn =
+        Phoenix.ConnTest.build_conn()
+        |> Plug.Conn.put_req_header("accept", "application/json")
+        |> post("/oauth/token",
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          client_id: app.client_id,
+          device_code: "hello"
+        )
+
+      error = json_response(conn, 400)
+
+      assert error["error"] == "slow_down"
+      assert error["error_description"] == "Please slow down the rate of your requests"
+    end
+
     test "with valid params as JSON", %{conn: conn} do
       user = insert(:user)
 

From c4fd0e062a4fabdefa7d00d5b44286dbb0cfbd6c Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 24 Mar 2023 14:38:07 +0100
Subject: [PATCH 12/12] Extract new backend error strings

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 priv/gettext/ar/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/be/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/ca/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/cs/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/de/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/en/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/errors.pot                    | 212 +++++++-
 priv/gettext/es/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/fi/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/fr/LC_MESSAGES/errors.po      | 559 ++++++++++++++++++---
 priv/gettext/gd/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/gl/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/he/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/hr/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/hu/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/id/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/it/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/ja/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/nb_NO/LC_MESSAGES/errors.po   | 212 +++++++-
 priv/gettext/nl/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/nn/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/oc/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/pl/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/pt/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/pt_BR/LC_MESSAGES/errors.po   | 212 +++++++-
 priv/gettext/ru/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/sv/LC_MESSAGES/errors.po      | 212 +++++++-
 priv/gettext/zh_Hant/LC_MESSAGES/errors.po | 212 +++++++-
 28 files changed, 5845 insertions(+), 438 deletions(-)

diff --git a/priv/gettext/ar/LC_MESSAGES/errors.po b/priv/gettext/ar/LC_MESSAGES/errors.po
index 094c77b33..ae78a4e51 100644
--- a/priv/gettext/ar/LC_MESSAGES/errors.po
+++ b/priv/gettext/ar/LC_MESSAGES/errors.po
@@ -140,7 +140,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -395,7 +395,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -417,7 +417,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -569,7 +569,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -782,48 +782,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1176,3 +1176,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/be/LC_MESSAGES/errors.po b/priv/gettext/be/LC_MESSAGES/errors.po
index 078cbbb6c..cecf8d174 100644
--- a/priv/gettext/be/LC_MESSAGES/errors.po
+++ b/priv/gettext/be/LC_MESSAGES/errors.po
@@ -114,7 +114,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -369,7 +369,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -391,7 +391,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -543,7 +543,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -756,48 +756,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1150,3 +1150,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/ca/LC_MESSAGES/errors.po b/priv/gettext/ca/LC_MESSAGES/errors.po
index 34d400543..ddb8be47c 100644
--- a/priv/gettext/ca/LC_MESSAGES/errors.po
+++ b/priv/gettext/ca/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "El perfil actual no administra el grup seleccionat"
 msgid "Error while saving user settings"
 msgstr "No s'han pogut desar les preferències"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -370,7 +370,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -392,7 +392,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -544,7 +544,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -757,48 +757,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1151,3 +1151,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/cs/LC_MESSAGES/errors.po b/priv/gettext/cs/LC_MESSAGES/errors.po
index 612146c36..e3019a037 100644
--- a/priv/gettext/cs/LC_MESSAGES/errors.po
+++ b/priv/gettext/cs/LC_MESSAGES/errors.po
@@ -121,7 +121,7 @@ msgstr "Aktuální profil není správcem vybrané skupiny"
 msgid "Error while saving user settings"
 msgstr "Chyba při ukládání uživatelských nastavení"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -380,7 +380,7 @@ msgstr "Nelze odstranit poslední identitu uživatele"
 msgid "Comment is already deleted"
 msgstr "Komentář je již smazán"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -402,7 +402,7 @@ msgstr "Chyba při aktualizaci hlášení"
 msgid "Event id not found"
 msgstr "Id události nebylo nalezeno"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -554,7 +554,7 @@ msgstr "Token neexistuje"
 msgid "Token is not a valid UUID"
 msgstr "Token není platný UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Uživatel nebyl nalezen"
@@ -774,48 +774,48 @@ msgstr "Registrační token je již používán, vypadá to na problém na naš
 msgid "This email is already used."
 msgstr "Tento e-mail je již použit."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Příspěvek nebyl nalezen"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Neplatné předané argumenty"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Neplatné pověření"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Obnovení hesla pro přihlášení"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Zdroj nebyl nalezen"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Něco se pokazilo"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Neznámý zdroj"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "K tomu nemáte oprávnění"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Musíte být přihlášeni"
@@ -1175,3 +1175,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Chyba při ukládání zprávy"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Komentář nebyl nalezen"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/de/LC_MESSAGES/errors.po b/priv/gettext/de/LC_MESSAGES/errors.po
index ef4c8272d..7a3fcbec0 100644
--- a/priv/gettext/de/LC_MESSAGES/errors.po
+++ b/priv/gettext/de/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "Aktuelles Profil ist kein Administrator der ausgewählten Gruppe"
 msgid "Error while saving user settings"
 msgstr "Fehler beim Speichern von Benutzereinstellungen"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -378,7 +378,7 @@ msgstr "Kann die letzte Identität eines Benutzers nicht entfernen"
 msgid "Comment is already deleted"
 msgstr "Kommentar ist bereits gelöscht"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -400,7 +400,7 @@ msgstr "Fehler beim Aktualisieren des Reports"
 msgid "Event id not found"
 msgstr "Veranstaltungs-ID nicht gefunden"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -554,7 +554,7 @@ msgstr "Token existiert nicht"
 msgid "Token is not a valid UUID"
 msgstr "Token ist keine gültige UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "User nicht gefunden"
@@ -784,48 +784,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Diese E-Mail wird bereits verwendet."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Beitrag nicht gefunden"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Ungültige Argumente übergeben"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Ungültige Anmeldeinformationen"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Passwort zurücksetzen"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Ressource nicht gefunden"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Etwas lief falsch"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Unbekannte Ressource"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Sie haben nicht die Berechtigung dies zu tun"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Sie müssen eingeloggt sein"
@@ -1195,3 +1195,187 @@ msgstr "Ihr Profil wurde als Spam erkannt."
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
 "Ihre Registrierung wurde als Spam erkannt und kann nicht verarbeitet werden."
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Fehler beim Speichern des Reports"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Veranstaltung nicht gefunden"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/en/LC_MESSAGES/errors.po b/priv/gettext/en/LC_MESSAGES/errors.po
index 1b396b9c5..0df870b30 100644
--- a/priv/gettext/en/LC_MESSAGES/errors.po
+++ b/priv/gettext/en/LC_MESSAGES/errors.po
@@ -118,7 +118,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -373,7 +373,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -395,7 +395,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -547,7 +547,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -760,48 +760,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1154,3 +1154,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/errors.pot b/priv/gettext/errors.pot
index 3ae9c151e..93145f052 100644
--- a/priv/gettext/errors.pot
+++ b/priv/gettext/errors.pot
@@ -115,7 +115,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -370,7 +370,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -392,7 +392,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -544,7 +544,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -757,48 +757,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1151,3 +1151,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/es/LC_MESSAGES/errors.po b/priv/gettext/es/LC_MESSAGES/errors.po
index 6743f54da..a11686ff9 100644
--- a/priv/gettext/es/LC_MESSAGES/errors.po
+++ b/priv/gettext/es/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "El perfil actual no es un administrador del grupo seleccionado"
 msgid "Error while saving user settings"
 msgstr "Error al guardar los parámetros del usuario"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -376,7 +376,7 @@ msgstr "No se puede eliminar la última identidad de un usuario"
 msgid "Comment is already deleted"
 msgstr "El comentario ya está eliminado"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -398,7 +398,7 @@ msgstr "Error al actualizar el informe"
 msgid "Event id not found"
 msgstr "ID de evento no encontrado"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -550,7 +550,7 @@ msgstr "El token no existe"
 msgid "Token is not a valid UUID"
 msgstr "El token no es un UUID válido"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Usuario no encontrado"
@@ -776,48 +776,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Este correo electrónico ya está en uso."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Informe no encontrado"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Se pasaron argumentos no válidos"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Credenciales no válidas"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Restablezca su contraseña para iniciar sesión"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Recurso no encontrado"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Algo salió mal"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Recurso desconocido"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "No tienes permiso para hacer esto"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Debes iniciar sesión"
@@ -1182,3 +1182,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Error al guardar el informe"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Evento no encontrado"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/fi/LC_MESSAGES/errors.po b/priv/gettext/fi/LC_MESSAGES/errors.po
index 55f71c9d2..620150df5 100644
--- a/priv/gettext/fi/LC_MESSAGES/errors.po
+++ b/priv/gettext/fi/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "Nykyinen profiili ei ole valitun ryhmän ylläpitäjä"
 msgid "Error while saving user settings"
 msgstr "Käyttäjän asetusten tallennuksessa tapahtui virhe"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -373,7 +373,7 @@ msgstr "Käyttäjän viimeistä identiteettiä ei voi poistaa"
 msgid "Comment is already deleted"
 msgstr "Kommentti on jo poistettu"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -395,7 +395,7 @@ msgstr "Virhe raporttia päivitettäessä"
 msgid "Event id not found"
 msgstr "Tapahtumatunnistetta ei löydy"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -547,7 +547,7 @@ msgstr "Merkkiä ei ole"
 msgid "Token is not a valid UUID"
 msgstr "Merkki ei ole kelvollinen UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Käyttäjää ei löydy"
@@ -763,48 +763,48 @@ msgstr "Rekisteröintimerkki on jo käytössä. Vaikuttaa palvelinpään virheel
 msgid "This email is already used."
 msgstr "Sähköpostiosoite on jo käytössä."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Julkaisua ei löydy"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Virheelliset argumentit välitetty"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Virheelliset kirjautumistiedot"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Palauta salasana, jotta voit kirjautua sisään"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Resurssia ei löydy"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Jokin meni vikaan"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Tuntematon resurssi"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Sinulla ei ole oikeutta tähän"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Kirjaudu ensin sisään"
@@ -1157,3 +1157,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Virhe raporttia tallennettaessa"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Tapahtumaa ei löydy"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/fr/LC_MESSAGES/errors.po b/priv/gettext/fr/LC_MESSAGES/errors.po
index c763dc903..ec3994e89 100644
--- a/priv/gettext/fr/LC_MESSAGES/errors.po
+++ b/priv/gettext/fr/LC_MESSAGES/errors.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "POT-Creation-Date: \n"
-"PO-Revision-Date: 2023-02-07 15:15+0100\n"
+"PO-Revision-Date: 2023-03-24 14:35+0100\n"
 "Last-Translator: Axel <lordilexa@hotmail.com>\n"
 "Language-Team: French <https://weblate.framasoft.org/projects/mobilizon/backend-errors/fr/>\n"
 "Language: fr\n"
@@ -21,6 +21,7 @@ msgstr ""
 "X-Generator: Poedit 3.1.1\n"
 
 #: lib/mobilizon/discussions/discussion.ex:69
+#, elixir-autogen
 msgid "can't be blank"
 msgstr "ne peut pas être vide"
 
@@ -97,806 +98,1244 @@ msgid "must be equal to %{number}"
 msgstr "doit être égal à %{number}"
 
 #: lib/graphql/resolvers/user.ex:116
+#, elixir-autogen, elixir-format
 msgid "Cannot refresh the token"
 msgstr "Impossible de rafraîchir le jeton"
 
 #: lib/graphql/resolvers/group.ex:276
+#, elixir-autogen, elixir-format
 msgid "Current profile is not a member of this group"
 msgstr "Le profil actuel n'est pas un membre de ce groupe"
 
 #: lib/graphql/resolvers/group.ex:280
+#, elixir-autogen, elixir-format
 msgid "Current profile is not an administrator of the selected group"
 msgstr "Le profil actuel n'est pas un·e administrateur·ice du groupe sélectionné"
 
 #: lib/graphql/resolvers/user.ex:644
+#, elixir-autogen, elixir-format
 msgid "Error while saving user settings"
 msgstr "Erreur lors de la sauvegarde des paramètres utilisateur"
 
-#: lib/graphql/error.ex:101 lib/graphql/resolvers/group.ex:273 lib/graphql/resolvers/group.ex:305
-#: lib/graphql/resolvers/group.ex:342 lib/graphql/resolvers/group.ex:377 lib/graphql/resolvers/group.ex:426
+#: lib/graphql/error.ex:115
+#: lib/graphql/resolvers/group.ex:273
+#: lib/graphql/resolvers/group.ex:305
+#: lib/graphql/resolvers/group.ex:342
+#: lib/graphql/resolvers/group.ex:377
+#: lib/graphql/resolvers/group.ex:426
 #: lib/graphql/resolvers/member.ex:81
+#, elixir-autogen, elixir-format
 msgid "Group not found"
 msgstr "Groupe non trouvé"
 
-#: lib/graphql/resolvers/group.ex:98 lib/graphql/resolvers/group.ex:102
+#: lib/graphql/resolvers/group.ex:98
+#: lib/graphql/resolvers/group.ex:102
+#, elixir-autogen, elixir-format
 msgid "Group with ID %{id} not found"
 msgstr "Groupe avec l'ID %{id} non trouvé"
 
 #: lib/graphql/resolvers/user.ex:94
+#, elixir-autogen, elixir-format
 msgid "Impossible to authenticate, either your email or password are invalid."
 msgstr "Impossible de s'authentifier, votre adresse e-mail ou bien votre mot de passe sont invalides."
 
-#: lib/graphql/resolvers/group.ex:339 lib/graphql/resolvers/group.ex:346
+#: lib/graphql/resolvers/group.ex:339
+#: lib/graphql/resolvers/group.ex:346
+#, elixir-autogen, elixir-format
 msgid "Member not found"
 msgstr "Membre non trouvé"
 
 #: lib/graphql/resolvers/actor.ex:94
+#, elixir-autogen, elixir-format
 msgid "No profile found for the moderator user"
 msgstr "Aucun profil trouvé pour l'utilisateur modérateur"
 
 #: lib/graphql/resolvers/user.ex:300
+#, elixir-autogen, elixir-format
 msgid "No user to validate with this email was found"
 msgstr "Aucun·e utilisateur·ice à valider avec cet email n'a été trouvé·e"
 
-#: lib/graphql/resolvers/person.ex:337 lib/graphql/resolvers/user.ex:330
+#: lib/graphql/resolvers/person.ex:337
+#: lib/graphql/resolvers/user.ex:330
+#, elixir-autogen, elixir-format
 msgid "No user with this email was found"
 msgstr "Aucun·e utilisateur·ice avec cette adresse e-mail n'a été trouvé·e"
 
-#: lib/graphql/resolvers/feed_token.ex:28 lib/graphql/resolvers/participant.ex:32
-#: lib/graphql/resolvers/participant.ex:210 lib/graphql/resolvers/person.ex:245 lib/graphql/resolvers/person.ex:376
-#: lib/graphql/resolvers/person.ex:412 lib/graphql/resolvers/person.ex:419 lib/graphql/resolvers/person.ex:448
+#: lib/graphql/resolvers/feed_token.ex:28
+#: lib/graphql/resolvers/participant.ex:32
+#: lib/graphql/resolvers/participant.ex:210
+#: lib/graphql/resolvers/person.ex:245
+#: lib/graphql/resolvers/person.ex:376
+#: lib/graphql/resolvers/person.ex:412
+#: lib/graphql/resolvers/person.ex:419
+#: lib/graphql/resolvers/person.ex:448
 #: lib/graphql/resolvers/person.ex:463
+#, elixir-autogen, elixir-format
 msgid "Profile is not owned by authenticated user"
 msgstr "Le profil n'est pas possédé par l'utilisateur connecté"
 
 #: lib/graphql/resolvers/user.ex:177
+#, elixir-autogen, elixir-format
 msgid "Registrations are not open"
 msgstr "Les inscriptions ne sont pas ouvertes"
 
 #: lib/graphql/resolvers/user.ex:461
+#, elixir-autogen, elixir-format
 msgid "The current password is invalid"
 msgstr "Le mot de passe actuel est invalide"
 
-#: lib/graphql/resolvers/admin.ex:336 lib/graphql/resolvers/user.ex:504
+#: lib/graphql/resolvers/admin.ex:336
+#: lib/graphql/resolvers/user.ex:504
+#, elixir-autogen, elixir-format
 msgid "The new email doesn't seem to be valid"
 msgstr "La nouvelle adresse e-mail ne semble pas être valide"
 
-#: lib/graphql/resolvers/admin.ex:339 lib/graphql/resolvers/user.ex:507
+#: lib/graphql/resolvers/admin.ex:339
+#: lib/graphql/resolvers/user.ex:507
+#, elixir-autogen, elixir-format
 msgid "The new email must be different"
 msgstr "La nouvelle adresse e-mail doit être différente"
 
 #: lib/graphql/resolvers/user.ex:464
+#, elixir-autogen, elixir-format
 msgid "The new password must be different"
 msgstr "Le nouveau mot de passe doit être différent"
 
-#: lib/graphql/resolvers/user.ex:511 lib/graphql/resolvers/user.ex:573 lib/graphql/resolvers/user.ex:576
+#: lib/graphql/resolvers/user.ex:511
+#: lib/graphql/resolvers/user.ex:573
+#: lib/graphql/resolvers/user.ex:576
+#, elixir-autogen, elixir-format
 msgid "The password provided is invalid"
 msgstr "Le mot de passe fourni est invalide"
 
 #: lib/graphql/resolvers/user.ex:468
+#, elixir-autogen, elixir-format
 msgid "The password you have chosen is too short. Please make sure your password contains at least 6 characters."
-msgstr ""
-"Le mot de passe que vous avez choisi est trop court. Merci de vous assurer que votre mot de passe contienne au moins "
-"6 caractères."
+msgstr "Le mot de passe que vous avez choisi est trop court. Merci de vous assurer que votre mot de passe contienne au moins 6 caractères."
 
 #: lib/graphql/resolvers/user.ex:323
+#, elixir-autogen, elixir-format
 msgid "This user can't reset their password"
 msgstr "Cet·te utilisateur·ice ne peut pas réinitialiser son mot de passe"
 
 #: lib/graphql/resolvers/user.ex:90
+#, elixir-autogen, elixir-format
 msgid "This user has been disabled"
 msgstr "Cet·te utilisateur·ice a été désactivé·e"
 
-#: lib/graphql/resolvers/user.ex:278 lib/graphql/resolvers/user.ex:283
+#: lib/graphql/resolvers/user.ex:278
+#: lib/graphql/resolvers/user.ex:283
+#, elixir-autogen, elixir-format
 msgid "Unable to validate user"
 msgstr "Impossible de valider l'utilisateur·ice"
 
 #: lib/graphql/resolvers/user.ex:554
+#, elixir-autogen, elixir-format
 msgid "User already disabled"
 msgstr "L'utilisateur·ice est déjà désactivé·e"
 
 #: lib/graphql/resolvers/user.ex:619
+#, elixir-autogen, elixir-format
 msgid "User requested is not logged-in"
 msgstr "L'utilisateur·ice demandé·e n'est pas connecté·e"
 
 #: lib/graphql/resolvers/group.ex:311
+#, elixir-autogen, elixir-format
 msgid "You are already a member of this group"
 msgstr "Vous êtes déjà membre de ce groupe"
 
 #: lib/graphql/resolvers/group.ex:350
+#, elixir-autogen, elixir-format
 msgid "You can't leave this group because you are the only administrator"
 msgstr "Vous ne pouvez pas quitter ce groupe car vous en êtes le ou la seul·e administrateur·ice"
 
 #: lib/graphql/resolvers/group.ex:308
+#, elixir-autogen, elixir-format
 msgid "You cannot join this group"
 msgstr "Vous ne pouvez pas rejoindre ce groupe"
 
 #: lib/graphql/resolvers/group.ex:132
+#, elixir-autogen, elixir-format
 msgid "You may not list groups unless moderator."
 msgstr "Vous ne pouvez pas lister les groupes sauf à être modérateur·ice."
 
 #: lib/graphql/resolvers/user.ex:519
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to change your email"
 msgstr "Vous devez être connecté·e pour changer votre adresse e-mail"
 
 #: lib/graphql/resolvers/user.ex:476
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to change your password"
 msgstr "Vous devez être connecté·e pour changer votre mot de passe"
 
 #: lib/graphql/resolvers/group.ex:285
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to delete a group"
 msgstr "Vous devez être connecté·e pour supprimer un groupe"
 
 #: lib/graphql/resolvers/user.ex:581
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to delete your account"
 msgstr "Vous devez être connecté·e pour supprimer votre compte"
 
 #: lib/graphql/resolvers/group.ex:316
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to join a group"
 msgstr "Vous devez être connecté·e pour rejoindre un groupe"
 
 #: lib/graphql/resolvers/group.ex:355
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to leave a group"
 msgstr "Vous devez être connecté·e pour quitter un groupe"
 
 #: lib/graphql/resolvers/group.ex:249
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to update a group"
 msgstr "Vous devez être connecté·e pour mettre à jour un groupe"
 
 #: lib/graphql/resolvers/user.ex:121
+#, elixir-autogen, elixir-format
 msgid "You need to have an existing token to get a refresh token"
 msgstr "Vous devez avoir un jeton existant pour obtenir un jeton de rafraîchissement"
 
-#: lib/graphql/resolvers/user.ex:306 lib/graphql/resolvers/user.ex:333
+#: lib/graphql/resolvers/user.ex:306
+#: lib/graphql/resolvers/user.ex:333
+#, elixir-autogen, elixir-format
 msgid "You requested again a confirmation email too soon"
 msgstr "Vous avez à nouveau demandé un email de confirmation trop vite"
 
 #: lib/graphql/resolvers/user.ex:180
+#, elixir-autogen, elixir-format
 msgid "Your email is not on the allowlist"
 msgstr "Votre adresse e-mail n'est pas sur la liste d'autorisations"
 
 #: lib/graphql/resolvers/actor.ex:100
+#, elixir-autogen, elixir-format
 msgid "Error while performing background task"
 msgstr "Erreur lors de l'exécution d'une tâche d'arrière-plan"
 
 #: lib/graphql/resolvers/actor.ex:32
+#, elixir-autogen, elixir-format
 msgid "No profile found with this ID"
 msgstr "Aucun profil trouvé avec cet ID"
 
-#: lib/graphql/resolvers/actor.ex:61 lib/graphql/resolvers/actor.ex:97
+#: lib/graphql/resolvers/actor.ex:61
+#: lib/graphql/resolvers/actor.ex:97
+#, elixir-autogen, elixir-format
 msgid "No remote profile found with this ID"
 msgstr "Aucun profil distant trouvé avec cet ID"
 
 #: lib/graphql/resolvers/actor.ex:72
+#, elixir-autogen, elixir-format
 msgid "Only moderators and administrators can suspend a profile"
 msgstr "Seul·es les modérateur·ice et les administrateur·ices peuvent suspendre un profil"
 
 #: lib/graphql/resolvers/actor.ex:105
+#, elixir-autogen, elixir-format
 msgid "Only moderators and administrators can unsuspend a profile"
 msgstr "Seul·es les modérateur·ice et les administrateur·ices peuvent annuler la suspension d'un profil"
 
 #: lib/graphql/resolvers/actor.ex:29
+#, elixir-autogen, elixir-format
 msgid "Only remote profiles may be refreshed"
 msgstr "Seuls les profils distants peuvent être rafraîchis"
 
 #: lib/graphql/resolvers/actor.ex:64
+#, elixir-autogen, elixir-format
 msgid "Profile already suspended"
 msgstr "Le profil est déjà suspendu"
 
 #: lib/graphql/resolvers/participant.ex:96
+#, elixir-autogen, elixir-format
 msgid "A valid email is required by your instance"
 msgstr "Une adresse e-mail valide est requise par votre instance"
 
-#: lib/graphql/resolvers/participant.ex:90 lib/graphql/resolvers/participant.ex:143
+#: lib/graphql/resolvers/participant.ex:90
+#: lib/graphql/resolvers/participant.ex:143
+#, elixir-autogen, elixir-format
 msgid "Anonymous participation is not enabled"
 msgstr "La participation anonyme n'est pas activée"
 
 #: lib/graphql/resolvers/person.ex:219
+#, elixir-autogen, elixir-format
 msgid "Cannot remove the last administrator of a group"
 msgstr "Impossible de supprimer le ou la dernier·ère administrateur·ice d'un groupe"
 
 #: lib/graphql/resolvers/person.ex:216
+#, elixir-autogen, elixir-format
 msgid "Cannot remove the last identity of a user"
 msgstr "Impossible de supprimer le dernier profil d'un·e utilisateur·ice"
 
 #: lib/graphql/resolvers/comment.ex:147
+#, elixir-autogen, elixir-format
 msgid "Comment is already deleted"
 msgstr "Le commentaire est déjà supprimé"
 
-#: lib/graphql/error.ex:103 lib/graphql/resolvers/discussion.ex:69
+#: lib/graphql/error.ex:117
+#: lib/graphql/resolvers/discussion.ex:69
+#, elixir-autogen, elixir-format
 msgid "Discussion not found"
 msgstr "Discussion non trouvée"
 
-#: lib/graphql/resolvers/report.ex:71 lib/graphql/resolvers/report.ex:90
+#: lib/graphql/resolvers/report.ex:71
+#: lib/graphql/resolvers/report.ex:90
+#, elixir-autogen, elixir-format
 msgid "Error while saving report"
 msgstr "Erreur lors de la sauvegarde du signalement"
 
 #: lib/graphql/resolvers/report.ex:116
+#, elixir-autogen, elixir-format
 msgid "Error while updating report"
 msgstr "Erreur lors de la mise à jour du signalement"
 
 #: lib/graphql/resolvers/participant.ex:131
+#, elixir-autogen, elixir-format
 msgid "Event id not found"
 msgstr "ID de l'événement non trouvé"
 
-#: lib/graphql/error.ex:100 lib/graphql/resolvers/event.ex:355 lib/graphql/resolvers/event.ex:407
+#: lib/graphql/error.ex:114
+#: lib/graphql/resolvers/event.ex:355
+#: lib/graphql/resolvers/event.ex:407
+#, elixir-autogen, elixir-format
 msgid "Event not found"
 msgstr "Événement non trouvé"
 
-#: lib/graphql/resolvers/participant.ex:87 lib/graphql/resolvers/participant.ex:128
-#: lib/graphql/resolvers/participant.ex:155 lib/graphql/resolvers/participant.ex:336
+#: lib/graphql/resolvers/participant.ex:87
+#: lib/graphql/resolvers/participant.ex:128
+#: lib/graphql/resolvers/participant.ex:155
+#: lib/graphql/resolvers/participant.ex:336
+#, elixir-autogen, elixir-format
 msgid "Event with this ID %{id} doesn't exist"
 msgstr "L'événement avec cet ID %{id} n'existe pas"
 
 #: lib/graphql/resolvers/participant.ex:103
+#, elixir-autogen, elixir-format
 msgid "Internal Error"
 msgstr "Erreur interne"
 
 #: lib/graphql/resolvers/discussion.ex:219
+#, elixir-autogen, elixir-format
 msgid "No discussion with ID %{id}"
 msgstr "Aucune discussion avec l'ID %{id}"
 
-#: lib/graphql/resolvers/todos.ex:80 lib/graphql/resolvers/todos.ex:107 lib/graphql/resolvers/todos.ex:179
-#: lib/graphql/resolvers/todos.ex:208 lib/graphql/resolvers/todos.ex:237
+#: lib/graphql/resolvers/todos.ex:80
+#: lib/graphql/resolvers/todos.ex:107
+#: lib/graphql/resolvers/todos.ex:179
+#: lib/graphql/resolvers/todos.ex:208
+#: lib/graphql/resolvers/todos.ex:237
+#, elixir-autogen, elixir-format
 msgid "No profile found for user"
 msgstr "Aucun profil trouvé pour l'utilisateur modérateur"
 
 #: lib/graphql/resolvers/feed_token.ex:64
+#, elixir-autogen, elixir-format
 msgid "No such feed token"
 msgstr "Aucun jeton de flux correspondant"
 
 #: lib/graphql/resolvers/participant.ex:259
+#, elixir-autogen, elixir-format
 msgid "Participant already has role %{role}"
 msgstr "Le ou la participant·e a déjà le rôle %{role}"
 
-#: lib/graphql/resolvers/participant.ex:187 lib/graphql/resolvers/participant.ex:220
+#: lib/graphql/resolvers/participant.ex:187
+#: lib/graphql/resolvers/participant.ex:220
 #: lib/graphql/resolvers/participant.ex:263
+#, elixir-autogen, elixir-format
 msgid "Participant not found"
 msgstr "Participant·e non trouvé·e"
 
 #: lib/graphql/resolvers/person.ex:33
+#, elixir-autogen, elixir-format
 msgid "Person with ID %{id} not found"
 msgstr "Personne avec l'ID %{id} non trouvé"
 
 #: lib/graphql/resolvers/person.ex:57
+#, elixir-autogen, elixir-format
 msgid "Person with username %{username} not found"
 msgstr "Personne avec le nom %{name} non trouvé"
 
-#: lib/graphql/resolvers/post.ex:169 lib/graphql/resolvers/post.ex:203
+#: lib/graphql/resolvers/post.ex:169
+#: lib/graphql/resolvers/post.ex:203
+#, elixir-autogen, elixir-format
 msgid "Post ID is not a valid ID"
 msgstr "L'ID du billet n'est pas un ID valide"
 
-#: lib/graphql/resolvers/post.ex:172 lib/graphql/resolvers/post.ex:206
+#: lib/graphql/resolvers/post.ex:172
+#: lib/graphql/resolvers/post.ex:206
+#, elixir-autogen, elixir-format
 msgid "Post doesn't exist"
 msgstr "Le billet n'existe pas"
 
 #: lib/graphql/resolvers/member.ex:84
+#, elixir-autogen, elixir-format
 msgid "Profile invited doesn't exist"
 msgstr "Le profil invité n'existe pas"
 
-#: lib/graphql/resolvers/member.ex:93 lib/graphql/resolvers/member.ex:97
+#: lib/graphql/resolvers/member.ex:93
+#: lib/graphql/resolvers/member.ex:97
+#, elixir-autogen, elixir-format
 msgid "Profile is already a member of this group"
 msgstr "Ce profil est déjà membre de ce groupe"
 
-#: lib/graphql/resolvers/post.ex:133 lib/graphql/resolvers/post.ex:175 lib/graphql/resolvers/post.ex:209
-#: lib/graphql/resolvers/resource.ex:90 lib/graphql/resolvers/resource.ex:135 lib/graphql/resolvers/resource.ex:168
-#: lib/graphql/resolvers/resource.ex:202 lib/graphql/resolvers/todos.ex:58 lib/graphql/resolvers/todos.ex:83
-#: lib/graphql/resolvers/todos.ex:110 lib/graphql/resolvers/todos.ex:182 lib/graphql/resolvers/todos.ex:214
+#: lib/graphql/resolvers/post.ex:133
+#: lib/graphql/resolvers/post.ex:175
+#: lib/graphql/resolvers/post.ex:209
+#: lib/graphql/resolvers/resource.ex:90
+#: lib/graphql/resolvers/resource.ex:135
+#: lib/graphql/resolvers/resource.ex:168
+#: lib/graphql/resolvers/resource.ex:202
+#: lib/graphql/resolvers/todos.ex:58
+#: lib/graphql/resolvers/todos.ex:83
+#: lib/graphql/resolvers/todos.ex:110
+#: lib/graphql/resolvers/todos.ex:182
+#: lib/graphql/resolvers/todos.ex:214
 #: lib/graphql/resolvers/todos.ex:246
+#, elixir-autogen, elixir-format
 msgid "Profile is not member of group"
 msgstr "Le profil n'est pas un·e membre du groupe"
 
-#: lib/graphql/resolvers/actor.ex:67 lib/graphql/resolvers/person.ex:242
+#: lib/graphql/resolvers/actor.ex:67
+#: lib/graphql/resolvers/person.ex:242
+#, elixir-autogen, elixir-format
 msgid "Profile not found"
 msgstr "Profile non trouvé"
 
 #: lib/graphql/resolvers/report.ex:48
+#, elixir-autogen, elixir-format
 msgid "Report not found"
 msgstr "Groupe non trouvé"
 
-#: lib/graphql/resolvers/resource.ex:172 lib/graphql/resolvers/resource.ex:199
+#: lib/graphql/resolvers/resource.ex:172
+#: lib/graphql/resolvers/resource.ex:199
+#, elixir-autogen, elixir-format
 msgid "Resource doesn't exist"
 msgstr "La ressource n'existe pas"
 
 #: lib/graphql/resolvers/participant.ex:124
+#, elixir-autogen, elixir-format
 msgid "The event has already reached its maximum capacity"
 msgstr "L'événement a déjà atteint sa capacité maximale"
 
 #: lib/graphql/resolvers/participant.ex:282
+#, elixir-autogen, elixir-format
 msgid "This token is invalid"
 msgstr "Ce jeton est invalide"
 
-#: lib/graphql/resolvers/todos.ex:176 lib/graphql/resolvers/todos.ex:243
+#: lib/graphql/resolvers/todos.ex:176
+#: lib/graphql/resolvers/todos.ex:243
+#, elixir-autogen, elixir-format
 msgid "Todo doesn't exist"
 msgstr "Ce todo n'existe pas"
 
-#: lib/graphql/resolvers/todos.ex:77 lib/graphql/resolvers/todos.ex:211 lib/graphql/resolvers/todos.ex:240
+#: lib/graphql/resolvers/todos.ex:77
+#: lib/graphql/resolvers/todos.ex:211
+#: lib/graphql/resolvers/todos.ex:240
+#, elixir-autogen, elixir-format
 msgid "Todo list doesn't exist"
 msgstr "Cette todo-liste n'existe pas"
 
 #: lib/graphql/resolvers/feed_token.ex:73
+#, elixir-autogen, elixir-format
 msgid "Token does not exist"
 msgstr "Ce jeton n'existe pas"
 
-#: lib/graphql/resolvers/feed_token.ex:67 lib/graphql/resolvers/feed_token.ex:70
+#: lib/graphql/resolvers/feed_token.ex:67
+#: lib/graphql/resolvers/feed_token.ex:70
+#, elixir-autogen, elixir-format
 msgid "Token is not a valid UUID"
 msgstr "Ce jeton n'est pas un UUID valide"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
+#, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Utilisateur·ice non trouvé·e"
 
 #: lib/graphql/resolvers/person.ex:333
+#, elixir-autogen, elixir-format
 msgid "You already have a profile for this user"
 msgstr "Vous avez déjà un profil pour cet utilisateur"
 
 #: lib/graphql/resolvers/participant.ex:134
+#, elixir-autogen, elixir-format
 msgid "You are already a participant of this event"
 msgstr "Vous êtes déjà un·e participant·e à cet événement"
 
 #: lib/graphql/resolvers/member.ex:87
+#, elixir-autogen, elixir-format
 msgid "You are not a member of this group"
 msgstr "Vous n'êtes pas membre de ce groupe"
 
-#: lib/graphql/resolvers/member.ex:157 lib/graphql/resolvers/member.ex:173 lib/graphql/resolvers/member.ex:188
+#: lib/graphql/resolvers/member.ex:157
+#: lib/graphql/resolvers/member.ex:173
+#: lib/graphql/resolvers/member.ex:188
+#, elixir-autogen, elixir-format
 msgid "You are not a moderator or admin for this group"
 msgstr "Vous n'êtes pas administrateur·ice ou modérateur·ice de ce groupe"
 
 #: lib/graphql/resolvers/comment.ex:80
+#, elixir-autogen, elixir-format
 msgid "You are not allowed to create a comment if not connected"
 msgstr "Vous n'êtes pas autorisé·e à créer un commentaire si non connecté·e"
 
 #: lib/graphql/resolvers/feed_token.ex:41
+#, elixir-autogen, elixir-format
 msgid "You are not allowed to create a feed token if not connected"
 msgstr "Vous n'êtes pas autorisé·e à créer un jeton de flux si non connecté·e"
 
 #: lib/graphql/resolvers/comment.ex:155
+#, elixir-autogen, elixir-format
 msgid "You are not allowed to delete a comment if not connected"
 msgstr "Vous n'êtes pas autorisé·e à supprimer un commentaire si non connecté·e"
 
 #: lib/graphql/resolvers/feed_token.ex:82
+#, elixir-autogen, elixir-format
 msgid "You are not allowed to delete a feed token if not connected"
 msgstr "Vous n'êtes pas autorisé·e à supprimer un jeton de flux si non connecté·e"
 
 #: lib/graphql/resolvers/comment.ex:114
+#, elixir-autogen, elixir-format
 msgid "You are not allowed to update a comment if not connected"
 msgstr "Vous n'êtes pas autorisé·e à mettre à jour un commentaire si non connecté·e"
 
-#: lib/graphql/resolvers/participant.ex:181 lib/graphql/resolvers/participant.ex:214
+#: lib/graphql/resolvers/participant.ex:181
+#: lib/graphql/resolvers/participant.ex:214
+#, elixir-autogen, elixir-format
 msgid "You can't leave event because you're the only event creator participant"
 msgstr "Vous ne pouvez pas quitter cet événement car vous en êtes le ou la seule créateur·ice participant"
 
 #: lib/graphql/resolvers/member.ex:192
+#, elixir-autogen, elixir-format
 msgid "You can't set yourself to a lower member role for this group because you are the only administrator"
-msgstr ""
-"Vous ne pouvez pas vous définir avec un rôle de membre inférieur pour ce groupe car vous en êtes le ou la seul·e "
-"administrateur·ice"
+msgstr "Vous ne pouvez pas vous définir avec un rôle de membre inférieur pour ce groupe car vous en êtes le ou la seul·e administrateur·ice"
 
 #: lib/graphql/resolvers/comment.ex:143
+#, elixir-autogen, elixir-format
 msgid "You cannot delete this comment"
 msgstr "Vous ne pouvez pas supprimer ce commentaire"
 
 #: lib/graphql/resolvers/event.ex:403
+#, elixir-autogen, elixir-format
 msgid "You cannot delete this event"
 msgstr "Vous ne pouvez pas supprimer cet événement"
 
 #: lib/graphql/resolvers/member.ex:90
+#, elixir-autogen, elixir-format
 msgid "You cannot invite to this group"
 msgstr "Vous ne pouvez pas rejoindre ce groupe"
 
 #: lib/graphql/resolvers/feed_token.ex:76
+#, elixir-autogen, elixir-format
 msgid "You don't have permission to delete this token"
 msgstr "Vous n'avez pas la permission de supprimer ce jeton"
 
 #: lib/graphql/resolvers/admin.ex:56
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and a moderator to list action logs"
 msgstr "Vous devez être connecté·e et une modérateur·ice pour lister les journaux de modération"
 
 #: lib/graphql/resolvers/report.ex:36
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and a moderator to list reports"
 msgstr "Vous devez être connecté·e et une modérateur·ice pour lister les signalements"
 
 #: lib/graphql/resolvers/report.ex:121
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and a moderator to update a report"
 msgstr "Vous devez être connecté·e et une modérateur·ice pour modifier un signalement"
 
 #: lib/graphql/resolvers/report.ex:53
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and a moderator to view a report"
 msgstr "Vous devez être connecté·e pour et une modérateur·ice pour visionner un signalement"
 
 #: lib/graphql/resolvers/admin.ex:252
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and an administrator to access admin settings"
 msgstr "Vous devez être connecté·e et un·e administrateur·ice pour accéder aux paramètres administrateur"
 
 #: lib/graphql/resolvers/admin.ex:236
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and an administrator to access dashboard statistics"
 msgstr "Vous devez être connecté·e et un·e administrateur·ice pour accéder aux panneau de statistiques"
 
 #: lib/graphql/resolvers/admin.ex:278
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and an administrator to save admin settings"
 msgstr "Vous devez être connecté·e et un·e administrateur·ice pour sauvegarder les paramètres administrateur"
 
 #: lib/graphql/resolvers/discussion.ex:84
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to access discussions"
 msgstr "Vous devez être connecté·e pour accéder aux discussions"
 
 #: lib/graphql/resolvers/resource.ex:96
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to access resources"
 msgstr "Vous devez être connecté·e pour supprimer un groupe"
 
 #: lib/graphql/resolvers/event.ex:313
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to create events"
 msgstr "Vous devez être connecté·e pour créer des événements"
 
 #: lib/graphql/resolvers/post.ex:141
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to create posts"
 msgstr "Vous devez être connecté·e pour quitter un groupe"
 
 #: lib/graphql/resolvers/report.ex:87
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to create reports"
 msgstr "Vous devez être connecté·e pour quitter un groupe"
 
 #: lib/graphql/resolvers/resource.ex:140
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to create resources"
 msgstr "Vous devez être connecté·e pour quitter un groupe"
 
 #: lib/graphql/resolvers/event.ex:412
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to delete an event"
 msgstr "Vous devez être connecté·e pour supprimer un groupe"
 
 #: lib/graphql/resolvers/post.ex:214
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to delete posts"
 msgstr "Vous devez être connecté·e pour supprimer un groupe"
 
 #: lib/graphql/resolvers/resource.ex:207
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to delete resources"
 msgstr "Vous devez être connecté·e pour supprimer un groupe"
 
 #: lib/graphql/resolvers/participant.ex:108
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to join an event"
 msgstr "Vous devez être connecté·e pour rejoindre un événement"
 
 #: lib/graphql/resolvers/participant.ex:225
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to leave an event"
 msgstr "Vous devez être connecté·e pour quitter un groupe"
 
 #: lib/graphql/resolvers/event.ex:369
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to update an event"
 msgstr "Vous devez être connecté·e pour mettre à jour un groupe"
 
 #: lib/graphql/resolvers/post.ex:180
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to update posts"
 msgstr "Vous devez être connecté·e pour mettre à jour un groupe"
 
 #: lib/graphql/resolvers/resource.ex:177
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to update resources"
 msgstr "Vous devez être connecté·e pour mettre à jour un groupe"
 
 #: lib/graphql/resolvers/resource.ex:236
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to view a resource preview"
 msgstr "Vous devez être connecté·e pour supprimer un groupe"
 
 #: lib/graphql/resolvers/resource.ex:132
+#, elixir-autogen, elixir-format
 msgid "Parent resource doesn't belong to this group"
 msgstr "La ressource parente n'appartient pas à ce groupe"
 
 #: lib/mobilizon/users/user.ex:114
+#, elixir-autogen, elixir-format
 msgid "The chosen password is too short."
 msgstr "Le mot de passe choisi est trop court."
 
 #: lib/mobilizon/users/user.ex:142
+#, elixir-autogen, elixir-format
 msgid "The registration token is already in use, this looks like an issue on our side."
 msgstr "Le jeton d'inscription est déjà utilisé, cela ressemble à un problème de notre côté."
 
 #: lib/mobilizon/users/user.ex:108
+#, elixir-autogen, elixir-format
 msgid "This email is already used."
 msgstr "Cette adresse e-mail est déjà utilisée."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
+#, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Billet non trouvé"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
+#, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Paramètres fournis invalides"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
+#, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Identifiants invalides"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
+#, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Réinitialiser votre mot de passe pour vous connecter"
 
-#: lib/graphql/error.ex:97 lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
+#, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Ressource non trouvée"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
+#, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Quelque chose s'est mal passé"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
+#, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Ressource inconnue"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
+#, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Vous n'avez pas la permission de faire ceci"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
+#, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Vous devez être connecté·e"
 
 #: lib/graphql/resolvers/member.ex:118
+#, elixir-autogen, elixir-format
 msgid "You can't accept this invitation with this profile."
 msgstr "Vous ne pouvez pas accepter cette invitation avec ce profil."
 
 #: lib/graphql/resolvers/member.ex:139
+#, elixir-autogen, elixir-format
 msgid "You can't reject this invitation with this profile."
 msgstr "Vous ne pouvez pas rejeter cette invitation avec ce profil."
 
 #: lib/graphql/resolvers/media.ex:71
+#, elixir-autogen, elixir-format
 msgid "File doesn't have an allowed MIME type."
 msgstr "Le fichier n'a pas un type MIME autorisé."
 
 #: lib/graphql/resolvers/group.ex:244
+#, elixir-autogen, elixir-format
 msgid "Profile is not administrator for the group"
 msgstr "Le profil n'est pas administrateur·ice pour le groupe"
 
 #: lib/graphql/resolvers/event.ex:358
+#, elixir-autogen, elixir-format
 msgid "You can't edit this event."
 msgstr "Vous ne pouvez pas éditer cet événement."
 
 #: lib/graphql/resolvers/event.ex:361
+#, elixir-autogen, elixir-format
 msgid "You can't attribute this event to this profile."
 msgstr "Vous ne pouvez pas attribuer cet événement à ce profil."
 
 #: lib/graphql/resolvers/member.ex:142
+#, elixir-autogen, elixir-format
 msgid "This invitation doesn't exist."
 msgstr "Cette invitation n'existe pas."
 
 #: lib/graphql/resolvers/member.ex:217
+#, elixir-autogen, elixir-format
 msgid "This member already has been rejected."
 msgstr "Ce·tte membre a déjà été rejetté·e."
 
 #: lib/graphql/resolvers/member.ex:241
+#, elixir-autogen, elixir-format
 msgid "You don't have the right to remove this member."
 msgstr "Vous n'avez pas les droits pour supprimer ce·tte membre."
 
 #: lib/mobilizon/actors/actor.ex:377
+#, elixir-autogen, elixir-format
 msgid "This username is already taken."
 msgstr "Cet identifiant est déjà pris."
 
 #: lib/graphql/resolvers/discussion.ex:81
+#, elixir-autogen, elixir-format
 msgid "You must provide either an ID or a slug to access a discussion"
 msgstr "Vous devez fournir un ID ou bien un slug pour accéder à une discussion"
 
 #: lib/graphql/resolvers/event.ex:275
+#, elixir-autogen, elixir-format
 msgid "Organizer profile is not owned by the user"
 msgstr "Le profil de l'organisateur·ice n'appartient pas à l'utilisateur·ice"
 
 #: lib/graphql/resolvers/participant.ex:93
+#, elixir-autogen, elixir-format
 msgid "Profile ID provided is not the anonymous profile one"
 msgstr "L'ID du profil fourni n'est pas celui du profil anonyme"
 
-#: lib/graphql/resolvers/group.ex:181 lib/graphql/resolvers/group.ex:223 lib/graphql/resolvers/person.ex:157
-#: lib/graphql/resolvers/person.ex:191 lib/graphql/resolvers/person.ex:324
+#: lib/graphql/resolvers/group.ex:181
+#: lib/graphql/resolvers/group.ex:223
+#: lib/graphql/resolvers/person.ex:157
+#: lib/graphql/resolvers/person.ex:191
+#: lib/graphql/resolvers/person.ex:324
+#, elixir-autogen, elixir-format
 msgid "The provided picture is too heavy"
 msgstr "L'image fournie est trop lourde"
 
 #: lib/graphql/resolvers/resource.ex:129
+#, elixir-autogen, elixir-format
 msgid "Error while creating resource"
 msgstr "Erreur lors de la création de la resource"
 
 #: lib/graphql/resolvers/user.ex:537
+#, elixir-autogen, elixir-format
 msgid "Invalid activation token"
 msgstr "Jeton d'activation invalide"
 
 #: lib/graphql/resolvers/resource.ex:226
+#, elixir-autogen, elixir-format
 msgid "Unable to fetch resource details from this URL."
 msgstr "Impossible de récupérer les détails de la ressource depuis cette URL."
 
-#: lib/graphql/resolvers/event.ex:165 lib/graphql/resolvers/participant.ex:253 lib/graphql/resolvers/participant.ex:328
+#: lib/graphql/resolvers/event.ex:165
+#: lib/graphql/resolvers/participant.ex:253
+#: lib/graphql/resolvers/participant.ex:328
+#, elixir-autogen, elixir-format
 msgid "Provided profile doesn't have moderator permissions on this event"
 msgstr "Le profil modérateur fourni n'a pas de permissions sur cet événement"
 
 #: lib/graphql/resolvers/event.ex:286
+#, elixir-autogen, elixir-format
 msgid "Organizer profile doesn't have permission to create an event on behalf of this group"
 msgstr "Le profil de l'organisateur⋅ice n'a pas la permission de créer un événement au nom de ce groupe"
 
 #: lib/graphql/resolvers/event.ex:349
+#, elixir-autogen, elixir-format
 msgid "This profile doesn't have permission to update an event on behalf of this group"
 msgstr "Ce profil n'a pas la permission de mettre à jour un événement au nom du groupe"
 
 #: lib/graphql/resolvers/user.ex:184
+#, elixir-autogen, elixir-format
 msgid "Your e-mail has been denied registration or uses a disallowed e-mail provider"
 msgstr "Votre adresse e-mail a été refusée à l'inscription ou bien utilise un fournisseur d'e-mail interdit"
 
 #: lib/graphql/resolvers/comment.ex:150
+#, elixir-autogen, elixir-format
 msgid "Comment not found"
 msgstr "Commentaire non trouvé"
 
 #: lib/graphql/resolvers/discussion.ex:123
+#, elixir-autogen, elixir-format
 msgid "Error while creating a discussion"
 msgstr "Erreur lors de la création de la discussion"
 
 #: lib/graphql/resolvers/user.ex:658
+#, elixir-autogen, elixir-format
 msgid "Error while updating locale"
 msgstr "Erreur lors de la mise à jour des options linguistiques"
 
 #: lib/graphql/resolvers/person.ex:327
+#, elixir-autogen, elixir-format
 msgid "Error while uploading pictures"
 msgstr "Erreur lors du téléversement des images"
 
 #: lib/graphql/resolvers/participant.ex:190
+#, elixir-autogen, elixir-format
 msgid "Failed to leave the event"
 msgstr "Impossible de quitter l'événement"
 
 #: lib/graphql/resolvers/group.ex:236
+#, elixir-autogen, elixir-format
 msgid "Failed to update the group"
 msgstr "Impossible de mettre à jour le groupe"
 
-#: lib/graphql/resolvers/admin.ex:333 lib/graphql/resolvers/user.ex:501
+#: lib/graphql/resolvers/admin.ex:333
+#: lib/graphql/resolvers/user.ex:501
+#, elixir-autogen, elixir-format
 msgid "Failed to update user email"
 msgstr "Impossible de mettre à jour l'adresse e-mail de utilisateur"
 
 #: lib/graphql/resolvers/user.ex:533
+#, elixir-autogen, elixir-format
 msgid "Failed to validate user email"
 msgstr "Impossible de valider l'adresse e-mail de l'utilisateur·ice"
 
 #: lib/graphql/resolvers/participant.ex:146
+#, elixir-autogen, elixir-format
 msgid "The anonymous actor ID is invalid"
 msgstr "L'ID de l'acteur anonyme est invalide"
 
 #: lib/graphql/resolvers/resource.ex:165
+#, elixir-autogen, elixir-format
 msgid "Unknown error while updating resource"
 msgstr "Erreur inconnue lors de la mise à jour de la resource"
 
 #: lib/graphql/resolvers/comment.ex:105
+#, elixir-autogen, elixir-format
 msgid "You are not the comment creator"
 msgstr "Vous n'êtes pas le ou la createur⋅ice du commentaire"
 
 #: lib/graphql/resolvers/user.ex:458
+#, elixir-autogen, elixir-format
 msgid "You cannot change your password."
 msgstr "Vous ne pouvez pas changer votre mot de passe."
 
 #: lib/graphql/resolvers/participant.ex:321
+#, elixir-autogen, elixir-format
 msgid "Format not supported"
 msgstr "Format non supporté"
 
 #: lib/graphql/resolvers/participant.ex:305
+#, elixir-autogen, elixir-format
 msgid "A dependency needed to export to %{format} is not installed"
 msgstr "Une dépendance nécessaire pour exporter en %{format} n'est pas installée"
 
 #: lib/graphql/resolvers/participant.ex:313
+#, elixir-autogen, elixir-format
 msgid "An error occured while saving export"
 msgstr "Une erreur est survenue lors de l'enregistrement de l'export"
 
 #: lib/web/controllers/export_controller.ex:30
+#, elixir-autogen, elixir-format
 msgid "Export to format %{format} is not enabled on this instance"
 msgstr "L'export au format %{format} n'est pas activé sur cette instance"
 
 #: lib/graphql/resolvers/group.ex:187
+#, elixir-autogen, elixir-format
 msgid "Only admins can create groups"
 msgstr "Seul⋅es les administrateur⋅ices peuvent créer des groupes"
 
 #: lib/graphql/resolvers/event.ex:279
+#, elixir-autogen, elixir-format
 msgid "Only groups can create events"
 msgstr "Seuls les groupes peuvent créer des événements"
 
 #: lib/graphql/resolvers/event.ex:305
+#, elixir-autogen, elixir-format
 msgid "Unknown error while creating event"
 msgstr "Erreur inconnue lors de la création de l'événement"
 
 #: lib/graphql/resolvers/user.ex:514
+#, elixir-autogen, elixir-format
 msgid "User cannot change email"
 msgstr "L'utilisateur ne peut changer son adresse e-mail"
 
 #: lib/graphql/resolvers/group.ex:399
+#, elixir-autogen, elixir-format
 msgid "Follow does not match your account"
 msgstr "L'abonnement ne correspond pas à votre compte"
 
 #: lib/graphql/resolvers/group.ex:403
+#, elixir-autogen, elixir-format
 msgid "Follow not found"
 msgstr "Abonnement non trouvé"
 
 #: lib/graphql/resolvers/user.ex:379
+#, elixir-autogen, elixir-format
 msgid "Profile with username %{username} not found"
 msgstr "Personne avec le nom %{name} non trouvé"
 
 #: lib/graphql/resolvers/user.ex:374
+#, elixir-autogen, elixir-format
 msgid "This profile does not belong to you"
 msgstr "Ce profil ne vous appartient pas"
 
 #: lib/graphql/resolvers/group.ex:373
+#, elixir-autogen, elixir-format
 msgid "You are already following this group"
 msgstr "Vous êtes déjà membre de ce groupe"
 
 #: lib/graphql/resolvers/group.ex:382
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to follow a group"
 msgstr "Vous devez être connecté·e pour suivre un groupe"
 
 #: lib/graphql/resolvers/group.ex:431
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to unfollow a group"
 msgstr "Vous devez être connecté·e pour rejoindre un groupe"
 
 #: lib/graphql/resolvers/group.ex:408
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in to update a group follow"
 msgstr "Vous devez être connecté·e pour mettre à jour un groupe"
 
 #: lib/graphql/resolvers/member.ex:210
+#, elixir-autogen, elixir-format
 msgid "This member does not exist"
 msgstr "Ce membre n'existe pas"
 
 #: lib/graphql/resolvers/member.ex:234
+#, elixir-autogen, elixir-format
 msgid "You don't have the role needed to remove this member."
 msgstr "Vous n'avez pas les droits pour supprimer ce·tte membre."
 
 #: lib/graphql/resolvers/member.ex:252
+#, elixir-autogen, elixir-format
 msgid "You must be logged-in to remove a member"
 msgstr "Vous devez être connecté⋅e pour supprimer un⋅e membre"
 
 #: lib/graphql/resolvers/user.ex:174
+#, elixir-autogen, elixir-format
 msgid "Your email seems to be using an invalid format"
 msgstr "Votre email semble utiliser un format invalide"
 
 #: lib/graphql/resolvers/admin.ex:382
+#, elixir-autogen, elixir-format
 msgid "Can't confirm an already confirmed user"
 msgstr "Impossible de confirmer un⋅e utilisateur⋅ice déjà confirmé⋅e"
 
 #: lib/graphql/resolvers/admin.ex:386
+#, elixir-autogen, elixir-format
 msgid "Deconfirming users is not supported"
 msgstr "Dé-confirmer des utilisateur⋅ices n'est pas supporté"
 
 #: lib/graphql/resolvers/admin.ex:358
+#, elixir-autogen, elixir-format
 msgid "The new role must be different"
 msgstr "Le nouveau rôle doit être différent"
 
 #: lib/graphql/resolvers/admin.ex:309
+#, elixir-autogen, elixir-format
 msgid "You need to be logged-in and an administrator to edit an user's details"
 msgstr "Vous devez être connecté·e et un·e administrateur·ice pour éditer les détails d'un⋅e utilisateur⋅ice"
 
 #: lib/graphql/api/groups.ex:33
+#, elixir-autogen, elixir-format
 msgid "A profile or group with that name already exists"
 msgstr "Un profil ou un groupe avec ce nom existe déjà"
 
 #: lib/graphql/resolvers/admin.ex:519
+#, elixir-autogen, elixir-format
 msgid "Unable to find an instance to follow at this address"
 msgstr "Impossible de trouver une instance à suivre à cette adresse"
 
 #: lib/mobilizon/actors/actor.ex:396
+#, elixir-autogen, elixir-format
 msgid "Username must only contain alphanumeric lowercased characters and underscores."
 msgstr "Le nom d'utilisateur ne doit contenir que des caractères alphanumériques minuscules et des underscores."
 
-#: lib/graphql/resolvers/user.ex:303 lib/graphql/resolvers/user.ex:326
+#: lib/graphql/resolvers/user.ex:303
+#: lib/graphql/resolvers/user.ex:326
+#, elixir-autogen, elixir-format
 msgid "This email doesn't seem to be valid"
 msgstr "Cette adresse e-mail ne semble pas être valide"
 
 #: lib/graphql/resolvers/comment.ex:65
+#, elixir-autogen, elixir-format
 msgid "This comment was detected as spam."
 msgstr "Ce commentaire a été détecté comme spam."
 
 #: lib/graphql/resolvers/event.ex:293
+#, elixir-autogen, elixir-format
 msgid "This event was detected as spam."
 msgstr "Cet événement a été détecté comme spam."
 
 #: lib/graphql/api/reports.ex:66
+#, elixir-autogen, elixir-format
 msgid "Unsupported status for a report"
 msgstr "Statut non supporté pour un signalement"
 
 #: lib/graphql/api/reports.ex:127
+#, elixir-autogen, elixir-format
 msgid "You can only remove your own notes"
 msgstr "Vous pouvez uniquement supprimer vos propres notes"
 
-#: lib/graphql/api/reports.ex:94 lib/graphql/api/reports.ex:121
+#: lib/graphql/api/reports.ex:94
+#: lib/graphql/api/reports.ex:121
+#, elixir-autogen, elixir-format
 msgid "You need to be a moderator or an administrator to create a note on a report"
 msgstr "Vous devez être un·e modérateur·ice ou un·e administrateur·ice pour créer une note sur un signalement"
 
 #: lib/graphql/resolvers/person.ex:330
+#, elixir-autogen, elixir-format
 msgid "Your profile was detected as spam."
 msgstr "Votre profil a été détecté comme un spam."
 
 #: lib/graphql/resolvers/user.ex:191
+#, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr "Votre inscription a été détectée comme du spam et ne peut être poursuivie."
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr "Les paramètres name, scope et redirect_uri sont requis pour créer une application"
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr "Application non trouvée"
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr "Jeton d'application non trouvé"
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format
+msgid "Error while revoking token"
+msgstr "Erreur lors de la révocation du jeton"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr "Impossible de créer l'application."
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+"Paramètres envoyés incorrects. Vous devez au moins fournir les paramètres grant_type et client_id, en fonction du type d’autorisation "
+"utilisée."
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr "Les identifiants clients fournis sont invalides"
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr "Le jeton de rafraîchissement fourni est invalide"
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr "Aucune application n'a été trouvée avec ce client_id"
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr "Non autorisé à accéder au champ %{field}"
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr "Non autorisé à accéder à l'objet %{object}"
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr "Non autorisé à accéder à ce %{object_type}"
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr "Merci de réduire le rythme de vos requêtes"
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr "La requête d'autorisation est toujours en attente"
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr "Le client_id fourni ou device_code associé n'est pas valide"
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr "Le code utilisateur de l'appareil n'a pas été fourni avant l'approbation de la demande"
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr "Le device_code donné a expiré"
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr "Le redirect_uri donné ne figure pas dans la liste des URI de redirection autorisées."
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr "Le champ d'application donné n'est pas dans la liste des champs d'application déclarés par l'application."
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr "Le code utilisateur donné a expiré"
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr "Le code utilisateur donné n'est pas valide"
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr "Le client_id fourni ne correspond pas au code fourni"
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr "Le client_secret fourni n'est pas valide"
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr "Le code fourni n'est pas valide ou a expiré"
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr "Le champ d'application fourni n'est pas valide ou n'est pas inclus dans les champs d'application déclarés de l'application."
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr "Le paramètre scope n'est pas une liste de champs d'application valides séparés par des espaces"
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr "L'utilisateur a refusé l'autorisation demandée"
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr "Cette URI de redirection n'est pas autorisée"
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format
+msgid "Token not found"
+msgstr "Jeton non trouvé"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr "Trop de requêtes"
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr "Impossible de produire un device code"
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr "Impossible de révoquer le jeton"
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr "Pour obtenir un code d'appareil, vous devez passer en paramètre le client_id et le scope"
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr "Vous devez fournir un redirect_uri valide pour autoriser une application"
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr "Vous devez spécifier client_id, redirect_uri, scope et state pour autoriser une application"
diff --git a/priv/gettext/gd/LC_MESSAGES/errors.po b/priv/gettext/gd/LC_MESSAGES/errors.po
index 4a02782a9..4ded13d05 100644
--- a/priv/gettext/gd/LC_MESSAGES/errors.po
+++ b/priv/gettext/gd/LC_MESSAGES/errors.po
@@ -120,7 +120,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -375,7 +375,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -397,7 +397,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -549,7 +549,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -762,48 +762,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1156,3 +1156,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/gl/LC_MESSAGES/errors.po b/priv/gettext/gl/LC_MESSAGES/errors.po
index 2688f4c34..da74ecb24 100644
--- a/priv/gettext/gl/LC_MESSAGES/errors.po
+++ b/priv/gettext/gl/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "O perfil actual non é administrador do grupo seleccionado"
 msgid "Error while saving user settings"
 msgstr "Erro ó gardar os axustes de usuaria"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -373,7 +373,7 @@ msgstr "Non se pode eliminar a última identidade dunha usuaria"
 msgid "Comment is already deleted"
 msgstr "O comentario xa foi eliminado"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -395,7 +395,7 @@ msgstr "Erro ó actualizar a denuncia"
 msgid "Event id not found"
 msgstr "Non se atopou o ID do evento"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -547,7 +547,7 @@ msgstr "Non existe o token"
 msgid "Token is not a valid UUID"
 msgstr "O token non é un UUID válido"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Usuaria non atopada"
@@ -772,48 +772,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Este email xa se está a usar."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Non se atopa a publicación"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Argumentos proporcionados non válidos"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Credenciais non válidas"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Restablece o teu contrasinal para conectar"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Recurso non atopado"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Algo foi mal"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Recurso descoñecido"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Non tes permiso para facer isto"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Tes que estar conectada"
@@ -1173,3 +1173,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Erro ó gardar a denuncia"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Evento non atopado"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/he/LC_MESSAGES/errors.po b/priv/gettext/he/LC_MESSAGES/errors.po
index abb5ed09f..bee0eb572 100644
--- a/priv/gettext/he/LC_MESSAGES/errors.po
+++ b/priv/gettext/he/LC_MESSAGES/errors.po
@@ -108,7 +108,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -363,7 +363,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -385,7 +385,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -537,7 +537,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -750,48 +750,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1144,3 +1144,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/hr/LC_MESSAGES/errors.po b/priv/gettext/hr/LC_MESSAGES/errors.po
index 0d77daa12..477e72949 100644
--- a/priv/gettext/hr/LC_MESSAGES/errors.po
+++ b/priv/gettext/hr/LC_MESSAGES/errors.po
@@ -138,7 +138,7 @@ msgstr "Aktualni profil nije administrator odabrane grupe"
 msgid "Error while saving user settings"
 msgstr "Greška prilikom spremanja korisničkih postavki"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -394,7 +394,7 @@ msgstr "Nije moguće ukloniti zadnji identitet jednog korisnika"
 msgid "Comment is already deleted"
 msgstr "Komentar je već izbrisan"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -416,7 +416,7 @@ msgstr "Greška tijekom aktualiziranja izvještaja"
 msgid "Event id not found"
 msgstr "ID događaja nije pronađen"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -568,7 +568,7 @@ msgstr "Token ne postoji"
 msgid "Token is not a valid UUID"
 msgstr "Token nije ispravan UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Korisnik nije pronađen"
@@ -793,48 +793,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Ova se e-mail adresa već koristi."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Objava nije pronađena"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1188,3 +1188,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Greška tijekom spremanja izvještaja"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/hu/LC_MESSAGES/errors.po b/priv/gettext/hu/LC_MESSAGES/errors.po
index eb3099484..4b7c94bf4 100644
--- a/priv/gettext/hu/LC_MESSAGES/errors.po
+++ b/priv/gettext/hu/LC_MESSAGES/errors.po
@@ -131,7 +131,7 @@ msgstr "A jelenlegi profil nem adminisztrátora a kijelölt csoportnak"
 msgid "Error while saving user settings"
 msgstr "Hiba a felhasználói beállítások mentésekor"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -390,7 +390,7 @@ msgstr "Nem lehet eltávolítani egy felhasználó utolsó személyazonosságát
 msgid "Comment is already deleted"
 msgstr "A hozzászólást már törölték"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -412,7 +412,7 @@ msgstr "Hiba a jelentés frissítésekor"
 msgid "Event id not found"
 msgstr "Nem található az eseményazonosító"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -564,7 +564,7 @@ msgstr "A token nem létezik"
 msgid "Token is not a valid UUID"
 msgstr "A token nem érvényes UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Nem található a felhasználó"
@@ -795,48 +795,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Ez az e-mail-cím már használatban van."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Nem található a bejegyzés"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Érvénytelen argumentumok lettek átadva"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Érvénytelen hitelesítési adatok"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Állítsa vissza a jelszavát a bejelentkezéshez"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Nem található az erőforrás"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Valami elromlott"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Ismeretlen erőforrás"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Nincs jogosultsága, hogy ezt tegye"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Bejelentkezve kell lennie"
@@ -1206,3 +1206,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Hiba a jelentés mentésekor"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "A hozzászólás nem található"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/id/LC_MESSAGES/errors.po b/priv/gettext/id/LC_MESSAGES/errors.po
index 7dc52c8c1..39feda3a8 100644
--- a/priv/gettext/id/LC_MESSAGES/errors.po
+++ b/priv/gettext/id/LC_MESSAGES/errors.po
@@ -109,7 +109,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -364,7 +364,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -386,7 +386,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -538,7 +538,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -751,48 +751,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1145,3 +1145,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/it/LC_MESSAGES/errors.po b/priv/gettext/it/LC_MESSAGES/errors.po
index e436f69ab..5717ff5bc 100644
--- a/priv/gettext/it/LC_MESSAGES/errors.po
+++ b/priv/gettext/it/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "Il profilo corrente non è amministratore del gruppo selezionato"
 msgid "Error while saving user settings"
 msgstr "Errore nel salvare le preferenze utente"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -372,7 +372,7 @@ msgstr "Impossibile rimuovere l'ultima identità di un utente"
 msgid "Comment is already deleted"
 msgstr "Commento già cancellato"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -394,7 +394,7 @@ msgstr "Errore durante l'aggiornamento del rapporto"
 msgid "Event id not found"
 msgstr "ID evento non trovato"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -546,7 +546,7 @@ msgstr "Il token non esiste"
 msgid "Token is not a valid UUID"
 msgstr "Il token non è un UUID valido"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Utente non trovato"
@@ -770,48 +770,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Questa email è già in uso."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Post non trovato"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Sono stati trasmessi argomenti non validi"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Credenziali non valide"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Reimposta la tua password per connetterti"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Segnalazione non trovata"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Qualcosa è andato storto"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Risorsa sconosciuta"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Non hai il permesso di farlo"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Devi essere connesso"
@@ -1181,3 +1181,187 @@ msgstr "Il tuo profilo è stato rilevato come spam."
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr "La sua registrazione è stata rilevata come spam e non può proseguire."
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Errore nel salvare la segnalazione"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Evento non trovato"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/ja/LC_MESSAGES/errors.po b/priv/gettext/ja/LC_MESSAGES/errors.po
index 0bc633e91..40baf8ddc 100644
--- a/priv/gettext/ja/LC_MESSAGES/errors.po
+++ b/priv/gettext/ja/LC_MESSAGES/errors.po
@@ -109,7 +109,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -364,7 +364,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -386,7 +386,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -538,7 +538,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -751,48 +751,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1145,3 +1145,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/nb_NO/LC_MESSAGES/errors.po b/priv/gettext/nb_NO/LC_MESSAGES/errors.po
index 5edb989c8..ab24b0320 100644
--- a/priv/gettext/nb_NO/LC_MESSAGES/errors.po
+++ b/priv/gettext/nb_NO/LC_MESSAGES/errors.po
@@ -108,7 +108,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -363,7 +363,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -385,7 +385,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -537,7 +537,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -750,48 +750,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1144,3 +1144,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/nl/LC_MESSAGES/errors.po b/priv/gettext/nl/LC_MESSAGES/errors.po
index e69bba108..7e36de8af 100644
--- a/priv/gettext/nl/LC_MESSAGES/errors.po
+++ b/priv/gettext/nl/LC_MESSAGES/errors.po
@@ -108,7 +108,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -363,7 +363,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -385,7 +385,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -537,7 +537,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -750,48 +750,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1144,3 +1144,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/nn/LC_MESSAGES/errors.po b/priv/gettext/nn/LC_MESSAGES/errors.po
index 96e9f657e..9a6933e39 100644
--- a/priv/gettext/nn/LC_MESSAGES/errors.po
+++ b/priv/gettext/nn/LC_MESSAGES/errors.po
@@ -131,7 +131,7 @@ msgstr "Denne brukaren er ikkje styrar av gruppa"
 msgid "Error while saving user settings"
 msgstr "Greidde ikkje lagra brukarinnstillingane"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -386,7 +386,7 @@ msgstr "Kan ikkje fjerna den siste identiteten til ein brukar"
 msgid "Comment is already deleted"
 msgstr "Kommentaren er allereie sletta"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -408,7 +408,7 @@ msgstr "Greidde ikkje oppdatera rapporten"
 msgid "Event id not found"
 msgstr "Fann ikkje ID-en til hendinga"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -560,7 +560,7 @@ msgstr "Teiknet finst ikkje"
 msgid "Token is not a valid UUID"
 msgstr "Teiknet er ikkje ein gyldig UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Fann ikkje brukaren"
@@ -787,48 +787,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Denne eposten er allereie i bruk."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Fann ikkje innlegget"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Ugyldige argument"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Ugyldig innlogging"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Nullstill passordet for å logga inn"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Fann ikkje ressursen"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Noko gjekk gale"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Ukjend ressurs"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Du har ikkje løyve til å gjera detet"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Du må vera innlogga"
@@ -1188,3 +1188,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Greidde ikkje lagra rapporten"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Fann ikkje hendinga"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/oc/LC_MESSAGES/errors.po b/priv/gettext/oc/LC_MESSAGES/errors.po
index bcf2cdad7..3a339d034 100644
--- a/priv/gettext/oc/LC_MESSAGES/errors.po
+++ b/priv/gettext/oc/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr "Lo perfil actual es pas administrator del grop seleccionat"
 msgid "Error while saving user settings"
 msgstr "Error en salvagardant los paramètres utilizaire"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -375,7 +375,7 @@ msgstr "Pòden pas suprimir la darrièra identitat d'un utilizator"
 msgid "Comment is already deleted"
 msgstr "Comentari déjà suprimit"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -397,7 +397,7 @@ msgstr "Error mentre la mesa a jorn dèu rapòrt"
 msgid "Event id not found"
 msgstr "ID d'eveniment non trobat"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -549,7 +549,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -762,48 +762,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1156,3 +1156,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Error mentre que sauvant lo rapòrt"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Eveniment non trobat"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/pl/LC_MESSAGES/errors.po b/priv/gettext/pl/LC_MESSAGES/errors.po
index 4784c2573..527322e53 100644
--- a/priv/gettext/pl/LC_MESSAGES/errors.po
+++ b/priv/gettext/pl/LC_MESSAGES/errors.po
@@ -122,7 +122,7 @@ msgstr "Obecny profil nie jest administratorem zaznaczonej grupy"
 msgid "Error while saving user settings"
 msgstr "Błąd zapisywania ustawień użytkownika"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -382,7 +382,7 @@ msgstr "Nie można usunąć jedynej tożsamości użytkownika"
 msgid "Comment is already deleted"
 msgstr "Komentarz jest już usunięty"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -404,7 +404,7 @@ msgstr "Wystąpił błąd podczas aktualizacji zgłoszenia"
 msgid "Event id not found"
 msgstr "Nie znaleziono id wydarzenia"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -556,7 +556,7 @@ msgstr "Token nie istnieje"
 msgid "Token is not a valid UUID"
 msgstr "Token nie jest prawidłowym UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Nie znaleziono użytkownika"
@@ -779,48 +779,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Ten adres e-mail jest już w użyciu."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Nie znaleziono wpisu"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Podano nieprawidłowe argumenty"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Nieprawidłowe dane uwierzytelniające"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Resetuj swoje hasło, aby zalogować się"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Nie znaleziono zasobu"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Coś poszło nie tak"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Nieznany zasób"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Nie masz uprawnień aby to zrobić"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Musisz być zalogowany(-a)"
@@ -1175,3 +1175,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Wystąpił błąd podczas zapisywania zgłoszenia"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Nie znaleziono wydarzenia"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/pt/LC_MESSAGES/errors.po b/priv/gettext/pt/LC_MESSAGES/errors.po
index c24f1a0d1..091d22b08 100644
--- a/priv/gettext/pt/LC_MESSAGES/errors.po
+++ b/priv/gettext/pt/LC_MESSAGES/errors.po
@@ -108,7 +108,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -363,7 +363,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -385,7 +385,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -537,7 +537,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -750,48 +750,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1144,3 +1144,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/pt_BR/LC_MESSAGES/errors.po b/priv/gettext/pt_BR/LC_MESSAGES/errors.po
index 7302261a7..d5f14b8f9 100644
--- a/priv/gettext/pt_BR/LC_MESSAGES/errors.po
+++ b/priv/gettext/pt_BR/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -370,7 +370,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -392,7 +392,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -544,7 +544,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -757,48 +757,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1151,3 +1151,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/ru/LC_MESSAGES/errors.po b/priv/gettext/ru/LC_MESSAGES/errors.po
index 404f96338..df6decbdc 100644
--- a/priv/gettext/ru/LC_MESSAGES/errors.po
+++ b/priv/gettext/ru/LC_MESSAGES/errors.po
@@ -122,7 +122,7 @@ msgstr "Текущий профиль не является администра
 msgid "Error while saving user settings"
 msgstr "Ошибка при сохранении пользовательских настроек"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -385,7 +385,7 @@ msgstr "Единственный идентификатор пользовате
 msgid "Comment is already deleted"
 msgstr "Комментарий уже удалён"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -407,7 +407,7 @@ msgstr "При обновлении отчёта произошла ошибка
 msgid "Event id not found"
 msgstr "Не найден id мероприятия"
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -561,7 +561,7 @@ msgstr "Токен не существует"
 msgid "Token is not a valid UUID"
 msgstr "Токен не является допустимым UUID"
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr "Пользователь не найден"
@@ -799,48 +799,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr "Этот электронный адрес уже используется."
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr "Пост не найден"
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr "Переданы неверные аргументы"
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr "Неверные учётные данные"
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr "Сбросьте пароль для входа в систему"
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Ресурс не найден"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr "Что-то пошло не так"
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr "Неизвестный ресурс"
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "У вас недостаточно для этого прав"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Вам необходимо войти в систему"
@@ -1201,3 +1201,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "При сохранении отчёта произошла ошибка"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr "Мероприятие не найдено"
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/sv/LC_MESSAGES/errors.po b/priv/gettext/sv/LC_MESSAGES/errors.po
index 5f0542a5b..88fde7019 100644
--- a/priv/gettext/sv/LC_MESSAGES/errors.po
+++ b/priv/gettext/sv/LC_MESSAGES/errors.po
@@ -115,7 +115,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr "Ett fel uppstod när användarinställningarna skulle sparas"
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -376,7 +376,7 @@ msgstr "Kan inte ta bort en användares sista identitet"
 msgid "Comment is already deleted"
 msgstr "Kommentaren är redan borttagen"
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format, fuzzy
 msgid "Discussion not found"
@@ -398,7 +398,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -550,7 +550,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -763,48 +763,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr "Resursen kunde inte hittas"
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr "Du har inte behörighet att göra detta"
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr "Du måste vara inloggad"
@@ -1157,3 +1157,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr "Fel vid sparande av rapport"
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""
diff --git a/priv/gettext/zh_Hant/LC_MESSAGES/errors.po b/priv/gettext/zh_Hant/LC_MESSAGES/errors.po
index be7776ff0..0c91a69bb 100644
--- a/priv/gettext/zh_Hant/LC_MESSAGES/errors.po
+++ b/priv/gettext/zh_Hant/LC_MESSAGES/errors.po
@@ -102,7 +102,7 @@ msgstr ""
 msgid "Error while saving user settings"
 msgstr ""
 
-#: lib/graphql/error.ex:101
+#: lib/graphql/error.ex:115
 #: lib/graphql/resolvers/group.ex:273
 #: lib/graphql/resolvers/group.ex:305
 #: lib/graphql/resolvers/group.ex:342
@@ -357,7 +357,7 @@ msgstr ""
 msgid "Comment is already deleted"
 msgstr ""
 
-#: lib/graphql/error.ex:103
+#: lib/graphql/error.ex:117
 #: lib/graphql/resolvers/discussion.ex:69
 #, elixir-autogen, elixir-format
 msgid "Discussion not found"
@@ -379,7 +379,7 @@ msgstr ""
 msgid "Event id not found"
 msgstr ""
 
-#: lib/graphql/error.ex:100
+#: lib/graphql/error.ex:114
 #: lib/graphql/resolvers/event.ex:355
 #: lib/graphql/resolvers/event.ex:407
 #, elixir-autogen, elixir-format
@@ -531,7 +531,7 @@ msgstr ""
 msgid "Token is not a valid UUID"
 msgstr ""
 
-#: lib/graphql/error.ex:98
+#: lib/graphql/error.ex:112
 #, elixir-autogen, elixir-format
 msgid "User not found"
 msgstr ""
@@ -744,48 +744,48 @@ msgstr ""
 msgid "This email is already used."
 msgstr ""
 
-#: lib/graphql/error.ex:99
+#: lib/graphql/error.ex:113
 #, elixir-autogen, elixir-format
 msgid "Post not found"
 msgstr ""
 
-#: lib/graphql/error.ex:86
+#: lib/graphql/error.ex:100
 #, elixir-autogen, elixir-format
 msgid "Invalid arguments passed"
 msgstr ""
 
-#: lib/graphql/error.ex:92
+#: lib/graphql/error.ex:106
 #, elixir-autogen, elixir-format
 msgid "Invalid credentials"
 msgstr ""
 
-#: lib/graphql/error.ex:90
+#: lib/graphql/error.ex:104
 #, elixir-autogen, elixir-format
 msgid "Reset your password to login"
 msgstr ""
 
-#: lib/graphql/error.ex:97
-#: lib/graphql/error.ex:102
+#: lib/graphql/error.ex:111
+#: lib/graphql/error.ex:116
 #, elixir-autogen, elixir-format
 msgid "Resource not found"
 msgstr ""
 
-#: lib/graphql/error.ex:104
+#: lib/graphql/error.ex:123
 #, elixir-autogen, elixir-format
 msgid "Something went wrong"
 msgstr ""
 
-#: lib/graphql/error.ex:85
+#: lib/graphql/error.ex:99
 #, elixir-autogen, elixir-format
 msgid "Unknown Resource"
 msgstr ""
 
-#: lib/graphql/error.ex:95
+#: lib/graphql/error.ex:109
 #, elixir-autogen, elixir-format
 msgid "You don't have permission to do this"
 msgstr ""
 
-#: lib/graphql/error.ex:87
+#: lib/graphql/error.ex:101
 #, elixir-autogen, elixir-format
 msgid "You need to be logged in"
 msgstr ""
@@ -1138,3 +1138,187 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your registration has been detected as spam and cannot be processed."
 msgstr ""
+
+#: lib/web/controllers/application_controller.ex:86
+#, elixir-autogen, elixir-format
+msgid "All of name, scope and redirect_uri parameters are required to create an application"
+msgstr ""
+
+#: lib/graphql/error.ex:118
+#, elixir-autogen, elixir-format
+msgid "Application not found"
+msgstr ""
+
+#: lib/graphql/error.ex:121
+#, elixir-autogen, elixir-format
+msgid "Application token not found"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:89
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Error while revoking token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:59
+#, elixir-autogen, elixir-format
+msgid "Impossible to create application."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:356
+#, elixir-autogen, elixir-format
+msgid "Incorrect parameters sent. You need to provide at least the grant_type and client_id parameters, depending on the grant type being used."
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:329
+#, elixir-autogen, elixir-format
+msgid "Invalid client credentials provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:337
+#, elixir-autogen, elixir-format
+msgid "Invalid refresh token provided"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:170
+#: lib/web/controllers/application_controller.ex:401
+#, elixir-autogen, elixir-format
+msgid "No application was found with this client_id"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:37
+#, elixir-autogen, elixir-format
+msgid "No application with this client_id was found"
+msgstr ""
+
+#: lib/graphql/authorization.ex:80
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access field %{field}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:70
+#: lib/graphql/authorization.ex:75
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access object %{object}"
+msgstr ""
+
+#: lib/graphql/authorization.ex:63
+#, elixir-autogen, elixir-format
+msgid "Not authorized to access this %{object_type}"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:279
+#, elixir-autogen, elixir-format
+msgid "Please slow down the rate of your requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:267
+#, elixir-autogen, elixir-format
+msgid "The authorization request is still pending"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:249
+#, elixir-autogen, elixir-format
+msgid "The client_id provided or the device_code associated is invalid"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:133
+#, elixir-autogen, elixir-format
+msgid "The device user code was not provided before approving the application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:304
+#, elixir-autogen, elixir-format
+msgid "The given device_code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:44
+#, elixir-autogen, elixir-format
+msgid "The given redirect_uri is not in the list of allowed redirect URIs"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:158
+#, elixir-autogen, elixir-format
+msgid "The given scope is not in the list of the app declared scopes"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:109
+#: lib/graphql/resolvers/application.ex:146
+#, elixir-autogen, elixir-format
+msgid "The given user code has expired"
+msgstr ""
+
+#: lib/graphql/resolvers/application.ex:112
+#: lib/graphql/resolvers/application.ex:140
+#, elixir-autogen, elixir-format
+msgid "The given user code is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:411
+#, elixir-autogen, elixir-format
+msgid "The provided client_id does not match the provided code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:414
+#, elixir-autogen, elixir-format
+msgid "The provided client_secret is invalid"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:407
+#, elixir-autogen, elixir-format
+msgid "The provided code is invalid or expired"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:418
+#, elixir-autogen, elixir-format
+msgid "The provided scope is invalid or not included in the app declared scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:45
+#, elixir-autogen, elixir-format
+msgid "The scope parameter is not a space separated list of valid scopes"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:292
+#, elixir-autogen, elixir-format
+msgid "The user rejected the requested authorization"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:404
+#, elixir-autogen, elixir-format
+msgid "This redirect URI is not allowed"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:381
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Token not found"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:72
+#, elixir-autogen, elixir-format
+msgid "Too many requests"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:184
+#, elixir-autogen, elixir-format
+msgid "Unable to produce device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:373
+#, elixir-autogen, elixir-format
+msgid "Unable to revoke token"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:198
+#, elixir-autogen, elixir-format
+msgid "You need to pass both client_id and scope as parameters to obtain a device code"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:136
+#, elixir-autogen, elixir-format
+msgid "You need to provide a valid redirect_uri to autorize an application"
+msgstr ""
+
+#: lib/web/controllers/application_controller.ex:126
+#, elixir-autogen, elixir-format
+msgid "You need to specify client_id, redirect_uri, scope and state to autorize an application"
+msgstr ""