- MFA recovery codes handling
- OAuth2 -> support refresh tokens