- Use atomic getdel for pairing code exchange - Add cascade="all, delete-orphan" to User.client_tokens - Move generate/hash_client_token into AuthHandler as static methods - Extract endpoint helpers to utils/client_tokens.py
Fixes trunk_check (unused import) and check-translations (missing keys in non-en_US locales) CI failures.
Long-lived, revocable, scope-restricted tokens for external clients (mobile apps, retro handhelds, third-party tools). Includes: - Backend: model, migration, DB handler, auth integration (rmm_ prefix routing in HybridAuthBackend), CRUD + pairing + exchange endpoints, rate limiting, scope intersection enforcement, admin oversight - Frontend: settings page with token management table, stepped create/deliver dialog (config -> copy/pair), QR code with RomM logo, admin token table, standalone /pair page for QR scan landing - /pair page supports custom-scheme callbacks for app deep linking, falls back to displaying code for manual entry - 33 backend tests across 5 classes (CRUD, auth, isolation, pairing, admin)