Expand description
Persistent magic-code stores. Two backends ship today:
SqliteMagicCodeBackend— single-file durability. Default for self-hosted single-replica deploys. Lives in the same SQLite file as sessions/oauth-state (PYLON_SESSION_DB).PostgresMagicCodeBackend— multi-replica deploys againstDATABASE_URL=postgres://.... Magic codes are short-lived (10 min) so a row-level pkey is sufficient — no GIN/index gymnastics needed.
Both back the pylon_auth::MagicCodeBackend trait. The store layer
in pylon-auth keeps an in-memory cache as the authoritative read path;
these backends are write-through + load-on-startup so a server
restart between “send magic code” and “verify” doesn’t kill the
user’s pending login.