pushed
unchainedshop/unchained • 7:39 AM - Jan 23, 2026
pozylon updated the API auth flow to drop the jsonwebtoken dependency in favor of jose, making JWT signing/verification async and updating middleware accordingly. The logoutAllSessions mutation was simplified to return only a success response (schema + tests updated), and ACL sensitive action prefixes were tightened (e.g., manageUser/updateUser/createUser).
