From 44c5669d971dc7bbf442d8b116a0f53d71fdcfe2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi@yaal.coop>
Date: Thu, 12 Dec 2024 12:03:32 +0100
Subject: [PATCH] doc: prefer 'multi-factor' over 'two-factor' term

---
 canaille/core/endpoints/auth.py        |    2 +-
 canaille/core/models.py                |    6 +-
 canaille/core/templates/setup-2fa.html |    2 +-
 canaille/translations/messages.pot     |    4 +-
 doc/locales/doc.pot                    | 2816 ++++++++++++------------
 tests/core/test_totp_hotp.py           |    2 +-
 6 files changed, 1417 insertions(+), 1415 deletions(-)

diff --git a/canaille/core/endpoints/auth.py b/canaille/core/endpoints/auth.py
index f4128328..468d9ffa 100644
--- a/canaille/core/endpoints/auth.py
+++ b/canaille/core/endpoints/auth.py
@@ -469,7 +469,7 @@ def redirect_to_verify_2fa(user, otp_method, request_ip, fail_redirect_url):
     if otp_method in ["HOTP", "TOTP"]:
         if not user.last_otp_login:
             flash(
-                "You have not enabled Two-Factor Authentication. Please enable it first to login.",
+                "You have not enabled multi-factor authentication. Please enable it first to login.",
                 "info",
             )
             return redirect(url_for("core.auth.setup_two_factor_auth"))
diff --git a/canaille/core/models.py b/canaille/core/models.py
index b5b543a8..cf2cfccf 100644
--- a/canaille/core/models.py
+++ b/canaille/core/models.py
@@ -255,14 +255,14 @@ class User(Model):
 
     secret_token: str | None = None
     """Unique token generated for each user, used for
-    two-factor authentication."""
+    multi-factor authentication."""
 
     hotp_counter: int | None = None
     """HMAC-based One Time Password counter, used for
-    two-factor authentication."""
+    multi-factor authentication."""
 
     one_time_password: str | None = None
-    """One time password used for email or sms two-factor authentication."""
+    """One time password used for email or sms multi-factor authentication."""
 
     one_time_password_emission_date: datetime.datetime | None = None
     """A DateTime indicating when the user last emitted an email or sms one-time password."""
diff --git a/canaille/core/templates/setup-2fa.html b/canaille/core/templates/setup-2fa.html
index 26466ad3..a8a51012 100644
--- a/canaille/core/templates/setup-2fa.html
+++ b/canaille/core/templates/setup-2fa.html
@@ -20,7 +20,7 @@ <h2 class="ui center aligned header">
                         <div class="content">
                             {{ _("Sign in as %(username)s", username=username) }}
                         </div>
-                        <div class="sub header">{% trans %}Set up Two-Factor Authentication.{% endtrans %}</div>
+                        <div class="sub header">{% trans %}Set up multi-factor authentication.{% endtrans %}</div>
                     </h2>
                 {% endblock %}
 
diff --git a/canaille/translations/messages.pot b/canaille/translations/messages.pot
index 8a59a076..fe67da18 100644
--- a/canaille/translations/messages.pot
+++ b/canaille/translations/messages.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2024-12-12 09:58+0100\n"
+"POT-Creation-Date: 2024-12-12 12:02+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1087,7 +1087,7 @@ msgid "Impersonate"
 msgstr ""
 
 #: canaille/core/templates/setup-2fa.html:23
-msgid "Set up Two-Factor Authentication."
+msgid "Set up multi-factor authentication."
 msgstr ""
 
 #: canaille/core/templates/users.html:5 canaille/core/templates/users.html:29
diff --git a/doc/locales/doc.pot b/doc/locales/doc.pot
index dafdf0e4..cf667296 100644
--- a/doc/locales/doc.pot
+++ b/doc/locales/doc.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: canaille 0.0.56\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-12-12 09:58+0100\n"
+"POT-Creation-Date: 2024-12-12 12:02+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,22 +17,22 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 
 #: ../development/changelog.rst:2
-#: 939119e221dc48ccadef61738f593f75
+#: 3fb33c37ddc0459280f3c58be943008e
 msgid "Release notes"
 msgstr ""
 
 #: ../development/changelog.rst:4
-#: 5c86e0ddf13b4a11afae719b4a8c4213
+#: 67e645fac3b646bba12959afa71710cc
 msgid "All notable changes to this project will be documented in there."
 msgstr ""
 
 #: ../development/changelog.rst:6
-#: 61e5050f997c46568da55c6829f11531
+#: 6c5d0b8435cf4001afa1fe74104daf7a
 msgid "The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_, and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_."
 msgstr ""
 
 #: ../../CHANGES.rst:2
-#: 206f6798b58b44e9ade1689d820c7552
+#: c415689d242946298da972c97d5bb0c4
 msgid "[0.0.57] - Unreleased"
 msgstr ""
 
@@ -65,70 +65,70 @@ msgstr ""
 #: ../../CHANGES.rst:761
 #: ../../CHANGES.rst:778
 #: ../../CHANGES.rst:814
-#: 5b2ae28202d249e39370b51c82a35bda
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
-#: a10a871fc6ea42e8a52a1aa323001a53
+#: 91a8054efa234209906812cdd41bd586
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
+#: 2e9453d4722144fd9ad7f53b28a7cb37
 msgid "Added"
 msgstr ""
 
 #: ../../CHANGES.rst:6
-#: 0952593cb9c24691baaf0bbbeafbefd0
+#: cdab69b7537c452caa3eadb572993a40
 msgid "Multi-factor authentication :issue:`47`"
 msgstr ""
 
 #: ../../CHANGES.rst:7
-#: 4eaf987f0daa4715826a62f691583866
+#: a90b270f7e144a4b81babbac96f5ff22
 msgid ":attr:`~canaille.core.configuration.CoreSettings.OTP_METHOD` and :attr:`~canaille.core.configuration.CoreSettings.EMAIL_OTP` and :attr:`~canaille.core.configuration.CoreSettings.SMS_OTP` and :attr:`~canaille.core.configuration.CoreSettings.SMPP` :issue:`47`"
 msgstr ""
 
 #: ../../CHANGES.rst:12
-#: ba76f44c46d54198af2dcd0692442ce2
+#: 05060126fea740ef82fba8246132aa6e
 msgid "Password compromission check :issue:`179`"
 msgstr ""
 
 #: ../../CHANGES.rst:13
-#: 4eaf987f0daa4715826a62f691583866
+#: a90b270f7e144a4b81babbac96f5ff22
 msgid ":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and :attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK` and :attr:`~canaille.core.configuration.CoreSettings.API_URL_HIBP` :issue:`179`"
 msgstr ""
 
 #: ../../CHANGES.rst:17
-#: c3938df1d7fc47aa9e9e686b32366a0a
+#: 2cfcbdba2e9541dbab610bc724a2683a
 msgid "Implement OIDC client_credentials flow. :issue:`207`"
 msgstr ""
 
 #: ../../CHANGES.rst:18
-#: 7412b825ef54497db43d6f157d46fb6b
+#: 1e36a8464f6045708cf07b39bcdfea1c
 msgid "Button in the client admin page to create client tokens."
 msgstr ""
 
 #: ../../CHANGES.rst:19
-#: 6f16cdf0ce864a20b13344f84e6dfefb
+#: c69d8b01e4194d5b9268b84ab81849d6
 msgid "Basic SCIM implementation. :issue:`116` :pr:`197`"
 msgstr ""
 
@@ -152,41 +152,41 @@ msgstr ""
 #: ../../CHANGES.rst:663
 #: ../../CHANGES.rst:695
 #: ../../CHANGES.rst:709
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
-#: 51ebea9760e04f049db58a8d1e2fdd09
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
+#: 254357b217fe4a309d66a400497a104a
 msgid "Changed"
 msgstr ""
 
 #: ../../CHANGES.rst:23
-#: 5085714dd09e40dcbf2540a73162985c
+#: bb196cd8528b48628628ab53c5288b49
 msgid "PostgreSQL and MySQL extras does not rely on libraries that need to be compiled."
 msgstr ""
 
 #: ../../CHANGES.rst:24
-#: 9108b999fecf4abf910d338c13fd0fc0
+#: c36865875c264bb4a34d614ea2be23cf
 msgid "``.env`` files are not loaded by default. The ``ENV_FILE`` env var must be passed so ``.env`` files are loaded."
 msgstr ""
 
 #: ../../CHANGES.rst:27
-#: 56edbd9989cf41c4b9b58dfd5e108991
+#: 045b041136be49de8d54674ad57fea87
 msgid "[0.0.56] - 2024-11-07"
 msgstr ""
 
@@ -233,1677 +233,1677 @@ msgstr ""
 #: ../../CHANGES.rst:746
 #: ../../CHANGES.rst:769
 #: ../../CHANGES.rst:800
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
-#: ada79906de064c77a4cff6eda5238016
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 839f52c15ed94f0ba4a9356f392f728b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
+#: 13ee0de3f7db4046b8399917e8d52e0b
 msgid "Fixed"
 msgstr ""
 
 #: ../../CHANGES.rst:31
-#: 3d50d62c605c4973956375e2229be4f1
+#: 10c707b06b884b168b2dd26bffd7bf76
 msgid "With LDAP backend, updating another user groups could result in a permission lost for the editor. :issue:`202`"
 msgstr ""
 
 #: ../../CHANGES.rst:35
-#: ce5db69d7e134a938f544bc4c14c2dbc
+#: efa1fc20329f42918fe6a530617cf102
 msgid ":attr:`~canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGHT` and :attr:`~canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGHT` configuration options :issue:`174`"
 msgstr ""
 
 #: ../../CHANGES.rst:37
-#: 0952593cb9c24691baaf0bbbeafbefd0
+#: cdab69b7537c452caa3eadb572993a40
 msgid "Password strength visual indicator. :issue:`174`"
 msgstr ""
 
 #: ../../CHANGES.rst:38
-#: 34660cc568ac402485a0ae2a226c3ed9
+#: 2ae6bad543d64621886630d3db7832e6
 msgid "Security events logs. :issue:`177`"
 msgstr ""
 
 #: ../../CHANGES.rst:39
-#: 74390b590e9e4714bff818c8d9d95630
+#: 40ab5f1ed3bc406fb662d0025e5b3212
 msgid "Support for Python 3.13. :pr:`186`"
 msgstr ""
 
 #: ../../CHANGES.rst:43
-#: 962e298f8c7c44a8b3b0f450eb596537
+#: c7940e351aac4939b964ccb80cebd616
 msgid "Update to `HTMX` 2.0.3. :pr:`184`"
 msgstr ""
 
 #: ../../CHANGES.rst:44
-#: ab78bee0981041d3ade7f68673ab3f12
+#: dfc1569ae0ec412d86503a0695522fa5
 msgid "Migrate the Python project management tool from poetry to uv. :pr:`187`"
 msgstr ""
 
 #: ../../CHANGES.rst:45
-#: 7cb284d8934d4df7b96b3d995f0ae69a
+#: 40c97bec2553487fa62efc486d3ee444
 msgid "The ``sql`` package extra is now split between ``sqlite``, ``postgresql`` and ``mysql``."
 msgstr ""
 
 #: ../../CHANGES.rst:48
 #: ../../CHANGES.rst:398
 #: ../../CHANGES.rst:806
-#: 06fd8459f24443f5bc2dd961a2174774
-#: 06fd8459f24443f5bc2dd961a2174774
-#: 06fd8459f24443f5bc2dd961a2174774
+#: bc1a20b5783a4fe38fa201438a8075e5
+#: bc1a20b5783a4fe38fa201438a8075e5
+#: bc1a20b5783a4fe38fa201438a8075e5
 msgid "Removed"
 msgstr ""
 
 #: ../../CHANGES.rst:49
-#: 7dbb1818231144988378efbcc14e0335
+#: 3f97d00692d047dbbecb5c18a2d45b07
 msgid "End support for Python 3.9. :pr:`179`"
 msgstr ""
 
 #: ../../CHANGES.rst:52
-#: bb731fcd74024f44b0b679df8fd1de3b
+#: 4a57056601f148969254d2f049e0f460
 msgid "[0.0.55] - 2024-08-30"
 msgstr ""
 
 #: ../../CHANGES.rst:56
-#: e3f7e5b1ec3d471bbaad41ad6afbd38e
+#: a037ad5da20049ad82e9f9b0d766cfbb
 msgid "Use poetry-core build backend. :pr:`178`"
 msgstr ""
 
 #: ../../CHANGES.rst:59
-#: 97d86f7b7b6d4df3a78b00068c114b55
+#: d6bf96b8e5cc4a6f8e099b48c1951a6a
 msgid "[0.0.54] - 2024-07-25"
 msgstr ""
 
 #: ../../CHANGES.rst:63
-#: 0f6a7830c88b4121b1141a68853d36fd
+#: 062bcc176aac499384187fcb06e2a00b
 msgid "Group member removal can be achieved from the group edition page. :issue:`192`"
 msgstr ""
 
 #: ../../CHANGES.rst:64
-#: 761788b232b74eb089dd20c1a57bcf2a
+#: 8680469549c74d37a52b1c6252c74d57
 msgid "Model management commands. :issue:`117` :issue:`54`"
 msgstr ""
 
 #: ../../CHANGES.rst:68
-#: 1e28ba0fab8947bfbb7b10fc9dfca645
+#: c19428c67d8f4d198d0ab97defe14fb3
 msgid "Model `identifier_attributes` are fixed."
 msgstr ""
 
 #: ../../CHANGES.rst:69
-#: 72287f1ba34c4cc8b2cf0b4af47bbd53
+#: 571f38b1484b43e2beed6f33eb675700
 msgid "Bump to `HTMX` 1.9.12. :pr:`172`"
 msgstr ""
 
 #: ../../CHANGES.rst:74
-#: 72071aa06de847d29dcd9500881409d0
+#: 9e54da898699471194477836791f08a6
 msgid "Dark theme colors for better readability."
 msgstr ""
 
 #: ../../CHANGES.rst:75
-#: 600f70e2aecd4eba9ddee16500df48db
+#: 4e0f2a8e03a447e59cb0a2b0e6d208f1
 msgid "Crash for passwordless users at login when no SMTP server was configured."
 msgstr ""
 
 #: ../../CHANGES.rst:78
-#: 09953502ecec43198af93b4c10d5dc3e
+#: a9273241db7e4137bac5973b20e3ec5d
 msgid "[0.0.53] - 2024-04-22"
 msgstr ""
 
 #: ../../CHANGES.rst:82
-#: 4627291987094c60b1acc76d520719b4
+#: 17fbf739a68a4e59b5cc6da8befa1c6f
 msgid "`env_prefix` :meth:`~canaille.create_app` variable can select the environment var prefix."
 msgstr ""
 
 #: ../../CHANGES.rst:85
-#: f21535ae9e6643708c8459143e861870
+#: 7bdc8f732053463b95353cdf5c994838
 msgid "[0.0.52] - 2024-04-22"
 msgstr ""
 
 #: ../../CHANGES.rst:89
-#: c9c3eb7bdd894b96b0adf60e33691fd4
+#: bc7d1037cdfd40a69044f465467f6834
 msgid "`env_file` create_app variable can customize/disable the .env file."
 msgstr ""
 
 #: ../../CHANGES.rst:93
-#: 7cda9bf8a22540d0b3233546e130847f
+#: 9685a5e5a13147f093ac57e2039fe11b
 msgid "Locked users cannot be impersonated anymore."
 msgstr ""
 
 #: ../../CHANGES.rst:94
-#: 965223cd352948c8a77f1b4ce2b50ce4
+#: 1b83a24a97384c2faab67e915701e6b2
 msgid "Minimum Python requirement is 3.9."
 msgstr ""
 
 #: ../../CHANGES.rst:97
-#: de227140ea8e4d629ffd4189dbd43460
+#: e88f01e3f89f45f2a63b456f8e304d3d
 msgid "[0.0.51] - 2024-04-09"
 msgstr ""
 
 #: ../../CHANGES.rst:101
-#: 79f55debd9964020a684739fd256ef14
+#: aae3d126989840578ec2b08058aad688
 msgid "Display the menu bar on error pages."
 msgstr ""
 
 #: ../../CHANGES.rst:104
-#: 27a5f8ea8faa41deaf71ae8564fd43a5
+#: 22b11dc18595450fa5e7fe5f35824ebe
 msgid "[0.0.50] - 2024-04-09"
 msgstr ""
 
 #: ../../CHANGES.rst:108
-#: 8d78dcd06ac84e7d9075dbb55d08b68c
+#: fc1bc503759c4beb943e9dcbf0c4a9cf
 msgid "Sign in/out events are logged in. :issue:`177`"
 msgstr ""
 
 #: ../../CHANGES.rst:112
-#: f54c1f04263c4f19bf7c01a9e9fb1533
+#: cfe0182123c94bcc9ee847739bd2e114
 msgid "`HTMX` and `JAVASCRIPT` configuration settings."
 msgstr ""
 
 #: ../../CHANGES.rst:113
-#: aac9f0d6bc274a6998bed8663e581445
+#: 3bc7c83763d34549bac91df86a22b3a0
 msgid "Compatibility with old sessions IDs."
 msgstr ""
 
 #: ../../CHANGES.rst:116
-#: 6c309d659a9d4b00897c0c86136117f2
+#: cdee0bee34024d21bace2d77ff637ed9
 msgid "[0.0.49] - 2024-04-08"
 msgstr ""
 
 #: ../../CHANGES.rst:120
-#: e40c5385bf174d4dbdeb1e6c8f2bbca9
+#: f9c9585c305d47628adffcae287229d2
 msgid "LDAP user group removal."
 msgstr ""
 
 #: ../../CHANGES.rst:121
-#: db426dd917e9449ea1571f6d90fb59cb
+#: c25c5c6a9cca4061be6502cae5e86ba2
 msgid "Display an error message when trying to remove the last user from a group."
 msgstr ""
 
 #: ../../CHANGES.rst:124
-#: aa9c1e96a9d84eb388b2ad22b0b9fa86
+#: 5e0c66b55801444497954839297b97eb
 msgid "[0.0.48] - 2024-04-08"
 msgstr ""
 
 #: ../../CHANGES.rst:128
-#: 3bbde6f2fc244902955a6b16a1d9bdc6
+#: bd9920a130844ee897863a6b649484e2
 msgid "LDAP ``objectClass`` guessing exception."
 msgstr ""
 
 #: ../../CHANGES.rst:131
-#: f55a477d72624ef691e7a783940c3208
+#: 93cf829932204311ba399ae713aff29f
 msgid "[0.0.47] - 2024-04-08"
 msgstr ""
 
 #: ../../CHANGES.rst:135
-#: aa6227db351548d1a883af36de508805
+#: b7a5d3351a334b0592b12373e1c7afa6
 msgid "Lazy permission loading exception."
 msgstr ""
 
 #: ../../CHANGES.rst:138
-#: 665fb2129c5f4c498a9eca30a7625d69
+#: c6000ae4f0fc4d488ab180c3aa9eb144
 msgid "[0.0.46] - 2024-04-08"
 msgstr ""
 
 #: ../../CHANGES.rst:142
-#: a736243f81d845d5a13e66303db4632d
+#: db4476f22ad049f49833696323eb1b33
 msgid "Saving an object with the LDAP backend keeps the ``objectClass`` un-managed by Canaille. :pr:`171`"
 msgstr ""
 
 #: ../../CHANGES.rst:145
-#: 23d50243f242497eafeb43190b191910
+#: d7117b0322b549ff87b73b8e4c839915
 msgid "[0.0.45] - 2024-04-04"
 msgstr ""
 
 #: ../../CHANGES.rst:149
-#: 8ca38c12afde4e1d881f0f631dee2180
+#: 9690ab893eef4290a52b1137f24b9be8
 msgid "Internal indexation mechanism of :class:`~canaille.backends.memory.model.MemoryModel`."
 msgstr ""
 
 #: ../../CHANGES.rst:152
-#: 0ec8aaff2a864d52beaead02de313d2f
+#: be79650410904879b53da2c62ac092d5
 msgid "[0.0.44] - 2024-03-29"
 msgstr ""
 
 #: ../../CHANGES.rst:156
-#: 23af820d08664c0dbf3229567505e6a9
+#: 1c2533bc36b548c59361d7b3e304cce6
 msgid "Fix the default LDAP ``USER_FILTER`` value."
 msgstr ""
 
 #: ../../CHANGES.rst:157
-#: 695d4f4fe29a4f07960244b87ee1db21
+#: c429e79bd5aa46edb7b4cd1bd87c3ad8
 msgid "Fix the OIDC feature detection."
 msgstr ""
 
 #: ../../CHANGES.rst:160
-#: e7f1b082e81e4486b09fc76512e49dc5
+#: 51a43a574cc943b5912effdaa67f8690
 msgid "[0.0.43] - 2024-03-29"
 msgstr ""
 
 #: ../../CHANGES.rst:164
 #: ../../CHANGES.rst:423
-#: 5cd7f27a291e46298c9a3aa6ee0e5cf0
-#: 5cd7f27a291e46298c9a3aa6ee0e5cf0
+#: 02e8eccba3b74e889a68c78dc51e0a24
+#: 02e8eccba3b74e889a68c78dc51e0a24
 msgid "Configuration files must be updated."
 msgstr ""
 
 #: ../../CHANGES.rst:169
-#: d7d284cc9b424ec69d5240b428964d52
+#: a39fba5f25754fdc9f0f339142ff0320
 msgid "Add ``created`` and ``last_modified`` datetime for all models."
 msgstr ""
 
 #: ../../CHANGES.rst:170
-#: 19050fc882664743866b11a49ca7e398
+#: b1e37ddf62994798a70a23cff76ed4d6
 msgid "Sitemap to the documentation. :pr:`169`"
 msgstr ""
 
 #: ../../CHANGES.rst:171
-#: bd7c56451cfa479fb3b8d19275045b6e
+#: 54cf20bc59af4634af6b3f2d0e10c5e9
 msgid "Configuration management with `pydantic-settings`. :issue:`138` :pr:`170`"
 msgstr ""
 
 #: ../../CHANGES.rst:176
-#: d3e65f7666664d4f8ca54f02bf597c71
+#: 689b4f88ba4b43db8c8b1a7bff0aebe6
 msgid "Use default Python logging configuration format. :issue:`188` :pr:`165`"
 msgstr ""
 
 #: ../../CHANGES.rst:177
-#: ae5e4441862443b9aac1e26cf19a8908
+#: 7d18c66450654e25a65749ea273b859d
 msgid "Bump to `HTMX` 1.99.11. :pr:`166`"
 msgstr ""
 
 #: ../../CHANGES.rst:178
-#: e487c2a78a354c6e85ec43fda9f59c4d
+#: 9d053f12577548bc8cff1add00376bae
 msgid "Use the standard tomllib Python module instead of `toml` starting from Python 3.11. :pr:`167`"
 msgstr ""
 
 #: ../../CHANGES.rst:179
-#: e80e66bd46e14c0fae82950444ba043b
+#: fd8c1c0314b2465c9cacb4ba593eae77
 msgid "Use shibuya as the documentation theme :pr:`168`"
 msgstr ""
 
 #: ../../CHANGES.rst:182
-#: 0eb0c4eec73848d283d54626e8538c61
+#: abc0b3ba739e4f99866d02027d8128d2
 msgid "[0.0.42] - 2023-12-29"
 msgstr ""
 
 #: ../../CHANGES.rst:187
-#: 8e57897d767b4603a54db28c97416ee8
+#: 74e8932123b744b2809d370b36980326
 msgid "Avoid to fail on imports if ``cryptography`` is missing."
 msgstr ""
 
 #: ../../CHANGES.rst:190
-#: f4ff69324e6e4a24b2f5aabf9ee71655
+#: 41f209b7a9054599b7b71d4fab3afe8f
 msgid "[0.0.41] - 2023-12-25"
 msgstr ""
 
 #: ../../CHANGES.rst:195
-#: 39dd9ec6c6c2415fa90973a715a08d9f
+#: 77ff8fdeadf94e2f8696b2f5b9bd9349
 msgid "OIDC support for the ``create`` value of the ``prompt`` parameter. :issue:`185` :pr:`164`"
 msgstr ""
 
 #: ../../CHANGES.rst:200
-#: 7d59a023c9bc4a9b94f4339112602d32
+#: 8940d9836a9f46a09613c3646e1d55f8
 msgid "Correctly set up :attr:`~canaille.oidc.basemodels.Client.audience` during OIDC dynamic registration."
 msgstr ""
 
 #: ../../CHANGES.rst:201
-#: 1e194b3a94034c65936a18174d1078c5
+#: bb9a9230771445b6a7c93f042fb289ee
 msgid "``post_logout_redirect_uris`` was ignored during OIDC dynamic registration."
 msgstr ""
 
 #: ../../CHANGES.rst:202
-#: d9f10cf1c5b3401d95f461f57dbfbece
+#: b5d0341447ef443b969d2a48457442f2
 msgid "Group field error prevented the registration form validation."
 msgstr ""
 
 #: ../../CHANGES.rst:205
-#: 6653ebc2588a4ad8989581ca1060f1d9
+#: 7bcad6150cbc4883817538eb23bed3bd
 msgid "[0.0.40] - 2023-12-22"
 msgstr ""
 
 #: ../../CHANGES.rst:210
-#: 1eb728d8f35e4e57bd9b4284c7dd677b
+#: aae4204166c443f99e04d84842dd6dd9
 msgid "The ``THEME`` setting can be a relative path."
 msgstr ""
 
 #: ../../CHANGES.rst:213
-#: 37f2ef92582741e2985bab37fb6495df
+#: 26224cfa5ee647a2b15239a78065f5f7
 msgid "[0.0.39] - 2023-12-15"
 msgstr ""
 
 #: ../../CHANGES.rst:218
-#: b46f180dbba54aafb438013586a4100f
+#: 14b2b67c379045d681ee712797f44328
 msgid "Crash when no ACL were defined."
 msgstr ""
 
 #: ../../CHANGES.rst:219
-#: 958f8c3ecc57438e835053b3a7d87721
+#: 38649598ac954d29843b54b15343dd15
 msgid "OIDC Userinfo endpoint is also available in POST."
 msgstr ""
 
 #: ../../CHANGES.rst:220
-#: c37693d772f44c64b03f3baee793c0a1
+#: ed1da2958a1646fd82c70171a5c04317
 msgid "Fix redirection after password reset. :issue:`159`"
 msgstr ""
 
 #: ../../CHANGES.rst:223
-#: 9f0b57bb752141079ef51cc0833d3597
+#: 8f2bc47f69554f539aa2836958029d59
 msgid "[0.0.38] - 2023-12-15"
 msgstr ""
 
 #: ../../CHANGES.rst:228
-#: b208dfe943e64175906f965703dc33dd
+#: 24f252671c9a4a3590e94e5e563e4d19
 msgid "Convert all the `PNG` pictures in `Webp`. :pr:`162`"
 msgstr ""
 
 #: ../../CHANGES.rst:229
-#: 3827e636cee240479b1fcedbc86bdfde
+#: 8a1d423f79f749868c06a775e9c21bd2
 msgid "Update to Flask 3. :issue:`161` :pr:`163`"
 msgstr ""
 
 #: ../../CHANGES.rst:232
-#: acb7a5113f214b84b7f8fd21b48e22de
+#: 9d53638e5933499baafec12390f02e23
 msgid "[0.0.37] - 2023-12-01"
 msgstr ""
 
 #: ../../CHANGES.rst:237
-#: a22ebfb72b3d4c8c8285d99f4a18ed88
+#: 5ed255dd094a4a3aae1b75edf54001ad
 msgid "Handle 4xx and 5xx error codes with HTMX. :issue:`171` :pr:`161`"
 msgstr ""
 
 #: ../../CHANGES.rst:240
-#: 5033ceb76b61492896a738cbabdf0e1a
+#: 26d16685ada341a29bf6ee6e98997128
 msgid "[0.0.36] - 2023-12-01"
 msgstr ""
 
 #: ../../CHANGES.rst:245
-#: df785fb08515480b8205eb8d521d699b
+#: 2cfddfd6843e4cbfb1b645c84bc70322
 msgid "Avoid crashing when LDAP groups references unexisting users."
 msgstr ""
 
 #: ../../CHANGES.rst:246
-#: e24d3cf2b5344f3196d44717249eeac9
+#: f5714a32e81841e29f2619f6ee5464e8
 msgid "Password reset and initialization mails were only sent to the preferred user email address."
 msgstr ""
 
 #: ../../CHANGES.rst:248
-#: 279eb5763cb9437e98472ba23ef09cb9
+#: 4e121ada1cc24b7b8051d085b0ce464b
 msgid "Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached."
 msgstr ""
 
 #: ../../CHANGES.rst:250
-#: 8dbbbb93c0d9468db5756b74091a0346
+#: c5fc8c86d3df4732b3a06f70dd89af18
 msgid "Password comparison was too permissive on login."
 msgstr ""
 
 #: ../../CHANGES.rst:251
-#: 2d5c6dab823a45df94ab7061b78fa140
+#: 36f936a6dd8c41c5bc833d928f347321
 msgid "Encrypt passwords in the SQL backend."
 msgstr ""
 
 #: ../../CHANGES.rst:254
-#: 09acf9167bb14934ac3e4b763914df5c
+#: 76befacfb135435fbee6ee0fe07f40e5
 msgid "[0.0.35] - 2023-11-25"
 msgstr ""
 
 #: ../../CHANGES.rst:259
-#: b616ae34c6084446b826cbb4bea285ce
+#: 14d361d80e4c429f929b943d3321e895
 msgid "Refresh token grant supports other client authentication methods. :pr:`157`"
 msgstr ""
 
 #: ../../CHANGES.rst:260
-#: 5e0cc8d4b2f9482cb0dd7d15578824ca
+#: c52cda2685214bcab533db539acee007
 msgid "Implement a SQLAlchemy backend. :issue:`30` :pr:`158`"
 msgstr ""
 
 #: ../../CHANGES.rst:265
-#: 1379d1aee7ee46fca1a78b6015f8d450
+#: 57670f55b7644a0888ab65cd2da2fd8c
 msgid "Model attributes cardinality is closer to SCIM model. :pr:`155`"
 msgstr ""
 
 #: ../../CHANGES.rst:266
-#: 08f54a2189ba47dbb2e65e442181d6fd
+#: f4ef25b7b38b42a48fb2a32c5cd8888f
 msgid "Bump to `HTMX` 1.9.9. :pr:`159`"
 msgstr ""
 
 #: ../../CHANGES.rst:271
-#: 001465c19ae140678ce9a78eb0ae7ff5
+#: 49b0b7da40204fdeaf40c5281235c2a6
 msgid "Disable `HTMX` boosting during the OIDC dance. :pr:`160`"
 msgstr ""
 
 #: ../../CHANGES.rst:274
-#: e063fae1c9984dc0af421058e9bfb500
+#: db372dee122e4b4fb18c2c99dd056ce2
 msgid "[0.0.34] - 2023-10-02"
 msgstr ""
 
 #: ../../CHANGES.rst:279
-#: 3aadd82912d6401f8fddc3655ad594b9
+#: a4b5211e96894c5d9d51b2630d6aea17
 msgid "Canaille installations without account lockabilty could not delete users. :pr:`153`"
 msgstr ""
 
 #: ../../CHANGES.rst:285
-#: 52c2946196324ed2bfacac3fb518a6a1
+#: 4f4ca04b08a04dcb8f6a2eb6605f0e13
 msgid "If users register or authenticate during a OAuth Authorization phase, they get redirected back to that page afterwards. :issue:`168` :pr:`151`"
 msgstr ""
 
 #: ../../CHANGES.rst:288
-#: e0bb3561373b4651b98fcc1df2e5db94
+#: 298ffe26093441918be8b38d13f0cc58
 msgid "The `flask-babel` and `pytz` libraries are now part of the `front` packaging extras."
 msgstr ""
 
 #: ../../CHANGES.rst:289
-#: 9cc1748f2a624399ae9983904d6765fc
+#: ccb502180d634f11ad173619af1b68d8
 msgid "Bump to `fomantic-ui` 2.9.3. :pr:`152`"
 msgstr ""
 
 #: ../../CHANGES.rst:290
-#: ec7e3985dc034f43bc0e2411086928e7
+#: 7413676f512d4473972484920ff5f060
 msgid "Bump to `HTMX` 1.9.6. :pr:`154`"
 msgstr ""
 
 #: ../../CHANGES.rst:291
-#: 768b97eabcb04396a1c3f7e3691c3ed2
+#: 7905327465c44c09b2a10854abe79960
 msgid "Support for Python 3.12. :pr:`155`"
 msgstr ""
 
 #: ../../CHANGES.rst:294
-#: 4664970b84d545e18a553f8191bc6e8b
+#: 808e57e560f74a25b60029fbd6531d2e
 msgid "[0.0.33] - 2023-08-26"
 msgstr ""
 
 #: ../../CHANGES.rst:299
-#: 3456a02cbd894fccb45ffc1108226c5a
+#: 1179dc27648248188fdecf5696fd5045
 msgid "OIDC jwks endpoint do not return empty `kid` claim."
 msgstr ""
 
 #: ../../CHANGES.rst:304
-#: fd6c83b8455f4402b82ffe670e6c83c1
+#: b8b2caca239b4b609143ffd267522a16
 msgid "Documentation details on the Canaille models."
 msgstr ""
 
 #: ../../CHANGES.rst:307
-#: 1f3135eb404e412787af9b4f971ea523
+#: dd35ed0e27664b6b954e9b39881f14bc
 msgid "[0.0.32] - 2023-08-17"
 msgstr ""
 
 #: ../../CHANGES.rst:312
-#: fe7a0cb646094a3d9b2428f7b7d2f3d4
+#: bdcae061315a4e92a6bc1a48475cb351
 msgid "Additional inmemory backend. :issue:`30` :pr:`149`"
 msgstr ""
 
 #: ../../CHANGES.rst:313
-#: 82523d1da67a46089ffd899f134486dd
+#: c39cbed721254ce5ad9c250de1e7ea41
 msgid "Installation extras. :issue:`167` :pr:`150`"
 msgstr ""
 
 #: ../../CHANGES.rst:316
-#: 9b5b3399c9fd4f3bbc8e152ee37e7910
+#: 5311648e4c714ed29e89e9644167f963
 msgid "[0.0.31] - 2023-08-15"
 msgstr ""
 
 #: ../../CHANGES.rst:321
-#: b2ebe664d67047a5882a33ac5c75875b
+#: a6a4b510a0ac4b4ebeb9160510f72d77
 msgid "Configuration option to disable the forced usage of OIDC `nonce` parameter. :pr:`143`"
 msgstr ""
 
 #: ../../CHANGES.rst:322
-#: 463b404944d9465fa6a17d3d3c0ea106
+#: 37eb24ef005e44da8ae0f4c48bda766c
 msgid "Validate phone numbers with a regex. :pr:`146`"
 msgstr ""
 
 #: ../../CHANGES.rst:323
-#: 0effe02b658f49698ab59c14e9103fbe
+#: 2be2120a0500430a8d854d1b8f19a0bf
 msgid "Email verification. :issue:`41` :pr:`147`"
 msgstr ""
 
 #: ../../CHANGES.rst:324
-#: ca5e445840644c90980662464ea67abc
+#: d3be95492ef348efa77976515d4ffca9
 msgid "Account registration. :issue:`55` :pr:`133` :pr:`148`"
 msgstr ""
 
 #: ../../CHANGES.rst:329
-#: 3792c9999c5a44c892129bce1c222552
+#: 1a3da0153c2b451d99665d2b61c512f2
 msgid "The `check` command uses the default configuration values."
 msgstr ""
 
 #: ../../CHANGES.rst:334
-#: 6e0b77065c024ebb96f30998294a3b8d
+#: 15f35fa96af04e508b1a6448d866cb5f
 msgid "Modals do not need use Javascript at the moment. :issue:`158` :pr:`144`"
 msgstr ""
 
 #: ../../CHANGES.rst:337
-#: e513ff9194cb493fb3273e811b5b96d0
+#: add3188842de44b691dfbe3152546f7b
 msgid "[0.0.30] - 2023-07-06"
 msgstr ""
 
 #: ../../CHANGES.rst:341
-#: 7bd32f1cc1c24ce9a6a7a4f3d7fd6024
+#: b96e981450334eee84128d7dffb40d8f
 msgid "Configuration files must be updated. Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``"
 msgstr ""
 
 #: ../../CHANGES.rst:347
-#: a3f5487d18624886a2adee2c28346eae
+#: ab83051dda0b48d185846e49011f2429
 msgid "Configuration option to disable Javascript. :pr:`141`"
 msgstr ""
 
 #: ../../CHANGES.rst:352
-#: e6ab42f3565b415f85d7778e5ac18966
+#: 85fb804c891f444c9de116e6e4771526
 msgid "The configuration parameter ``USER_FILTER`` is parsed with Jinja."
 msgstr ""
 
 #: ../../CHANGES.rst:353
-#: de4e44a5b6324f389effc64a28a69c5d
+#: 42d91f7cf5a3438a8bcb0bd5c193f1ea
 msgid "Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``."
 msgstr ""
 
 #: ../../CHANGES.rst:356
-#: 812f9e5828dd4912bc832214d5ae721d
+#: 30736e0e4b854b46940e80c38023946a
 msgid "[0.0.29] - 2023-06-30"
 msgstr ""
 
 #: ../../CHANGES.rst:361
-#: 81bf1e1132f44c5399805dc865372873
+#: 89d319fb81e148cb8f82f4b1a5a5390c
 msgid "Disabled `HTMX` boosting on OIDC forms to avoid errors."
 msgstr ""
 
 #: ../../CHANGES.rst:364
-#: 0b442eaa0f7f44919f3793aac59d4b4d
+#: 68d32ee84fa642dfbf358ef907193eb8
 msgid "[0.0.28] - 2023-06-30"
 msgstr ""
 
 #: ../../CHANGES.rst:369
-#: 3b645ba8d22642f7ae36a9401a170414
+#: 5490daf53fd144c0b6b360e90bf5667b
 msgid "A template variable was misnamed."
 msgstr ""
 
 #: ../../CHANGES.rst:372
-#: 1c8d7269601c4cbf8c6952063000a5f1
+#: c65a251ed68a49beaff42740c12ce76a
 msgid "[0.0.27] - 2023-06-29"
 msgstr ""
 
 #: ../../CHANGES.rst:376
-#: 3082667648f14f86a48ba1f4c71c6bf1
+#: ccf84fb0d4cd47058c3849498bd92259
 msgid "Configuration files must be updated. Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``"
 msgstr ""
 
 #: ../../CHANGES.rst:382
-#: d37a0bf60d6a407094dca1df32907bc3
+#: 0856562aad23492aa6efc7f6e4bf8f90
 msgid "Configuration entries can be loaded from files if the entry key has a *_FILE* suffix and the entry value is the path to the file. :issue:`134` :pr:`134`"
 msgstr ""
 
 #: ../../CHANGES.rst:384
-#: b198cedfd2dc4b1ca5caffb7281b2b77
+#: 24fa209262e04bcbb46c2ab7c881fbaa
 msgid "Field list support. :issue:`115` :pr:`136`"
 msgstr ""
 
 #: ../../CHANGES.rst:385
-#: bda5916225d046aa92eee4df020d31d7
+#: eaff808f9ce745c59a1b373ab0ef90ab
 msgid "Pages are boosted with `HTMX`. :issue:`144` :issue:`145` :pr:`137`"
 msgstr ""
 
 #: ../../CHANGES.rst:390
-#: f0103671112e414da54f464537b92886
+#: 8afcdb0ddd8f4e6c9941315ff1b06538
 msgid "Bump to jquery 3.7.0. :pr:`138`"
 msgstr ""
 
 #: ../../CHANGES.rst:395
-#: a3de7cd9d0b74333bbe2252c30b27d24
+#: a6e1f4b8a72f4500ab437a86f6e98d06
 msgid "Profile edition when the user RDN was not ``uid``. :issue:`148` :pr:`139`"
 msgstr ""
 
 #: ../../CHANGES.rst:400
-#: a8ee95c286e44ee190211fc2e7792b41
+#: cfcf7ee77bb84df1bcd780df223e9044
 msgid "Stop support for Python 3.7. :pr:`131`"
 msgstr ""
 
 #: ../../CHANGES.rst:403
-#: 031ef0bde1a142fda5313115f399b305
+#: 42eab7328c604747ad6bde0067cb6603
 msgid "[0.0.26] - 2023-06-03"
 msgstr ""
 
 #: ../../CHANGES.rst:408
-#: 8cd815265cd245d8ae32992c885e4c63
+#: b621a029c6ec420d8708f0ddd4b49c85
 msgid "Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+. :issue:`13` :pr:`118`"
 msgstr ""
 
 #: ../../CHANGES.rst:410
-#: f7ab79e41d1c400fa0f5be534df749eb
+#: 05f5b0808e74429b92bf61fa570014cf
 msgid "Timezone configuration entry. :issue:`137` :pr:`130`"
 msgstr ""
 
 #: ../../CHANGES.rst:415
-#: 01a6b5ffbd164e11a7d13c2a720b6230
+#: d7e71d1ce6704911b7e5094538cc1084
 msgid "Avoid setting ``None`` in JWT claims when they have no value."
 msgstr ""
 
 #: ../../CHANGES.rst:416
-#: 1b9beda783b14033b13b34bb69dcf94e
+#: e16dcca3b764486d874401ba65e22f78
 msgid "Display password recovery button on OIDC login page. :pr:`129`"
 msgstr ""
 
 #: ../../CHANGES.rst:419
-#: 98f294fe9c78448e92a9340f14812660
+#: dcbd97e0bc4f44babcdc9ad9a503c162
 msgid "[0.0.25] - 2023-05-05"
 msgstr ""
 
 #: ../../CHANGES.rst:424
-#: b9e80a38348a4fabb577d17c476ef787
+#: 4109765130284304994ae405858bdd3c
 msgid "Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``"
 msgstr ""
 
 #: ../../CHANGES.rst:429
-#: d72e485b1606403e895166193d518a26
+#: c4645c08f789400bba029897871bb828
 msgid "Renamed user model attributes to match SCIM naming convention. :pr:`123`"
 msgstr ""
 
 #: ../../CHANGES.rst:430
-#: f53dae9936ca4478b6575167779eb297
+#: 3c58d21fdc81418e8ee43179c2d6384f
 msgid "Moved OIDC related configuration entries in ``OIDC``."
 msgstr ""
 
 #: ../../CHANGES.rst:431
-#: c097b3593a1f42d882167cef3925368a
+#: 5b002906414e41448a3fadea87d71e45
 msgid "Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``."
 msgstr ""
 
 #: ../../CHANGES.rst:432
-#: 88b8faa16b314ab3bc05c8a24dc7432e
+#: d58c113094474cf3b82e8a3303202bb6
 msgid "Bumped to `HTMX` 1.9.0. :pr:`124`"
 msgstr ""
 
 #: ../../CHANGES.rst:433
-#: 391a6692f5de4897ac370fc253b7caf4
+#: 3bbdffb495f74fccbdb9eeb78a8eaf81
 msgid "ACL filters are no more LDAP filters but user attribute mappings. :pr:`125`"
 msgstr ""
 
 #: ../../CHANGES.rst:434
-#: 286baa01210c47ee8a9c71a8c51e72fb
+#: 0d3ea4f8df2542e0a7da5029159f31e0
 msgid "Bumped to `HTMX` 1.9.2. :pr:`127`"
 msgstr ""
 
 #: ../../CHANGES.rst:439
-#: 2f5e152512fe493c9e5f291f3dc47ca3
+#: 71139e5ab6e34c2a87d51d3d04c0dbc0
 msgid "``OIDC.JWT.MAPPING`` configuration entry is really optional now."
 msgstr ""
 
 #: ../../CHANGES.rst:440
-#: 646ffd29b1694f58a41036fec066e023
+#: e34b111a3a8b4e2da966a36107a682b5
 msgid "Fixed empty model attributes registration. :pr:`125`"
 msgstr ""
 
 #: ../../CHANGES.rst:441
-#: 8ef81a1e8e584cab90c6401a07c88b81
+#: 566d49eca850419cbb39c3a78a4160aa
 msgid "Password initialization mails were not correctly sent. :pr:`128`"
 msgstr ""
 
 #: ../../CHANGES.rst:444
-#: e9729b8de309453a862cb61a500d83a6
+#: f461dc48e9c846628f7ddb99b18252c6
 msgid "[0.0.24] - 2023-04-07"
 msgstr ""
 
 #: ../../CHANGES.rst:449
-#: e25900ea2cb9451f9def4f1230cf311b
+#: 007393d26d6e4375a0e05cbbf6c41d65
 msgid "Fixed avatar update. :pr:`122`"
 msgstr ""
 
 #: ../../CHANGES.rst:452
-#: 6b0ff68eb4d048f9a87c723077b6a917
+#: 0ddfaf5df815484f9eb469a884e5f667
 msgid "[0.0.23] - 2023-04-05"
 msgstr ""
 
 #: ../../CHANGES.rst:457
-#: 45d12b8c7b044a6aa129a826cb589403
+#: 2e7346baddf44a7f9f5b9a05ae826913
 msgid "Organization field. :pr:`116`"
 msgstr ""
 
 #: ../../CHANGES.rst:458
-#: 7554a21c2da44a10ae7044507e7e8ef1
+#: 1c68c43ae90f4e2e944dab12514f06d1
 msgid "ETag and Last-Modified headers on user photos. :pr:`116`"
 msgstr ""
 
 #: ../../CHANGES.rst:459
-#: 56e3c78c43bc4ebfb789357d53401f12
+#: bcaf8fe7d8e940f191ed6ea5178566c1
 msgid "Dynamic form validation. :pr:`120`"
 msgstr ""
 
 #: ../../CHANGES.rst:464
-#: eef201e52d6e487fb83b276678dcf6ad
+#: 2b077ff5215a4b20b8438e82f4366ada
 msgid "UX rework. Submenu addition. :pr:`114`"
 msgstr ""
 
 #: ../../CHANGES.rst:465
-#: f6dfc94a3486418cb94ebe88c6078543
+#: 166152fdbf6248e8a4af29f4f3bf5b6e
 msgid "Properly handle LDAP date timezones. :pr:`117`"
 msgstr ""
 
 #: ../../CHANGES.rst:470
-#: c81b6adf5d6e40e8b0aeb2898e40c692
+#: 343c4102b6d648018544f151f97540e1
 msgid "CSRF protection on every forms. :pr:`119`"
 msgstr ""
 
 #: ../../CHANGES.rst:473
-#: 41e5cc643b4e4c35b9d04ed3c6eba537
+#: 7140973831594dacad0bd205ca9b60e5
 msgid "[0.0.22] - 2023-03-13"
 msgstr ""
 
 #: ../../CHANGES.rst:477
-#: e510bec507814d5387a49ba6117ef0a7
+#: 67dc897fec2946598dbb4fe82db8a94f
 msgid "The `Faker` library is not imported anymore when the `clean` command is called."
 msgstr ""
 
 #: ../../CHANGES.rst:480
-#: 9af418bca29f4c169f5720ea8e14e9ac
+#: 58e3c0af1ce74125bf42a5ea16b88fbf
 msgid "[0.0.21] - 2023-03-12"
 msgstr ""
 
 #: ../../CHANGES.rst:485
-#: 6c81ccf5040343cebb06fe34cc66221e
+#: a25f75d9086a4499aa1088e537f21bc3
 msgid "Display TOS and policy URI on the consent list page. :pr:`102`"
 msgstr ""
 
 #: ../../CHANGES.rst:486
-#: 4d19d14961744e028504787840181114
+#: e848a4f5372b44249423579a7e2cdc3d
 msgid "Admin token deletion. :pr:`100` :pr:`101`"
 msgstr ""
 
 #: ../../CHANGES.rst:487
-#: cf00a4a47f2a4463a3cc06dd126d589d
+#: 61b841de5b89407d9912c8c73309111a
 msgid "Revoked consents can be restored. :pr:`103`"
 msgstr ""
 
 #: ../../CHANGES.rst:488
-#: 06108983455940049911e3b8892f8735
+#: 656acd80913242a4820a20bc76d797e8
 msgid "Pre-consented clients are displayed in the user consent list, and their consents can be revoked. :issue:`69` :pr:`103`"
 msgstr ""
 
 #: ../../CHANGES.rst:490
-#: 2f26c80f733b42f99df3af94c8774ad5
+#: e08c1586240745fa9537dd7501475c0d
 msgid "A ``populate`` command can be used to fill the database with random users generated with faker. :pr:`105`"
 msgstr ""
 
 #: ../../CHANGES.rst:492
-#: 64049d3aa81141f3b29778b9f2f3d188
+#: dc653adfdbc441589c385b956ae9739e
 msgid "SMTP SSL support. :pr:`108`"
 msgstr ""
 
 #: ../../CHANGES.rst:493
-#: 6f16cdf0ce864a20b13344f84e6dfefb
+#: c69d8b01e4194d5b9268b84ab81849d6
 msgid "Server side pagination. :issue:`114` :pr:`111`"
 msgstr ""
 
 #: ../../CHANGES.rst:494
-#: 7aeacbe0b4fa48c79db52ed0cf7229fd
+#: 5b4f3aa107a74df3ba845920503dfdc5
 msgid "Department number support. :issue:`129`"
 msgstr ""
 
 #: ../../CHANGES.rst:495
-#: e5bb989cd1fe472cb845dfe3de958f55
+#: d219e1ac8fa148d5b6e4babc678fbeb2
 msgid "Address edition support (but not in the OIDC claims yet). :pr:`112`"
 msgstr ""
 
 #: ../../CHANGES.rst:496
-#: 1140843546bf41dd826bf71bea29ff23
+#: 52d2ceda28ab430a984dee19f8766b2a
 msgid "Title edition support. :pr:`113`"
 msgstr ""
 
 #: ../../CHANGES.rst:501
-#: d9bd3caa1f4f47ebb304efd457802ca1
+#: c4aca25daa3b491f9208d71f7715800f
 msgid "Client deletion also deletes related :class:`~canaille.oidc.basemodels.Consent`, :class:`~canaille.oidc.basemodels.Token` and :class:`~canaille.oidc.basemodels.AuthorizationCode` objects. :issue:`126` :pr:`98`"
 msgstr ""
 
 #: ../../CHANGES.rst:507
-#: ac1feaf507284b65bab96bc30457d263
+#: a1c057df21a9436a9b149fb91fdb28d0
 msgid "Removed the `DataTables` Javascript library."
 msgstr ""
 
 #: ../../CHANGES.rst:510
-#: d0d7087c87844d069df327a34667ef31
+#: 74a0312b6fff499fa609d0adbe73dfac
 msgid "[0.0.20] - 2023-01-28"
 msgstr ""
 
 #: ../../CHANGES.rst:515
-#: 6254c6b37dea417d908d7679fa0c2df5
+#: c443970df56e4203b8ee3fd9e4fa2395
 msgid "Spanish translation. :pr:`85` :pr:`88`"
 msgstr ""
 
 #: ../../CHANGES.rst:516
-#: 3a8a7c3e462e4388a29c87ea44bbca31
+#: 9e42a95e59a74c5584d1144c249a57c1
 msgid "Dedicated connectivity test email. :pr:`89`"
 msgstr ""
 
 #: ../../CHANGES.rst:517
-#: 6c73a2cff39a4b8caacfca57f27ba60b
+#: e06855259b6f463897acd0f8a23cd05e
 msgid "Update to jquery 3.6.3. :pr:`90`"
 msgstr ""
 
 #: ../../CHANGES.rst:518
-#: 2a31509ad04a41d4a9ceab66e4447c61
+#: 96cb7430946248108d8c97973a4799d5
 msgid "Update to fomantic-ui 2.9.1. :pr:`90`"
 msgstr ""
 
 #: ../../CHANGES.rst:519
-#: 1b8798a48e73416383644caadcb8c9d0
+#: 5b5784d9aedb4949bac1591395fc7eb9
 msgid "Update to DataTables 1.13.1. :pr:`90`"
 msgstr ""
 
 #: ../../CHANGES.rst:524
-#: 43bb3fea7c22470bb734e723ae6ec2dc
+#: e88b90b5e0eb418f99ea2839c1e79943
 msgid "Fix typos and grammar errors. :pr:`84`"
 msgstr ""
 
 #: ../../CHANGES.rst:525
-#: 28f37a5212944339bb10de4c91b1555d
+#: d333115d646f4ccf9a5bb2dc4d23eba0
 msgid "Fix wording and punctuations. :pr:`86`"
 msgstr ""
 
 #: ../../CHANGES.rst:526
-#: 3511a582ca4d4dd5b57f04e945ff2615
+#: cfc153afa2ec4bee9c2dd589a234716c
 msgid "Fix HTML lang tag. :issue:`122` :pr:`87`"
 msgstr ""
 
 #: ../../CHANGES.rst:527
-#: 227f6ecacee547eab969399f3543c1a9
+#: a2dc7b3677d040c7a43bde721f766029
 msgid "Automatically trims the HTML translated strings. :pr:`91`"
 msgstr ""
 
 #: ../../CHANGES.rst:528
-#: ce4262a979b34e588c4d99db8ec9fae6
+#: 9a91064adb7f414fab73518fbc77b01d
 msgid "Fixed dynamic registration scope management. :issue:`123` :pr:`93`"
 msgstr ""
 
 #: ../../CHANGES.rst:531
-#: 3326dbb8be62452d8140320a39612093
+#: d7a2cda6d8e24cc484f13ee4df40c1ea
 msgid "[0.0.19] - 2023-01-14"
 msgstr ""
 
 #: ../../CHANGES.rst:536
-#: c15def45121b4d30ab4c57c640f5da6a
+#: f7c94b5e7545458e8375ef8a8e3dc21c
 msgid "Ensures the token `expires_in` claim and the `access_token` `exp` claim have the same value. :pr:`83`"
 msgstr ""
 
 #: ../../CHANGES.rst:540
-#: 2e2f24525dba4a819e97e6589907d0a5
+#: 9291df232e4b4a7eb97fb87504f9b8d4
 msgid "[0.0.18] - 2022-12-28"
 msgstr ""
 
 #: ../../CHANGES.rst:545
-#: 82745fec4b984965b3d0b81bed5a3941
+#: c896b9996ab24cfeb217e9ebfdbed090
 msgid "OIDC end_session was not returning the ``state`` parameter in the ``post_logout_redirect_uri``. :pr:`82`"
 msgstr ""
 
 #: ../../CHANGES.rst:549
-#: 3bd062d77c0048d3816421ed0de978e6
+#: 2fa2e9a70b8d4ab4bed4d7f0d8d68f37
 msgid "[0.0.17] - 2022-12-26"
 msgstr ""
 
 #: ../../CHANGES.rst:554
-#: 4f0e0feb2cca4a8eb54473f5764cfcc7
+#: cff81f4ef5254cfdb1e6ba76c2c3b9f6
 msgid "Fixed group deletion button. :pr:`80`"
 msgstr ""
 
 #: ../../CHANGES.rst:555
-#: b6fc018fb2dc41ecaf43a313cf5330b9
+#: 552d92ac7c364f198201b60a3abebae2
 msgid "Fixed post requests in oidc clients views. :pr:`81`"
 msgstr ""
 
 #: ../../CHANGES.rst:558
-#: 0e9699c0d5a74e689fdb73d2ac431d28
+#: f7c78b950b184117855277070cb4e548
 msgid "[0.0.16] - 2022-12-15"
 msgstr ""
 
 #: ../../CHANGES.rst:563
-#: a43af598d338438ea64a3352a866610c
+#: 3e522208e81740fba479a43b017311fd
 msgid "Fixed LDAP operational attributes handling."
 msgstr ""
 
 #: ../../CHANGES.rst:566
-#: 11d5f04851c847e6b3939176add7c1e2
+#: 53e83abb15b24cc0a3d589011cf7c2a3
 msgid "[0.0.15] - 2022-12-15"
 msgstr ""
 
 #: ../../CHANGES.rst:571
-#: ce751d2ad6e44f438e092afbdcfe72ce
+#: 7194a505926740e3b52b81708d2818de
 msgid "User can chose their display name. :pr:`77`"
 msgstr ""
 
 #: ../../CHANGES.rst:572
-#: 008bcd50172d46429d218c6afbd7bc0f
+#: 5c5a59a03bd5497aa7474ae59e88f6bf
 msgid "Bumped to Authlib 1.2. :pr:`78`"
 msgstr ""
 
 #: ../../CHANGES.rst:573
-#: 3edcc407205b44918ab63920f9734a50
+#: 0a3d037fae66464b8c2dfeea28dd3eaf
 msgid "Implemented :rfc:`RFC7592 <7592>` OAuth 2.0 Dynamic Client Registration Management Protocol. :pr:`79`"
 msgstr ""
 
 #: ../../CHANGES.rst:575
-#: e327d602ecac448f8f73a848047f6319
+#: 0670727ea1074acf968c49e71dc4062b
 msgid "Add the ``nonce`` parameter to the ``claims_supported`` server metadata list."
 msgstr ""
 
 #: ../../CHANGES.rst:578
-#: 74ad576932584357834751ca5edd823a
+#: eb86b7335b7b4971812f25c9a2d37d1e
 msgid "[0.0.14] - 2022-11-29"
 msgstr ""
 
 #: ../../CHANGES.rst:582
-#: 1205e961f8944bbb8dbc519bbfdf4993
+#: 9903a64c05994256813debf83e9a6b21
 msgid "Fixed translation catalogs packaging."
 msgstr ""
 
 #: ../../CHANGES.rst:585
-#: fc089f22a3a14548b469d6c4668bb3dc
+#: eb1e508e7d2c46bdb471cffecbe4d897
 msgid "[0.0.13] - 2022-11-21"
 msgstr ""
 
 #: ../../CHANGES.rst:590
-#: ea1f503e84f04965b18a569cf25d2941
+#: 6e71d21752234824bc42897b8a434bb3
 msgid "Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12."
 msgstr ""
 
 #: ../../CHANGES.rst:592
-#: 95a73e92dd77499c9109135edf0040cf
+#: 374bd3f105af42bc8ea5c0de35e7437f
 msgid "Fixed a bug happening during RP initiated logout on clients without `post_logout_redirect_uri` defined."
 msgstr ""
 
 #: ../../CHANGES.rst:594
-#: 5648d45162744cf4956d8d9c7d9bbf3d
+#: 6244294cde9d429dbab852b0f7721160
 msgid "Gitlab CI fix. :pr:`64`"
 msgstr ""
 
 #: ../../CHANGES.rst:595
-#: 1b490834cff04cb99ff4b83f9e5dd758
+#: 8dc7de6abbd447f4a78272f33cbcb6cf
 msgid "Fixed `client_secret` display on the client administration page. :pr:`65`"
 msgstr ""
 
 #: ../../CHANGES.rst:596
-#: 5d7cd051df4c45eb9b8e2beea6ec9659
+#: be276c6c0aed433987b562fa51a9af06
 msgid "Fixed non-square logo CSS. :pr:`67`"
 msgstr ""
 
 #: ../../CHANGES.rst:597
-#: 16e68eaca761436eb1add2beea510963
+#: 45c4b643c08f4e98b8eb1994cca78051
 msgid "Fixed schema path on installation. :pr:`68`"
 msgstr ""
 
 #: ../../CHANGES.rst:598
-#: 5d87e6344c9d474c821419beb33a1d56
+#: 490ff7e15c244e1c80522169f52be22c
 msgid "Fixed RFC7591 ``software_statement`` claim support. :pr:`70`"
 msgstr ""
 
 #: ../../CHANGES.rst:599
-#: b65b8f602a7d4440936987b7c0143cf7
+#: 13d139a4ca6b420eb0780952acd8582c
 msgid "Fixed client preconsent disabling. :pr:`72`"
 msgstr ""
 
 #: ../../CHANGES.rst:604
-#: 05f32b1852b34334be85dc02f3bc2689
+#: f863beea190c4605afc13c35d7828c7e
 msgid "Python 3.11 support. :pr:`61`"
 msgstr ""
 
 #: ../../CHANGES.rst:605
-#: 33289ea27c844082832e8eea78498d86
+#: dfa820f752f64485950bd9f2f4f2f798
 msgid "``apparmor`` slapd configuration instructions in the documentation page for contributions. :pr:`66`"
 msgstr ""
 
 #: ../../CHANGES.rst:606
-#: d12ad2a4e17244f8b2719ba9d0749597
+#: 33f4b497e723467fb7cca94de105b331
 msgid "``preferredLanguage`` attribute support. :pr:`75`"
 msgstr ""
 
 #: ../../CHANGES.rst:611
-#: dac1b885aa8243af874405b4ccce52f2
+#: 80931cb05ba54eb0bdd13af0e69ae5c4
 msgid "Replaced the use of the deprecated `FLASK_ENV` environment variable by `FLASK_DEBUG`."
 msgstr ""
 
 #: ../../CHANGES.rst:613
-#: b6ca7ce41fa346b8bb3fa325f1e1ac0d
+#: 74c0ecca84cb4195b047360a2a12b281
 msgid "Dynamically generate the server metadata. Users won't have to copy and manually edit ``oauth-authorizationserver.json`` and ``openid-configuration.json``. :pr:`71`"
 msgstr ""
 
 #: ../../CHANGES.rst:616
-#: ae1b6570238e43f1ac83a511fece3cf5
+#: b56f59b2dd124c91a6268830cf4ddecc
 msgid "The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`"
 msgstr ""
 
 #: ../../CHANGES.rst:617
-#: cba8b0fae91a4dfe9f0e05ddb541f667
+#: d701256eb4764f81827acd7b0a0dbda3
 msgid "The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`"
 msgstr ""
 
 #: ../../CHANGES.rst:620
-#: 36caf034f254408aa020410594ab0cce
+#: 45607852e443428199051f1ecba9ba24
 msgid "[0.0.12] - 2022-10-24"
 msgstr ""
 
 #: ../../CHANGES.rst:625
-#: 319c8b51be714d25ab11b9a83241970d
+#: 9997d515babd44b4841ef0218885f1f1
 msgid "Basic WebFinger endpoint. :pr:`59`"
 msgstr ""
 
 #: ../../CHANGES.rst:626
-#: 97c9f28850884353be68c0ada430c443
+#: 509a601f77664756bc01064f20359cf6
 msgid "Bumped to FomanticUI 2.9.0."
 msgstr ""
 
 #: ../../CHANGES.rst:627
-#: c3938df1d7fc47aa9e9e686b32366a0a
+#: 2cfcbdba2e9541dbab610bc724a2683a
 msgid "Implemented Dynamic Client Registration. :pr:`60`"
 msgstr ""
 
 #: ../../CHANGES.rst:630
-#: 5fbfc5c654b0443bac204c4743931636
+#: 4acb242ffb5440d1a468e2d3c3856fe8
 msgid "[0.0.11] - 2022-08-11"
 msgstr ""
 
 #: ../../CHANGES.rst:635
-#: d3758c7b32f54dc38b34ab4f54a526ba
+#: 0c4bd2691ba9453b88a686a22ede18ef
 msgid "Default theme has a dark variant. :pr:`57`"
 msgstr ""
 
 #: ../../CHANGES.rst:640
-#: eac5e673605c44bebeab671117d02935
+#: d3cabac68def4f77a693a6159bf2f5c0
 msgid "Fixed missing ``canaille`` binary. :pr:`58`"
 msgstr ""
 
 #: ../../CHANGES.rst:643
-#: be7d08fe65be48d09396c1c7af7f0e49
+#: 735459f4aeea42c6b0f7be4a2b06802f
 msgid "[0.0.10] - 2022-07-07"
 msgstr ""
 
 #: ../../CHANGES.rst:648
-#: f2759b5afad84126b4041f583edb72eb
+#: f9dfd87d0fa145579e2297b27b61a11b
 msgid "Online demo. :pr:`55`"
 msgstr ""
 
 #: ../../CHANGES.rst:649
-#: e3d980415ffb4cccb2272b1cf96719cc
+#: 5e5eef7b53ce470ab0a0137617552a9c
 msgid "The consent page was displaying scopes not supported by clients. :pr:`56`"
 msgstr ""
 
 #: ../../CHANGES.rst:650
-#: d936dc556a9f4503b0802988273649d3
+#: f7b8675a05b64bafb3efbbad603537ce
 msgid "Fixed end session when user are already disconnected."
 msgstr ""
 
 #: ../../CHANGES.rst:653
-#: 1732d28f09b24b89854f21bfe7942840
+#: a14c8084a27d463f82c1573d946a6676
 msgid "[0.0.9] - 2022-06-05"
 msgstr ""
 
 #: ../../CHANGES.rst:658
-#: a298893156394c80b5f843c7193b0ca8
+#: d04e2396209641cc84fa39d8bb397eaa
 msgid "``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`"
 msgstr ""
 
 #: ../../CHANGES.rst:659
-#: c831a4847472435881495bdc121788f9
+#: 01acc147a456445eb3858de7b0586dca
 msgid "``edit_self`` ACL permission to control user self edition. :pr:`47`"
 msgstr ""
 
 #: ../../CHANGES.rst:660
-#: 312e6a546170436ea1fa95b58e7d91e1
+#: dafb92303cb147909db73fdc619f1267
 msgid "`RP-initiated logout` implementation. :pr:`54`"
 msgstr ""
 
 #: ../../CHANGES.rst:665
-#: 797b8359f6a449e5ba16bcc78088768f
+#: f672b1443aa9498994204b20952103e4
 msgid "Bumped to Authlib 1. :pr:`48`"
 msgstr ""
 
 #: ../../CHANGES.rst:666
-#: 4d9126ad1c3742759d3d204f1cf76dac
+#: 18c1456a82f748cd9ee0d6abcb40801f
 msgid "Various documentation improvements. :pr:`50`"
 msgstr ""
 
 #: ../../CHANGES.rst:667
-#: 36dc25439ee04162b5a0a808de0e823e
+#: 77c7a3b3242647718a3a94a1fc4d05a1
 msgid "Use poetry instead of setuptools as project management tool. :pr:`51`"
 msgstr ""
 
 #: ../../CHANGES.rst:668
-#: f1fc01004b2f41349cbe787739c40b03
+#: 3b65181a80b64d0d8a474a5e643d3f80
 msgid "Additional tests for the OIDC ``nonce`` parameter. :pr:`52`"
 msgstr ""
 
 #: ../../CHANGES.rst:672
-#: 0183302671b24cb0b537b104dc58a9ea
+#: 35eef6ab06b940e8ad49bf31b7620404
 msgid "``HIDE_INVALID_LOGIN`` behavior and default value."
 msgstr ""
 
 #: ../../CHANGES.rst:673
-#: 781578064d2347228773e4f950d612b2
+#: 2792732f7d154df2b11a35b13114939b
 msgid "Compiled translation catalogs are not versioned anymore. :pr:`49` :pr:`53`"
 msgstr ""
 
 #: ../../CHANGES.rst:676
-#: d816db34635d4549985bb9d94d9a7862
+#: 8766634316d146ab8929259434391f34
 msgid "[0.0.8] - 2022-03-15"
 msgstr ""
 
 #: ../../CHANGES.rst:681
-#: 5c82cce323c6462687804d2c7f006f8d
+#: f053b2fe7153473a81cb24bfc2b90c7d
 msgid "Fixed dependencies."
 msgstr ""
 
 #: ../../CHANGES.rst:684
-#: e6ab77996ddc43dab6022173bbd8eae0
+#: 6fe1289ea759485b9c3c7658461a409d
 msgid "[0.0.7] - 2022-03-15"
 msgstr ""
 
 #: ../../CHANGES.rst:689
-#: db3701add4984f8c8dd764706a9639fd
+#: f40f5e320ea4412fadc8f1bc1d99198c
 msgid "Fixed spaces and escaped special char in LDAP ``cn/dn`` attributes. :pr:`43`"
 msgstr ""
 
 #: ../../CHANGES.rst:692
-#: 099a78c093eb4078914a63b9f15403b7
+#: ac9b3059b303486a9b31536f1726d873
 msgid "[0.0.6] - 2022-03-08"
 msgstr ""
 
 #: ../../CHANGES.rst:697
-#: 4598be258efa4e99ab34d7bd5648a824
+#: 357a41c66f054b9b830d9ae20551690d
 msgid "Access token are JWT. :pr:`38`"
 msgstr ""
 
 #: ../../CHANGES.rst:702
-#: 19eb39b5f802426f9c1380f0d3c0dfbb
+#: 20b619f456934ab09712d95d37ef12cd
 msgid "Default groups on invitations. :pr:`41`"
 msgstr ""
 
 #: ../../CHANGES.rst:703
-#: 81b3f2d331284cd1bd5d5a148b5d3b77
+#: 74f8d8568cd1405bbef739de7b92f380
 msgid "LDAP schemas are shipped within the Canaille package. :pr:`42`"
 msgstr ""
 
 #: ../../CHANGES.rst:706
-#: bc34ed5400c7449886a6d25b679c7ae2
+#: 936cdbdb780241beb677c1a3c5d21735
 msgid "[0.0.5] - 2022-02-17"
 msgstr ""
 
 #: ../../CHANGES.rst:711
-#: 45fc46e1672846778b27bc8766c1aeae
+#: b49925c79428413ca8c31eff4f42a588
 msgid "LDAP model objects have new identifiers. :pr:`37`"
 msgstr ""
 
 #: ../../CHANGES.rst:716
-#: 8973b4acdebf481783a30266f9502cc2
+#: 21e3bd1145ce480ea8a82394722cef34
 msgid "Admin menu dropdown display. :pr:`39`"
 msgstr ""
 
 #: ../../CHANGES.rst:717
-#: b5deb21feb4d45e58f0b010788916ecd
+#: b50bd877e6fa4055a450f65d4e0e6951
 msgid "``GROUP_ID_ATTRIBUTE`` configuration typo. :pr:`40`"
 msgstr ""
 
 #: ../../CHANGES.rst:720
-#: 3dad472d941b4b5392930e039a934df2
+#: 93523c049fd2438b9f8dbb942b657b7c
 msgid "[0.0.4] - 2022-02-16"
 msgstr ""
 
 #: ../../CHANGES.rst:725
-#: 3086c540c13844a3b626a211f86a856b
+#: 9cc5e4c0be3e43f98a84d076d254a7a8
 msgid "Client pre-authorization. :pr:`11`"
 msgstr ""
 
 #: ../../CHANGES.rst:726
-#: b621896643ca409cac8c3007137ed084
+#: b1444e5514e3495f8f05b00bfb31e54b
 msgid "LDAP permissions check with the check command. :pr:`12`"
 msgstr ""
 
 #: ../../CHANGES.rst:727
-#: ac5232266c154c829a210031f4d8a1bc
+#: 81badbb21dfe4dd0bd990037947c24cf
 msgid "Update consents when a scope required is larger than the scope of an already given consent. :pr:`13`"
 msgstr ""
 
 #: ../../CHANGES.rst:729
-#: 7af42dde14864ada93162b9ea16e7cd4
+#: 5f6092f6103d401e9fe4554e04ad12cb
 msgid "Theme customization. :pr:`15`"
 msgstr ""
 
 #: ../../CHANGES.rst:730
-#: b8096ecde48d430b91666fa493e4fffe
+#: 7e99d3a9c9134144a8e18989e6d0d633
 msgid "Logging configuration. :pr:`16`"
 msgstr ""
 
 #: ../../CHANGES.rst:731
-#: 0db8075af2664c10be1433c0426592e5
+#: abd6618054b443efbb5101e9c32f0c90
 msgid "Installation command. :pr:`17`"
 msgstr ""
 
 #: ../../CHANGES.rst:732
-#: 5a0d7f3aca6b446fba5f0d36512be8c1
+#: 18c69372e28c42c4b0ac0cae51fcd8aa
 msgid "Invitation links. :pr:`18`"
 msgstr ""
 
 #: ../../CHANGES.rst:733
-#: 900b1cb1421848c78ccd8559ce8aa513
+#: 2e35dc7cf246485c97650451d1f41d93
 msgid "Advanced permissions. :pr:`20`"
 msgstr ""
 
 #: ../../CHANGES.rst:734
-#: be2815e3ce9b44f6aeb64d24d7cd75ee
+#: ef3b8ab7e89448089a9d09363832c7cc
 msgid "An option to not use OIDC. :pr:`23`"
 msgstr ""
 
 #: ../../CHANGES.rst:735
-#: 6fe21ccaf0474887a8c6c04e69154ada
+#: 4d5d5581283a4eaabab00c6df18077a0
 msgid "Disable some features when no SMTP server is configured. :pr:`24`"
 msgstr ""
 
 #: ../../CHANGES.rst:736
-#: 7fcdcf093e8849e59445af91ec4cfab6
+#: a54b117ff68e47eabb66aa0a741790b1
 msgid "Login placeholder dynamically generated according to the configuration. :pr:`25`"
 msgstr ""
 
 #: ../../CHANGES.rst:737
-#: 9bebc076e1b64cb3be67690a3e46e808
+#: 8593aca44439457296e5591823f56739
 msgid "Added an option to tune object IDs. :pr:`26`"
 msgstr ""
 
 #: ../../CHANGES.rst:738
-#: 983fa51b51db46409b73d0ba279c76d5
+#: 548d5d09a1da4104aed49324dd3d96b6
 msgid "Avatar support. :pr:`27`"
 msgstr ""
 
 #: ../../CHANGES.rst:739
-#: 94758b3cf72342d2948e727f6deb10a7
+#: e6275bae918547beab8caabaf64f57db
 msgid "Dynamical and configurable JWT claims. :pr:`28`"
 msgstr ""
 
 #: ../../CHANGES.rst:740
-#: 33402d7e6d47455cbfc52aeb276a12f2
+#: 82bbcaaa7973438696de021fbff14354
 msgid "UI improvements. :pr:`29`"
 msgstr ""
 
 #: ../../CHANGES.rst:741
-#: 181fed73a01445ea9865aadc802e9642
+#: 70cd1dd3d81d4288b1c6bca674492944
 msgid "Invitation links expiration. :pr:`30`"
 msgstr ""
 
 #: ../../CHANGES.rst:742
-#: eeaa39f7f6c842d39c1d8d40c6e4fbf8
+#: af865fef102c44bc801e8aec157c2835
 msgid "Invitees can choose their IDs. :pr:`31`"
 msgstr ""
 
 #: ../../CHANGES.rst:743
-#: 8123032bb5d341ec82aa2b0ac8caf886
+#: d194b87cfbd94dd398f1c58bec6e4c37
 msgid "LDAP backend refactoring. :pr:`35`"
 msgstr ""
 
 #: ../../CHANGES.rst:748
-#: c9a12647745f472890eff2ceb165a8b8
+#: 2409763cd25243c9a80678c470fa336d
 msgid "Fixed ghost members in a group. :pr:`14`"
 msgstr ""
 
 #: ../../CHANGES.rst:749
-#: 834311277daf401e9c654cfe0751d4f2
+#: ae04a8fa1896467792d8aaaf161fed29
 msgid "Fixed email sender names. :pr:`19`"
 msgstr ""
 
 #: ../../CHANGES.rst:750
-#: 5fa1016aa05747ca84948a30c452d5a4
+#: 596c5956ebc6442984251ca5c558834e
 msgid "Fixed filter being not escaped. :pr:`21`"
 msgstr ""
 
 #: ../../CHANGES.rst:751
-#: a221c0e18ffd40e3986f7d20f6eac01a
+#: bbf97ea202404efd8708cfbed4bbfe74
 msgid "Demo script good practices. :pr:`32`"
 msgstr ""
 
 #: ../../CHANGES.rst:752
-#: 7e90135fab824314847bb5f4e9ab0664
+#: 8d176b7d4da5419d8768430eeb01036c
 msgid "Binary path for Debian. :pr:`33`"
 msgstr ""
 
 #: ../../CHANGES.rst:753
-#: 39205a39be2c4d4bbc2359ba32796266
+#: 004ecd0e934049ef823bbf0d63f75c14
 msgid "Last name was not mandatory in the forms while this was mandatory in the LDAP server. :pr:`34`"
 msgstr ""
 
 #: ../../CHANGES.rst:755
-#: bef3030603fa42ccaeffb936e450cfeb
+#: c6de3dbeeb5f40ff85c60e062271bfdb
 msgid "Spelling typos. :pr:`36`"
 msgstr ""
 
 #: ../../CHANGES.rst:758
-#: 2dc8f2d4014f4eb9805a19921e4e336a
+#: d49aed2f00e346cc8adaa26aa54f470a
 msgid "[0.0.3] - 2021-10-13"
 msgstr ""
 
 #: ../../CHANGES.rst:763
-#: f0b73ca5d1da4a728d770d11887f9754
+#: 0b32a6319c044bba95b3a00f245c6956
 msgid "Two-steps sign-in. :issue:`49`"
 msgstr ""
 
 #: ../../CHANGES.rst:764
-#: d8353e939a4341fdb9d8b51ac4e03c75
+#: 4cf53569893c4b0ba8eab17b44a4a15b
 msgid "Tokens can have several audiences. :issue:`62` :pr:`9`"
 msgstr ""
 
 #: ../../CHANGES.rst:765
-#: a8bf6576f8214a6299aadf379a50f282
+#: 2956507b8bba47839fef6f9a63d5321a
 msgid "Configuration check command. :issue:`66` :pr:`8`"
 msgstr ""
 
 #: ../../CHANGES.rst:766
-#: 05a103a6101241a9afbfeffb28b04ee2
+#: 0415c157cb414913b3d7748afba41cda
 msgid "Groups management. :issue:`12` :pr:`6`"
 msgstr ""
 
 #: ../../CHANGES.rst:771
-#: f9681903b632489e99eb53fdf5301bb7
+#: e08a9eafc49f45cbb361ed3bd89d4649
 msgid "Introspection access bugfix. :issue:`63` :pr:`10`"
 msgstr ""
 
 #: ../../CHANGES.rst:772
-#: 08202024eda84dd2b15e255de912389d
+#: 48e63a4a411d4aab8259f74b1d257a37
 msgid "Introspection sub claim. :issue:`64` :pr:`7`"
 msgstr ""
 
 #: ../../CHANGES.rst:775
-#: c8cf3465674b4ecb94bf3a4548fc5601
+#: 2a9047b937be481f811eb403d6bf7fd9
 msgid "[0.0.2] - 2021-01-06"
 msgstr ""
 
 #: ../../CHANGES.rst:780
-#: a52712c92f57496f9cbaf32727c9a2df
+#: 9f74458dacff435998774594822a1506
 msgid "Login page is responsive. :issue:`1`"
 msgstr ""
 
 #: ../../CHANGES.rst:781
-#: 3e40e18b9ffa4afd9036177b6d1a0393
+#: 8a87683d8d524cd482264473256b3777
 msgid "Adapt mobile keyboards to login page fields. :issue:`2`"
 msgstr ""
 
 #: ../../CHANGES.rst:782
-#: cf124fc4d201473f9a1d604b092c8c0a
+#: c777083179094cd994619adcfc8499d9
 msgid "Password recovery interface. :issue:`3`"
 msgstr ""
 
 #: ../../CHANGES.rst:783
-#: 6a024dfd785b44f09e231f0f3b6a1bdd
+#: c7393dc1bb6a4290bfdb2d59a3fef0c9
 msgid "User profile interface. :issue:`4`"
 msgstr ""
 
 #: ../../CHANGES.rst:784
-#: 295718a0674c41749936c9ee63d895b2
+#: e874e0e97cae4310ba62553c3d31cd16
 msgid "Renamed the project *Canaille*. :issue:`5`"
 msgstr ""
 
 #: ../../CHANGES.rst:785
-#: 5572ba58f8934db484ed5914858c1f61
+#: 27a300eabaaf4644989d134ccca22dd8
 msgid "Command to remove old tokens. :issue:`17`"
 msgstr ""
 
 #: ../../CHANGES.rst:786
-#: da0ebb8c52d34d209bbbc13ec7a1902a
+#: 8e168b1583984a71848678112365d1c7
 msgid "Improved password recovery email. :issue:`14` :issue:`26`"
 msgstr ""
 
 #: ../../CHANGES.rst:787
-#: 2eca9a011ae64f8788ff5b22428f2b63
+#: 901de9a21dd94541b3c23946ada4cd88
 msgid "Use Flask `SERVER_NAME` configuration variable instead of `URL`. :issue:`24`"
 msgstr ""
 
 #: ../../CHANGES.rst:788
-#: 42eb9a40233047e4a8d632b8b60a4220
+#: 62c1e3da0a87437aaa529dcc936c7dbc
 msgid "Improved consents page. :issue:`27`"
 msgstr ""
 
 #: ../../CHANGES.rst:789
-#: 4511807efd4b4f6ea558d2632d914cae
+#: f816ffeb73244ae0b1171b8c156d1e12
 msgid "Admin user page. :issue:`8`"
 msgstr ""
 
 #: ../../CHANGES.rst:790
-#: 9928a9d6301649a2bb80e54f26506c4e
+#: 2241f2b45f1e426f99f68ccc516c6b60
 msgid "Project logo. :pr:`29`"
 msgstr ""
 
 #: ../../CHANGES.rst:791
-#: 4403f90b28a249c2b38248bf0c9f77f7
+#: dd802cef3e384fdc928fc43178ab119a
 msgid "User account self-deletion can be enabled in the configuration with `SELF_DELETION`. :issue:`35`"
 msgstr ""
 
 #: ../../CHANGES.rst:792
-#: 21fd51a849844a03b830dc97bc05ab0c
+#: 75d6d908a827424284ea63478783cbf9
 msgid "Admins can impersonate users. :issue:`39`"
 msgstr ""
 
 #: ../../CHANGES.rst:793
-#: 31d73c9489164e0e92e62ac84bc8c22a
+#: b4eee6e748f94ba9b6e62e2e7fd4d86b
 msgid "Forgotten page UX improvement. :pr:`43`"
 msgstr ""
 
 #: ../../CHANGES.rst:794
-#: 2b400ada80514bc68dd82d954fff040d
+#: 44489482b8d54ae78c70959758d6f825
 msgid "Admins can remove clients. :pr:`45`"
 msgstr ""
 
 #: ../../CHANGES.rst:795
-#: 2355c3ec7d674d50ace6ac3ad2065627
+#: be6e5371ee2a48efa0d9d276e9caa9a0
 msgid "Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know if the login he attempt to sign in with exists or not. :pr:`48`"
 msgstr ""
 
 #: ../../CHANGES.rst:797
-#: ad8e32ede8504576b73db0b8b7bf303a
+#: b1df16b2411a440d8d2a0745c972f368
 msgid "Password initialization mail. :pr:`51`"
 msgstr ""
 
 #: ../../CHANGES.rst:802
-#: 0f2d8650e76545438f92a8ca420e65e9
+#: ba317999584d46d7b5bfda36157bc111
 msgid "Form translations. :issue:`19` :issue:`23`"
 msgstr ""
 
 #: ../../CHANGES.rst:803
-#: 6f367157d7464c9492c0f8a528dbd11f
+#: e0d773fd3f814a438321528df1c4d67d
 msgid "Avoid to use Google Fonts. :issue:`21`"
 msgstr ""
 
 #: ../../CHANGES.rst:808
-#: ae2646eead6a4983998e7b76396f3862
+#: d7c5d0509cfe422ab95beb9c1929e413
 msgid "'My tokens' page. :issue:`22`"
 msgstr ""
 
 #: ../../CHANGES.rst:811
-#: b2a9ee20e0214e2eb650a3c0c80c6a8f
+#: 35ab727ebe564ff2a2aa3e28f9392f5b
 msgid "[0.0.1] - 2020-10-21"
 msgstr ""
 
 #: ../../CHANGES.rst:816
-#: 974217beadfa4205ad58a4fff852a8d4
+#: 487e834d3b154f69991d042f97ce3734
 msgid "Initial release."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:2
-#: a96f68b7ad98474ba59c1cc935c2fab4
+#: 77d0a023f5f34e7c804011fd50b75bc3
 msgid "Contributions"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:4
-#: f190f6b5c4a1498eadcb7fae2bcdf493
+#: 9955ba6bbfb54c74930043f9d86335dc
 msgid "Contributions are welcome!"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:6
-#: 26f13dddd093492789f21e4db847d7a9
+#: dd58980e1983404d8bc93b9e0866785d
 msgid "The repository is hosted at `gitlab.com/yaal/canaille <https://gitlab.com/yaal/canaille>`_."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:9
-#: 25361fdaed76435db19183cb37a4ee83
+#: 880fd4b263fa4f5aa77f826cf6d7a13e
 msgid "Discuss"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:11
-#: b8e752ea3b8f4591a9c8616ed7f0d9af
+#: 0e5a0bf82cd4444ebc3ff1dd43a4362c
 msgid "If you want to implement a feature or a bugfix, please start by discussing it with us on the `bugtracker <https://gitlab.com/yaal/canaille/-/issues>`_ or the `matrix room <https://matrix.to/#/#canaille-discuss:yaal.coop>`_."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:16
-#: 5e0c1113f29742f89b251b5903f73e36
+#: 032421a7ce0548e38943bb37b9e46f90
 msgid "Development environment"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:18
-#: 710016d6c25b4193925b83445146a358
+#: 464b7af189da4cf2ba346183c47e6264
 msgid "You can either run the demo locally or with Docker."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:20
-#: 62ee7de4d731446fa1b2df4e3805803b
+#: b918844970c545a3826d0b39a79cb08c
 msgid "The only tool required for local development is `uv`. Make sure to have uv `installed on your computer <https://docs.astral.sh/uv/getting-started/installation/>`_ to be able to hack Canaille."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:24
-#: b95dab6a28fb472bba445e43148ff6bc
+#: 56f217cf35444c72b1bc1a1cb3ee9e53
 msgid "Initialize your development environment with:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:26
-#: 8724e2b7dec24128988b2a3ffb199a4d
+#: 9cf0a292c2bb408fa660e14ab61f0e43
 msgid "``uv sync --extra front --extra oidc`` to have a minimal working development environment. This will allow you to run the tests with ``uv pytest --backend memory``."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:27
-#: ef925e13845f4ec1abf9cae0f0e64140
+#: 8d29fc6ad3bd43c5b232963f5137c91a
 msgid "``uv sync --extra front --extra oidc --extra sqlite`` to have a minimal working development environment with SQLite backend support. This will allow you to run the tests with ``uv pytest --backend sql``."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:28
-#: 2a07d0fc832b4178be5633d02a0f1d07
+#: 928d535d56314259b20055eea3a4ceb4
 msgid "``uv sync --extra front --extra oidc --extra ldap`` to have a minimal working development environment with LDAP backend support. This will allow you to run the tests with ``uv pytest --backend ldap``."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:29
-#: 77b8e98fabe140a28382d44b936baa18
+#: 56b8780399064aec89d3099841d1b017
 msgid "``uv sync --all-extras`` if you want to have everything at your fingertips. Note that it may compile some Python dependencies that would expect things to be installed on your system; Some dependencies of Canaille might need to be compiled, so you probably want to check that `GCC` and `cargo` are available on your computer."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:32
-#: a69af4c344d546e4abf52e4a3aa35cf8
+#: 1a514a3605f243979b2d04e1a329368a
 msgid "After having launched the demo you have access to several services:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:34
-#: dda88353032541b9a70440211ee1a89b
+#: bbde54dc79ba4241bd97323b5152b50b
 msgid "A canaille server at `localhost:5000 <http://localhost:5000>`_"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:35
-#: 5d2493dbe0924c578cbce67b64f80d14
+#: d028b9cbae714b2d945ba4d70a75fb99
 msgid "A dummy client at `localhost:5001 <http://localhost:5001>`_"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:36
-#: 595602fe39c040259d1e0346e45efdb7
+#: dbd0340fc974432798237b9b3efe01ea
 msgid "Another dummy client at `localhost:5002 <http://localhost:5002>`_"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:38
-#: 6de7e48182d648f89fe8b2c0b30634fd
+#: 9ff28ddd679b42f4a5bf288242e8c827
 msgid "The canaille server has some default users:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:40
-#: 05cc64bd64b3425f8c727e448bac1904
+#: 324e9f4f1d744fa49a0c3e7fe60cf46b
 msgid "A regular user which login and password are **user**;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:41
-#: 526ece6f767c4728a86ccc832ed77f3e
+#: 30a3f2679a4b456791471ac6d4c15e2b
 msgid "A moderator user which login and password are **moderator**;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:42
-#: bb69c0dfc3e64ceeba0152302e50d5d2
+#: d5e4f771a0854678af55e11ae4c8fc3d
 msgid "An admin user which admin and password are **admin**;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:43
-#: c188d453c64c47869a6c1bba24c32639
+#: 325a060f0844402d80a7267a46291010
 msgid "A new user which login is **james**. This user has no password yet, and his first attempt to log-in would result in sending a password initialization email (if a smtp server is configured)."
 msgstr ""
 
 #: ../development/specifications.rst:106
 #: ../../CONTRIBUTING.rst:48
-#: f9d8d16e7fd1478ea154c65fddc0c109
-#: 30174a5d8c1f479eaf739cfb67550caa
+#: c01f125a22914f369ef28ef090a728b1
+#: 01a043d4a4364011b8a22a53549b20da
 msgid "Backends"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:50
-#: 0ec216a61a0f4d0c81ef8859f4b8e775
+#: 12c4afcb316c448797ed9784ef9fbaa1
 msgid "Canaille comes with several backends:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:52
-#: d49ccb7bb5d349b3b97dcb367e9f50db
+#: 853d2b906b80415db33c707e29640f4c
 msgid "a lightweight test purpose `memory` backend"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:53
-#: 2b5961e3d4d34b41a03f5f4e1b305f14
+#: b280dce615cb48ec8456abf65fec4a9e
 msgid "a `sql` backend, based on sqlalchemy"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:54
-#: 3db6bec104534cbbb972fef81e090786
+#: ad6d07459c274a9e8282e290875d5bfb
 msgid "a production-ready `LDAP` backend"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:57
-#: b800e3599701462b8ad5f4449e0a62b4
+#: 7db1494e281b4b89949e18e1ece1cb6c
 msgid "Docker environment"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:59
-#: 39ea2b50603a473cb167b4e1a6a135ca
+#: c8e61bddd24e4af0ab8ee2bd2709652d
 msgid "If you want to develop with docker, your browser needs to be able to reach the `canaille` container. The docker-compose file exposes the right ports, but front requests are from outside the docker network: the `canaille` url that makes sense for docker, points nowhere from your browser. As exposed ports are on `localhost`, you need to tell your computer that `canaille` url means `localhost`."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:64
-#: dd86e0f0a4204a77ba9927f1768aa33e
+#: 0e3e6469d25f43998fce20bcb1291b86
 msgid "To do that, you can add the following line to your `/etc/hosts`:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:70
-#: 5572861cc5114b9b9e7f520fee49b975
+#: c0dce613d6384dd18a1d6abce742bf55
 msgid "To launch containers, use:"
 msgstr ""
 
@@ -1911,47 +1911,47 @@ msgstr ""
 #: ../tutorial/databases.rst:16
 #: ../../CONTRIBUTING.rst:73
 #: ../../CONTRIBUTING.rst:106
-#: 7a0d8968fcbe4d8693ac6cf593f51106
-#: fafde474a9ed41dab483dfb87f46dda3
-#: f210968f704646b2a4b35d9f6a5baa90
-#: e8a3d979968c4e05ab1fb5630eb8fc6b
+#: 32e05154931e4a6fadcba3b0720e0655
+#: f1b0c988daa54dd4a0c5b30a062cf012
+#: 94f958ac7cab437580604c64cdfa27be
+#: 528aa40e3cd04297b5ebf44fc955e9a9
 msgid "SQL"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:74
 #: ../../CONTRIBUTING.rst:107
-#: a1183f0e179942889b697fccf6fde014
-#: f12297286ea648a7a4f8723cd900dd74
+#: c66d8a018f064cb3ba36abf12473b5f4
+#: 15c287c63f7f441f991033e23cbb9f95
 msgid "With the SQL backend, the demo instance will load and save data in a local sqlite database."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:76
 #: ../../CONTRIBUTING.rst:109
-#: 2f256843b3974bfe82ebbd54b22758a0
-#: 03535ba511ef42feb8d6fb77934fb88b
+#: 6ddf226447fa4bb89cbf73cc8376c371
+#: c72bd69b5ad94f5992bfe2d30f5b0e8d
 msgid "Run the demo instance with the SQL backend"
 msgstr ""
 
 #: ../tutorial/databases.rst:8
 #: ../../CONTRIBUTING.rst:83
 #: ../../CONTRIBUTING.rst:115
-#: 3216b8433f1847809573eaaa434fe9a7
-#: 6323f7ec77464e2ba7d399f7ccc6f590
-#: d63a7ad080eb47be9529226d4685cf76
+#: e5f82f8945b747ac81b31a20cc241e5d
+#: 9a11f967d4c74ad8b9dff673e77d2315
+#: 84a192a56d404fb1baf97b065f6ceaa8
 msgid "Memory"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:84
 #: ../../CONTRIBUTING.rst:116
-#: 96e1856006aa4151b406b7f7922e84ff
-#: 74b6ac7aa3c144f9be537b2c60010548
+#: 9c56b31ca9724e62a5aee62e28196764
+#: 22784d30d5a748d2b73ebe7c423c64bc
 msgid "With the memory backend, all data is lost when Canaille stops."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:86
 #: ../../CONTRIBUTING.rst:118
-#: 6751970e321642cb9cfabd3395bdf82b
-#: b4933b104b004ed39073970b595e9b5f
+#: da0af4f3bc5147ae8130399630381126
+#: c1436f14bd2049479ac16384a47f2d38
 msgid "Run the demo instance with the memory backend"
 msgstr ""
 
@@ -1959,696 +1959,696 @@ msgstr ""
 #: ../tutorial/databases.rst:32
 #: ../../CONTRIBUTING.rst:93
 #: ../../CONTRIBUTING.rst:124
-#: fdfa320e4c4445e5a0c5443e647c0835
-#: 44d5d5bd5737458d81975f70b3477b17
-#: bbe1b4e1618b44fb9651929f4e459099
-#: 2794653a6dd64b5f8a13bc552aa7acc9
+#: 6f4008249f544ff4afa4e2a7ccebfab2
+#: ce4afa36ab774346b11322758b51325e
+#: f9a9bf9c1c6d49b99edee201000ea0a0
+#: 2e130a461dc64b989f22d4f932976a65
 msgid "LDAP"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:94
 #: ../../CONTRIBUTING.rst:125
-#: c8a1e8a894ef4fa9a4ea60027c3b73a1
-#: 8733bd5bbf5b4744ab8896570d709291
+#: 4f3a2e440337421f95f937952e7dc9be
+#: db5ad48ecaa94207ab2b7d84bbebf569
 msgid "With the LDAP backend, all data is lost when Canaille stops."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:96
 #: ../../CONTRIBUTING.rst:127
-#: ac813d37940b4d189a3957eeba2ffb08
-#: 73ef2cc1d55f45acbe1568f8da59c158
+#: 50095289006e499588719acc50eb5a56
+#: 80a55900cfc34f4e8b34b5e653a7fdfb
 msgid "Run the demo instance with the LDAP backend"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:103
-#: 80000162aaf447eda038a20ae12973c7
+#: 9e2c9acef9184e34b00d62c97980467d
 msgid "Local environment"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:133
-#: 8b346e3f0ae84b289a7e819279283718
+#: 5fffaf4bff884b5a839078ad5a889fc9
 msgid "If you want to run the demo locally with the LDAP backend, you need to have `OpenLDAP <https://www.openldap.org/>`_ installed on your system. It is generally shipped under the ``slapd`` or ``openldap`` package name."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:138
-#: ad84a2866902456b8f29498783fd665b
+#: aa9aab912ff04dd68c3b59bf1e36575a
 msgid "On Debian or Ubuntu systems, the OpenLDAP `slapd` binary usage might be restricted by apparmor, and thus makes the tests and the demo fail. This can be mitigated by removing apparmor restrictions on `slapd`."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:148
-#: cdab025ce1dc48fa97161a955423b957
+#: 3d21757ba34c4721af043c150330c2e4
 msgid "Populate the database"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:150
-#: 319a37a58be44aac8e617f300e3c3afb
+#: a412d39e98cf44f6b911566e1ebcdbde
 msgid "The demo database comes populated with some random users and groups. If you need more, you can generate users and groups with the ``populate`` command:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:161
-#: 4bf45406e18a4505999dca7b84c4e8f0
+#: cdf90f875bcc44d5b41197a7cdbb275c
 msgid "Adapt to use either the `ldap` or the `sql` configuration file. Note that this will not work with the memory backend."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:164
-#: 62c234c473324a82a1038d3f4610a338
+#: 2db32f774df8429fa4c9e83d00616a96
 msgid "Unit tests"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:166
-#: 314f0cc4c01c47f4bca6c87e7460b03b
+#: 5d6a9b57b35d49c48e2b615f8128ebcc
 msgid "To run the tests, you just can run `uv run pytest` and/or `uv run tox` to test all the supported python environments. Everything must be green before patches get merged."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:169
-#: b9dc93b982bf4fc98eddf47c5730b09c
+#: e1e6e475ff78404f930bb453f1f26e3b
 msgid "To test a specific backend you can pass ``--backend memory``, ``--backend sql`` or ``--backend ldap`` to pytest and tox."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:171
-#: 13c7913d62db412bb4e66637a79cd789
+#: 2cb85029b4274de388878da3d3285369
 msgid "The test coverage is 100%, patches won't be accepted if not entirely covered. You can check the test coverage with ``uv run pytest --cov --cov-report=html`` or ``uv run tox -e coverage -- --cov-report=html``. You can check the HTML coverage report in the newly created `htmlcov` directory."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:176
-#: 6a901706012a4004b1dbb87ef68c803a
+#: 4408d499056c480f86f450a781d2ca0d
 msgid "Code style"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:178
-#: 9fa3a042eca848fe9b9af832c325142c
+#: 93e483f2a66a4d8f82feb8ca9a739818
 msgid "We use `ruff <https://docs.astral.sh/ruff/>`_ along with other tools to format our code. Please run ``uv run tox -e style`` on your patches before submitting them. In order to perform a style check and correction at each commit you can use our `pre-commit <https://pre-commit.com/>`_ configuration with ``uv run pre-commit install``."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:184
-#: 831a60fcf8ee4e37828421e71b2931c0
+#: 0dca6207e6734ab487cb3fe72c3e90e8
 msgid "Front"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:186
-#: f9ab478278ef4d39bee37c056fb937f2
+#: 930e01d770324dc68f73095cd5456a8e
 msgid "The interface is built upon the `Fomantic UI <https://fomantic-ui.com/>`_ CSS framework. The dynamical parts of the interface use `htmx <https://htmx.org/>`_."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:189
-#: 115550e00eb74a80828b6acae2948606
+#: fc0da8a2736e461dab5a7d242c1cfa9a
 msgid "Using Javascript in the interface is tolerated, but the whole website MUST be accessible for browsers without Javascript support, and without any feature loss."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:191
-#: 4d3ab5a48a9d49a6aaef6c5c583e938d
+#: a13b055a65244362a025440451de998d
 msgid "Because of Fomantic UI we have a dependency to jQuery, however new contributions should not depend on jQuery at all. See the `related issue <https://gitlab.com/yaal/canaille/-/issues/130>`_."
 msgstr ""
 
 #: ../index.rst:71
 #: ../../CONTRIBUTING.rst:196
-#: 03d0d76bba134693bed77e50d1911dd9
-#: 84410d2758484c01b8b48461c40d0a7c
+#: e3ff6afa466e4e61aa4f677cd58d3ed2
+#: a08d8d5331494e7d93508eaf25f41a07
 msgid "Documentation"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:198
-#: 5eb4ba179d0444fd9647504055935495
+#: 2e1fdcae75de46a6b50db7e4155758af
 msgid "The documentation is generated when the tests run:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:204
-#: 7f28cb743dcb44d9b66a31febcc8a6d0
+#: 94405109592b47c09c8726c305fa5edc
 msgid "You can also run sphinx by hand, that should be faster since it avoids the tox environment initialization:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:210
-#: 4e73e6c26d164591bd5edf84fc921cc4
+#: fe4610d142474897ae4f97d321448fac
 msgid "The generated documentation is located at ``build/sphinx/html/en``."
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:213
-#: 3fd3b7e2ec184cf8b2a81f87177f48fb
+#: bf09dd8ed31742bca2fa80175ae85bb3
 msgid "Code translation"
 msgstr ""
 
 #: ../../canaille/translations/README.rst:1
-#: 3f134d116261469d8e6e9a05b5c47b47
+#: 35fff9d115334ec6aa6a99ec5da8a27f
 msgid "Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/canaille>`__."
 msgstr ""
 
 #: ../../canaille/translations/README.rst:3
-#: f5045b02a67f426188352a5d6ff207e1
+#: b72ee2174a9b42c493780415e3d3fcfd
 msgid "The following commands are there as documentation, only the message extraction is needed for contributors. All the other steps are automatically done with Weblate."
 msgstr ""
 
 #: readme.rst:6
 #: ../../canaille/translations/README.rst:8
 #: readme.rst:6
-#: 24b270040aba498184edc6fd3b60c94e
-#: 2056f7130ccd40b7b3b34c0c572a6578
-#: 41a918a2d4a74a5b9b2817c613ca08f4
+#: ea5bd05b09984bcaa643efa7a1a7618c
+#: ea5bd05b09984bcaa643efa7a1a7618c
+#: 33490a8ff4a3465fb8648393ff65eb75
 msgid "Message extraction"
 msgstr ""
 
 #: readme.rst:8
 #: ../../canaille/translations/README.rst:10
 #: readme.rst:8
-#: 3d0d46dbb4b849429d1b20c8d4655b71
-#: ca03937bab89437aaca273df6d905a44
-#: 5743021622e04712918dcadbabc6c7f7
+#: 210e9ff98db74777830a5a1f4746df44
+#: 210e9ff98db74777830a5a1f4746df44
+#: 16b22e2bc3cf495bbef529f5732887e3
 msgid "After you have edited translatable strings, you should extract the messages with:"
 msgstr ""
 
 #: readme.rst:15
 #: ../../canaille/translations/README.rst:17
 #: readme.rst:15
-#: 33a52dea69f84cdd8031217438609b01
-#: 1bdb41af37fb4b29970caa32ceb9f68e
-#: fcdbb11edc8c403dba19ddcc30f0c74a
+#: 54ecd51acf494402964ae281c6cd639b
+#: 54ecd51acf494402964ae281c6cd639b
+#: 02fa7225075346f89ad702cba8aabdeb
 msgid "Language addition"
 msgstr ""
 
 #: readme.rst:17
 #: ../../canaille/translations/README.rst:19
 #: readme.rst:17
-#: 85155247ccbe4cdda3c379b515fd2413
-#: 04039c23ea56483b9ccf96d20f26f2bd
-#: ba0855443a6f465d9274426f59f251de
+#: 5429b47768e2472ea597ed48140a5621
+#: 5429b47768e2472ea597ed48140a5621
+#: 015d6a437f7e4d099c8cad60986c0b68
 msgid "You can add a new language manually with the following command, however this should not be needed as Weblate takes car of this:"
 msgstr ""
 
 #: ../../canaille/translations/README.rst:26
-#: d186ca49fae24bbd9d3c28120601a60e
+#: bdfbb4ef60c54b26abf457ba930b7fcf
 msgid "Catalog update"
 msgstr ""
 
 #: ../../canaille/translations/README.rst:28
-#: 0ed1087f30a74059b6c7e0e06de6573d
+#: 94b8fc10d3aa4e05b54d619c4b1aaa25
 msgid "You can update the catalogs with the following command, however this should not be needed as Weblate automatically update language catalogs when it detects new strings or when someone translate some existing strings. Weblate pushes happen every 24h."
 msgstr ""
 
 #: ../../canaille/translations/README.rst:36
-#: ddf0e21cf51b4dc79d6250343d97b0d1
+#: f232cbfdd201463ab74fe71353c8e23b
 msgid "Catalog compilation"
 msgstr ""
 
 #: ../../canaille/translations/README.rst:38
-#: 6ef8340ccc2c46ea99f8d0de91ee483a
+#: 3c756dd105564866a8d74e994e65f2b6
 msgid "You can compile the catalogs with the following command, however this should not be needed as catalogs are automatically compiled before running the unit tests, before launching the demo and before compiling the Canaille python package:"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:219
-#: 1de2a285415949c49cad5e827186884c
+#: 4ff341d941384c029ed9c0b49d1062f9
 msgid "Documentation translation"
 msgstr ""
 
 #: readme.rst:1
 #: readme.rst:1
-#: 3f134d116261469d8e6e9a05b5c47b47
-#: 82307c31bbd04c86b438e8a4e005cbfd
+#: 35fff9d115334ec6aa6a99ec5da8a27f
+#: 7abe83f2eeb54b3f9f3d1a8542696765
 msgid "Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/documentation>`__."
 msgstr ""
 
 #: readme.rst:3
 #: readme.rst:3
-#: e68bab4e55074d099971067e8585e7bc
-#: 36d72bb59c6442f0ac0078ec35cff7db
+#: de92a131ecf44614963dd89770f593ae
+#: 0ca00925251d48668c7673ddece41d66
 msgid "The following commands are there as documentation, only the message extraction and the language addition is needed for contributors."
 msgstr ""
 
 #: readme.rst:24
 #: readme.rst:24
-#: 2249c8bd3ebb4123b1b85e55d501a414
-#: 592956cc63d849ad8f23d530a03daa2a
+#: 3d142fe9f633400ea029e949f1e869ee
+#: 74cc2740b1584972aa3c0e672dff5f3e
 msgid "Build the documentation in another language"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:224
-#: ccb55b67aa5c4d8baf4a4a56eb19fe8c
+#: 4b1dc3dae99f4c6fbbeec3e54be3e922
 msgid "Publish a new release"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:226
-#: a2df8944754246d4a92c6e7f76b8273a
+#: 975b37a07edc4a42bbef14c2ca80a34f
 msgid "Check that dependencies are up to date with ``uv sync --all-extras --upgrade`` and update dependencies accordingly in separated commits;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:227
-#: 4d2be841e11345a7a9f62a7f7e0d46b3
+#: e9bd8386c6c64ef99aac12ee831f39d1
 msgid "Check that tests are still green for every supported python version, and that coverage is still at 100%, by running ``uv run tox``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:228
-#: 69338c8be69e45659eada1ffe5c0f67c
+#: 3e7d5493a8e44c1a9067010115678723
 msgid "Check that the demo environments are still working, both the local and the Docker one;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:229
-#: 8bba3fab5e164ade8916c47fb38a9c19
+#: fe7867ea9416424e81c518f77853958a
 msgid "Check that the :ref:`development/changelog:Release notes` section is correctly filled up;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:230
-#: 7be3604476174714a93fb5c8673febf7
+#: 7d89adc1c3e6478ab9e8faa02f97bf03
 msgid "Increase the version number in ``pyproject.toml``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:231
-#: e8b5c52d84d94d809eb6fd08e9a61939
+#: a376131776cd4e469611fa3ad6749be9
 msgid "Commit with ``git commit``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:232
-#: 70de3f18c0d144c8b5e6ad264629491e
+#: 655fd489e5324dc5b6172d438a6b8e3e
 msgid "Build with ``uv build``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:233
-#: 54bbdc2762b14df98894d94d760597b9
+#: 79fc61b7c13647a285a918a0c126ea53
 msgid "Publish on test PyPI with ``uv publish --publish-url https://test.pypi.org/legacy/``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:234
-#: 327a4abb66b14f95821cf861312ff6be
+#: 93540129ce0c440eba4da63ed3ddb769
 msgid "Install the test package somewhere with ``pip install --extra-index-url https://test.pypi.org/simple --upgrade canaille``. Check that everything looks fine;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:235
-#: 270ce1780553422780cddbbca1791bbd
+#: 8a73b31d1fe14fdda15e6c2dea0cafc9
 msgid "Publish on production PyPI ``uv publish``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:236
-#: 35cf31b173f34bb2b6ffc0d5cb0931a9
+#: 93131bb37ccc4207825449d393f92201
 msgid "Tag the commit with ``git tag XX.YY.ZZ``;"
 msgstr ""
 
 #: ../../CONTRIBUTING.rst:237
-#: 673bf114db3945dbbe806b281a6bc1d6
+#: a98a5168d5f949ec9e96f16d8ff8b6f5
 msgid "Push the release commit and the new tag on the repository with ``git push --tags``."
 msgstr ""
 
 #: ../development/index.rst:2
-#: 82f9846032eb48449059b9b21039acf3
+#: c0f14bad2988468fa0700bbd47fe1de0
 msgid "Development"
 msgstr ""
 
 #: ../development/specifications.rst:2
-#: 68b9e4a665f74983994ec7f7820a6555
+#: 156d2082306649a89c7c6ff9b0879911
 msgid "Specifications"
 msgstr ""
 
 #: ../development/specifications.rst:4
-#: a91f12df80654d7a9159894525f0a1fa
+#: 2c830d15b604470ca1912e9a07b2deb6
 msgid "This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers."
 msgstr ""
 
 #: ../development/specifications.rst:7
-#: 798ff9024fa049a5889c4e9f725985f4
+#: bfa87dc7f42445fb96172a2ce7643950
 msgid "State of the specs in Canaille"
 msgstr ""
 
 #: ../development/specifications.rst:10
-#: faec5be28e9d4a0380914450cb563d74
+#: b57576e6aa1e46c0ab9b0d74e40f7a1c
 msgid "OAuth2"
 msgstr ""
 
 #: ../development/specifications.rst:12
-#: bc158a2abfdf4e669db0bf71ac12e539
+#: 44156ac1d21c44f89d2090ae27ad397e
 msgid "✅ `RFC6749: OAuth 2.0 Framework <https://tools.ietf.org/html/rfc6749>`_"
 msgstr ""
 
 #: ../development/specifications.rst:13
-#: 41aacf25a278469488576916b0dc1100
+#: 3dd5d1bc312e4808b9dfb7e906f9a1b3
 msgid "✅ `RFC6750: OAuth 2.0 Bearer Tokens <https://tools.ietf.org/html/rfc6750>`_"
 msgstr ""
 
 #: ../development/specifications.rst:14
-#: c84b09e12da74d1e9bb498f4abd41cef
+#: 3f7c67f6ca7049a0a99455d27e7b9278
 msgid "✅ `RFC7009: OAuth 2.0 Token Revocation <https://tools.ietf.org/html/rfc7009>`_"
 msgstr ""
 
 #: ../development/specifications.rst:15
-#: 319878f12ee94c71bcd20839b8e9cdf2
+#: b11098fcf9e64dfca026aa25e97624cc
 msgid "❌ `RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants <https://tools.ietf.org/html/rfc7523>`_"
 msgstr ""
 
 #: ../development/specifications.rst:16
-#: 7c8c430d14b04548a82b1f6c5b41edef
+#: 0213796d176a4938a10c902cfb737a18
 msgid "✅ `RFC7591: OAuth 2.0 Dynamic Client Registration Protocol <https://tools.ietf.org/html/rfc7591>`_"
 msgstr ""
 
 #: ../development/specifications.rst:17
-#: a0eeca49247d4d0a858fbd68b8feae7a
+#: afdc8def073c495e8bb24a1ec6a0d62a
 msgid "✅ `RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol <https://tools.ietf.org/html/rfc7592>`_"
 msgstr ""
 
 #: ../development/specifications.rst:18
-#: 6ba8732c85c743c3ac3f63b40fbf3aa2
+#: f592e7f0f2074289b67beb893604277d
 msgid "✅ `RFC7636: Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_"
 msgstr ""
 
 #: ../development/specifications.rst:19
-#: 338bb06b2df547edbe50a150b4d8c146
+#: bc914d1d327d4ce6a638c5245c4cfcc3
 msgid "✅ `RFC7662: OAuth 2.0 Token Introspection <https://tools.ietf.org/html/rfc7662>`_"
 msgstr ""
 
 #: ../development/specifications.rst:20
-#: 1663509c8aa249af8ec326ae877e7044
+#: 08bbaa19162d456899ba99be7b0f9e3d
 msgid "✅ `RFC8414: OAuth 2.0 Authorization Server Metadata <https://tools.ietf.org/html/rfc8414>`_"
 msgstr ""
 
 #: ../development/specifications.rst:21
-#: 37a881c253ff4c87b340587a85546041
+#: abbbc93f57ba4660bafa5396616419d8
 msgid "❌ `RFC8428: OAuth 2.0 Device Authorization Grant <https://tools.ietf.org/html/rfc8428>`_"
 msgstr ""
 
 #: ../development/specifications.rst:22
-#: 5398a841990f4e6ea8b40b97e9a32097
+#: a9adf95822164ad9a91366b631a095ab
 msgid "❌ `RFC8693: OAuth 2.0 Token Exchange <https://tools.ietf.org/html/rfc8693>`_"
 msgstr ""
 
 #: ../development/specifications.rst:23
-#: 2045b4c2c1bf4d808e03894e4b365fb8
+#: fac77fd04d2c457cbdda2f46d21a549d
 msgid "❌ `RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens <https://tools.ietf.org/html/rfc8705>`_"
 msgstr ""
 
 #: ../development/specifications.rst:24
-#: 107a0959842641af8fa7f1382928f2e1
+#: 772cbe80f8cd44faa3230ee4e690e5f3
 msgid "❌ `RFC8707: Resource Indicators for OAuth 2.0 <https://tools.ietf.org/html/rfc8707>`_"
 msgstr ""
 
 #: ../development/specifications.rst:25
-#: b6b8eaed434f47bfb07f5d077c670b22
+#: 8b06eb72e70742fc821332a4676ba48e
 msgid "❌ `RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens <https://tools.ietf.org/html/rfc9068>`_"
 msgstr ""
 
 #: ../development/specifications.rst:26
-#: 48f411a150274d74b09dd3111d70d4ef
+#: 088615a4afdc48a5b6449df856cb1eb3
 msgid "❌ `RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) <https://tools.ietf.org/html/rfc9101>`_"
 msgstr ""
 
 #: ../development/specifications.rst:27
-#: 68ff3ad36aa1400e85a6f6703f5d75ae
+#: 4bd307887c6a4dcebb9d5ff9b9c3176a
 msgid "❌ `RFC9126: OAuth 2.0 Pushed Authorization Requests <https://tools.ietf.org/html/rfc9126>`_"
 msgstr ""
 
 #: ../development/specifications.rst:28
-#: 312945002b5f49a5ac6e6d797e9322d0
+#: bf777af155ec47bb85265068ff053b85
 msgid "❌ `RFC9207: OAuth 2.0 Authorization Server Issuer Identification <https://tools.ietf.org/html/rfc9207>`_"
 msgstr ""
 
 #: ../development/specifications.rst:29
-#: 6f0f83d947a3442c84f44b67f11184b3
+#: 06b84e457b3f423099a45450e8be7b96
 msgid "❌ `RFC9394: OAuth 2.0 Rich Authorization Requests <https://www.rfc-editor.org/rfc/rfc9396.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:30
-#: f11bf858bc1342a781c9139f05938eae
+#: 17a488e183c64a7696ff1f8b3f02e3d8
 msgid "❌ `OAuth2 Multiple Response Types <https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:31
-#: d2e5d74b4dd94d85a5d431f60f875dbc
+#: 28df30b698994c9ebb429fbe577701ac
 msgid "❌ `OAuth2 Form Post Response Mode <https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:34
 #: ../features.rst:223
-#: 8f72523ff51c4575b94efb2d3ce15f6b
-#: f36365f798bf4a29a1c762d3d984b773
+#: 273611a66c514122bd1b8986c81f8464
+#: 511272a32c844e4cb9ca0d2c2b0aeb42
 msgid "OpenID Connect"
 msgstr ""
 
 #: ../development/specifications.rst:36
-#: cf8887ca156c4c1c9888a84fc8065530
+#: 1b811c589c884281a965b470a69c935c
 msgid "✅ `OpenID Connect Core <https://openid.net/specs/openid-connect-core-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:37
-#: 5c4310f0f040430fbc2a843183e96fd8
+#: 8eb4c67d2de84a09ba6681ab0ad1dcf0
 msgid "✅ `OpenID Connect Discovery <https://openid.net/specs/openid-connect-discovery-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:38
-#: 5d5801df6b9c4bf4a6a02e97b8ced460
+#: 3dd0ab1827034c7f8bb58dd56463cb2a
 msgid "✅ `OpenID Connect Dynamic Client Registration <https://openid.net/specs/openid-connect-registration-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:39
-#: 7d48e73edb044c8e85e6210edc4c327b
+#: 5202769d4fed46999e56f7d6a0a03c5d
 msgid "✅ `OpenID Connect RP Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:40
-#: cdef4546f7dc4de8865f7a1302d4ba5d
+#: 768d7dd2182a418fb9344db3f5cba48a
 msgid "❌ `OpenID Connect Session Management <https://openid.net/specs/openid-connect-session-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:41
-#: 21aa2648b1f64ffeabe2a6123a75c27d
+#: bffbc632d9bf4c89b64bb51cdece0844
 msgid "❌ `OpenID Connect Front Channel Logout <https://openid.net/specs/openid-connect-frontchannel-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:42
-#: dac849b7b0ae48afb3e07330a4155e85
+#: 3001306e82cc4e9b80078a4631c791f9
 msgid "❌ `OpenID Connect Back Channel Logout <https://openid.net/specs/openid-connect-backchannel-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:43
-#: 9465d51e2c23461486052de55942bbea
+#: 3e1058c4a8154eb58a563e171a03a51b
 msgid "❌ `OpenID Connect Back Channel Authentication Flow <https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:44
-#: b4f2991cded34e7190e7e7185828536c
+#: 7d20317b02f54007a0d6e9e79b82b243
 msgid "❌ `OpenID Connect Core Error Code unmet_authentication_requirements <https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:45
-#: 1cb0fe5d644c49b2a1c6c7af780c407a
+#: cc695337a4a4431c9a62bdc2471f489d
 msgid "✅ `Initiating User Registration via OpenID Connect 1.0 <https://openid.net/specs/openid-connect-prompt-create-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:46
-#: 7c15c3d629b44469bb0feba2b79e0522
+#: 6cfd3e82e2bb4f80a58d8864be2ef301
 msgid "❌  `OpenID Connect Profile for SCIM Services <https://openid.net/specs/openid-connect-scim-profile-1_0.html>`_"
 msgstr ""
 
 #: ../development/specifications.rst:49
 #: ../development/specifications.rst:108
-#: 81a42181f7ed4f43b5fc6af1bae15e65
-#: 81a42181f7ed4f43b5fc6af1bae15e65
+#: d9278a9cbe784818b57f9fd9d76dda68
+#: d9278a9cbe784818b57f9fd9d76dda68
 msgid "SCIM"
 msgstr ""
 
 #: ../development/specifications.rst:51
-#: c3e061fe92e4451ea24e50dacd112c46
+#: 6599ee73d8ab49579b0e09836d421750
 msgid "Canaille provides a basic SCIM server implementation."
 msgstr ""
 
 #: ../development/specifications.rst:53
-#: aefb1b937f7a4e35a4eae6d8648c6303
+#: c91f11a0512e4782981c5bb98a8038d7
 msgid "🟠 `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements <https://www.rfc-editor.org/rfc/rfc7642>`_"
 msgstr ""
 
 #: ../development/specifications.rst:54
-#: 6193cd6fb48643e99f0e2018dbdaba83
+#: 2f4ea31b4c80425a8e3075b8597ae8e5
 msgid "🟠 `RFC7643: System for Cross-domain Identity Management: Core Schema <https://www.rfc-editor.org/rfc/rfc7642>`_"
 msgstr ""
 
 #: ../development/specifications.rst:55
-#: 9b124b409b3041f5bdefedf9b0593d06
+#: 6ffdb285557144afb301b05c33fecddf
 msgid "🟠 `RFC7644: System for Cross-domain Identity Management: Protocol <https://www.rfc-editor.org/rfc/rfc7642>`_"
 msgstr ""
 
 #: ../development/specifications.rst:57
-#: e6062c405e8948d38ec280a762370179
+#: 0b5af403924542a99c63f28eaab81ca5
 msgid "Client-side implementation (i.e. broadcasting changes on users and groups among clients) and advanced features will be implemented in the future."
 msgstr ""
 
 #: ../development/specifications.rst:60
-#: da7a2a26dbfb494abca9e21b3178087e
+#: f4700ad912314bfc8d66be8471a4c772
 msgid "What's implemented"
 msgstr ""
 
 #: ../development/specifications.rst:62
 #: ../development/specifications.rst:83
-#: f00bbd829f164b10bea0b4a04ac7123d
-#: e66e2017457c4526a39df9630674c5ac
+#: a221acec85ca4725b2951cb9b51e20d5
+#: a3820ca28394481b85c5906175c9211b
 msgid "Endpoints:"
 msgstr ""
 
 #: ../development/specifications.rst:64
-#: 0eb744fd5a6c4e60a41e71982f000800
+#: fda698ab71304acb81f54cb02fbeea05
 msgid "/Users (GET, POST)"
 msgstr ""
 
 #: ../development/specifications.rst:65
-#: f537052ae8b94a3a83c0e84c52855dc7
+#: 888be4da4f194f319087de8e766157f2
 msgid "/Users/<user_id> (GET, PUT, DELETE)"
 msgstr ""
 
 #: ../development/specifications.rst:66
-#: 3b4e9d3e1079430b97611c8dadee4395
+#: 172c39c33a9d4449b9fa08649f7e1db5
 msgid "/Groups (GET, POST)"
 msgstr ""
 
 #: ../development/specifications.rst:67
-#: 3e673b4744e945b89c77ced8145f54fc
+#: 351bfa9248414180b3e2e12f3e39a7cc
 msgid "/Groups/<user_id> (GET, PUT, DELETE)"
 msgstr ""
 
 #: ../development/specifications.rst:68
-#: c279b1a6193b4de49c1ac392b9c9f1f8
+#: 0b3147e232df4562abe864dcc3c62600
 msgid "/ServiceProviderConfig (GET)"
 msgstr ""
 
 #: ../development/specifications.rst:69
-#: 833aa61f227c44bebf4cab293e712391
+#: d12ef72fdb2a4faf91c5f3a6606e09d3
 msgid "/Schemas (GET)"
 msgstr ""
 
 #: ../development/specifications.rst:70
-#: 437a13d677eb4961a96df34b5f5081dc
+#: 3a2387dace19496d9539e3adb6b3a634
 msgid "/Schemas/<schema_id> (GET)"
 msgstr ""
 
 #: ../development/specifications.rst:71
-#: 31b2a6d444504b8c88257b25f6fd6467
+#: 7bd1a03ce13a4a519529ffa633c39dad
 msgid "/ResourceTypes (GET)"
 msgstr ""
 
 #: ../development/specifications.rst:72
-#: e9a55c28a7944c5fbaa20d14508ac6ed
+#: 7bc66e9808184fa28e9af54c0a2ca411
 msgid "/ResourceTypes/<resource_type_id> (GET)"
 msgstr ""
 
 #: ../development/specifications.rst:74
-#: 7bd6fb34cea64198b21ae7f53d85a6a5
+#: 65ccf2057cb044258e738dd9dcfb0582
 msgid "Features:"
 msgstr ""
 
 #: ../development/specifications.rst:76
-#: bb39dc2c17084a99bfe91991bff98c65
+#: ef940c8ad25f4e97a8d4fa1ee9bfd786
 msgid ":rfc:`pagination <7644#section-3.4.2.4>`"
 msgstr ""
 
 #: ../development/specifications.rst:81
-#: da7a2a26dbfb494abca9e21b3178087e
+#: f4700ad912314bfc8d66be8471a4c772
 msgid "What is not implemented yet"
 msgstr ""
 
 #: ../development/specifications.rst:85
-#: 3f5bbff2d4e645e2bac778dfde9ed8dc
+#: 76085a65129e4d1387aa1ccb5b5b2bba
 msgid "/Users (PATCH)"
 msgstr ""
 
 #: ../development/specifications.rst:86
-#: b04a230b285c4f929df30d29d39f4adc
+#: da3a2dd71b204dd8941958051a0ca269
 msgid "/Groups (PATCH)"
 msgstr ""
 
 #: ../development/specifications.rst:87
-#: a9624bebc96e4cde8a86dca7891fc608
+#: 1936b0ba8c5743b397c3dcc914f453fc
 msgid ":rfc:`/Me <7644#section-3.11>` (GET, POST, PUT, PATCH, DELETE)"
 msgstr ""
 
 #: ../development/specifications.rst:88
-#: 0d99d94d47e2444bb6f01c2ec9473a56
+#: d6095a95a820448c8e93c6205907d2c0
 msgid ":rfc:`/Bulk <7644#section-3.11>` (POST)"
 msgstr ""
 
 #: ../development/specifications.rst:89
-#: 506274526a7647ceb7d2e5261bbf9651
+#: 8ae6230d4d04470587eabc0e85bfd237
 msgid ":rfc:`/.search <7644#section-3.4.3>` (POST)"
 msgstr ""
 
 #: ../development/specifications.rst:91
 #: ../features.rst:9
-#: 5939a5db19484022bdfaec1794dc1516
-#: f057b88a8b504465b8ed8e332fd5a830
+#: 8b8d299ade65429ab2a1739bbeca65b0
+#: 61a68141a485477a9fb49921e7b8aa3a
 msgid "Features"
 msgstr ""
 
 #: ../development/specifications.rst:93
-#: 6296feda85f44091a6fc410094a96b28
+#: f85742cf16c0404a99264064c75cebbd
 msgid ":rfc:`filtering <7644#section-3.4.2.2>`"
 msgstr ""
 
 #: ../development/specifications.rst:94
-#: 85a81b4268b44d729dfb8c5e7de75331
+#: e20e4adefa5947319005523f6b6a9377
 msgid ":rfc:`sorting <7644#section-3.4.2.3>`"
 msgstr ""
 
 #: ../development/specifications.rst:95
-#: 48122d4760344fb9ae3744592a4391d1
+#: 02742549d8f54bc18893ecb9c419809c
 msgid ":rfc:`attributes selection <7644#section-3.4.2.5>`"
 msgstr ""
 
 #: ../development/specifications.rst:96
-#: 2b86a717dda044408341557e54acab93
+#: 9e10ed15bc1b477ea12326a749bf64b8
 msgid ":rfc:`ETags <7644#section-3.14>`"
 msgstr ""
 
 #: ../development/specifications.rst:99
-#: efa9edcb4c094b339af9010d82b9f505
+#: ac600b38603f4fb999aebf5ffbe33cc7
 msgid "Comparison with other providers"
 msgstr ""
 
 #: ../development/specifications.rst:101
-#: cb82439c48684c8d919147a88247f36f
+#: 2ef9567e17694a669ed5071c882661ad
 msgid "Here is a feature comparison with other OpenID Connect server software."
 msgstr ""
 
 #: ../development/specifications.rst:103
-#: 47f5af9436b14ce8afaae2e08adceb8d
+#: d6d241980d3e46e192dd54a5082b0197
 msgid "Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple."
 msgstr ""
 
 #: ../development/specifications.rst:106
-#: 230957da07d14930aac58e75241f769b
+#: 0b9a4fba353c483692ed6fb04227691e
 msgid "Software"
 msgstr ""
 
 #: ../development/specifications.rst:106
-#: 1e53a394ee3f4824ac843953a1c6f6a4
+#: 62c2fe7c97644cfa8e7d297a337bfe36
 msgid "Project"
 msgstr ""
 
 #: ../development/specifications.rst:106
-#: da7a2a26dbfb494abca9e21b3178087e
+#: f4700ad912314bfc8d66be8471a4c772
 msgid "Protocols implementations"
 msgstr ""
 
 #: ../development/specifications.rst:108
-#: 54e482c6722046fc9cad9abdf6501ebf
+#: ea237be2a99a4940be67516a1b95d97d
 msgid "FLOSS"
 msgstr ""
 
 #: ../development/specifications.rst:108
-#: 27466fe335f14fc58651275455bc3b85
+#: 55d5dd9174f94ca9850b999864598259
 msgid "Language"
 msgstr ""
 
 #: ../development/specifications.rst:108
-#: a62b0ccd1e3642f1922043446575891c
+#: 27002c409c6440d29ae89e91559a6994
 msgid "LOC"
 msgstr ""
 
 #: ../development/specifications.rst:108
-#: 8a0ae563aeb34a48afdd436dfb90bdfb
+#: 3ba35fd6c6d44150b4b049cf603e4a85
 msgid "OIDC"
 msgstr ""
 
 #: ../development/specifications.rst:108
-#: 988a35af2eef476299eb83b8ae5a3849
+#: dc762bcd6eca4fc79dae1ca65c411351
 msgid "SAML"
 msgstr ""
 
 #: ../development/specifications.rst:108
-#: 32c77efb6cff4149868aa5ae1ea6e9d4
+#: 6ae5803282c4439a9e7b1c1570e4c505
 msgid "CAS"
 msgstr ""
 
 #: ../development/specifications.rst:110
-#: f48994303e73429c9073af002d2cbe8b
+#: f4c4ac6fdea74558a74bc9a3cefbb5c7
 msgid "Canaille"
 msgstr ""
 
@@ -2664,81 +2664,81 @@ msgstr ""
 #: ../development/specifications.rst:128
 #: ../development/specifications.rst:130
 #: ../development/specifications.rst:132
-#: 4384675732a44a5699eadf3db840ea68
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: a2b336de60474811a85371ac9b8fc936
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: f1e4ba474c2545f788b426e174b25269
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 45623bf338bb42e8b4a3f1276d08dbf8
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 5c1d5b1b5b9947169a6512526bf1354c
-#: bca0227caf0541afac9dde2ef357f96a
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 99c49b778a0248848dc909e7e9de6327
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 646e26dbbb6d4c158ff400b6c7ac4752
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 047de5aa45d14d57a0f7c65c16a25060
-#: 374cb94f40a9471e95364d0dca1f9a0c
-#: 726b27f2dcf347c0b5421f3e41bf3dba
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 9fc1f509353c4f6cab3f7c3b21883cf6
-#: eea6bc914188401e8e132b973e250a62
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: 92e87b99f7a1479aaa8dbca7200356e4
-#: 6f79ec5e229a4675b9b9a8c0d2700567
-#: cdd868b8d08c488f9f47c95e0acf3f1b
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: b36371c9f8004f0788446980ea23685a
-#: fc2c732457544aeab7c028832e170afd
-#: 47f38426ae2d4daf866ba55ca0fb065c
-#: 764feb42eb4f4c218bc5764f8d1076f3
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: a80e2f550fd842f3bdf85a6b83f985cd
-#: d2a83a7da92c4f599843afcaacff9727
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
-#: cecfeb6d9fb7420ca837b206d1d6764c
+#: 33e7166b401144bcadff959d61e03c4c
+#: c2035a448fa9405a92d51c9c90277394
+#: 7bba6b8427854a41b99c15b883290007
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: 588ab8a50fca4528b9a471dbddfb7d4a
+#: c2035a448fa9405a92d51c9c90277394
+#: ba65de35554741a48a7eb4a72fc66433
+#: c2035a448fa9405a92d51c9c90277394
+#: 4dd20636352243038f0bdad8d15e8449
+#: 5b23071246ab41f1abd1bfa5596a4b46
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c1aa2d442f2047f9a1194e38c2b1ddd1
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: ce03d94ab7954c02968bfb44eb0f72fd
+#: 9fb4e3e247d846419051f2852ffa3f31
+#: f5e5911bcb704af19c073370f437c1b4
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: e063ffcc58474df4a66b2814eb4c0f61
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: cff48ca4a13545309d9e1b58c3dede80
+#: e55ccef99f4a45be8fb35a1ed8bb1ac4
+#: 4b09487097334807804aaba873d4dc7b
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c9b45500d9d145a8862c978d95329330
+#: c34b7940cbbd4218af2cb94e8eb24fc7
+#: 8a394726b7b941dfbbd8af3e546782c1
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: f5320617a03e47dea905ac5a70208c70
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
+#: c2035a448fa9405a92d51c9c90277394
 msgid "✅"
 msgstr ""
 
 #: ../development/specifications.rst:110
 #: ../development/specifications.rst:116
-#: c38bff66a17c471fabb1344102a537ea
-#: c38bff66a17c471fabb1344102a537ea
+#: 86f975b8aaab4af9bfc62ef2df91ba28
+#: 86f975b8aaab4af9bfc62ef2df91ba28
 msgid "Python"
 msgstr ""
 
 #: ../development/specifications.rst:110
-#: 2898d3796e7c4b88b8b7a9f519d2fc45
+#: 3a757539fafc4e3aa92dbdec5227a2df
 msgid "10k"
 msgstr ""
 
@@ -2752,34 +2752,34 @@ msgstr ""
 #: ../development/specifications.rst:126
 #: ../development/specifications.rst:130
 #: ../development/specifications.rst:132
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: fff8dea44f12432098ca99ba6d1b5c2e
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
-#: 3a76f65f9cc740a5ac8954efd498ae76
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 94a1a61f502a42569788cfe93ad6bcf7
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
+#: 0baee04e46584b46ab2b5bd83dea4c0d
 msgid "❌"
 msgstr ""
 
 #: ../development/specifications.rst:110
-#: 5cfccc6b8c584d5cbdd54736cddb3502
+#: c3172c68b79b46e1ac155f9af8f8729f
 msgid "🟠"
 msgstr ""
 
 #: ../development/specifications.rst:112
-#: d9d78032f92a41c7bf30d755415a3cbb
+#: 41d7747dc9384c6b908b8394168b5b5a
 msgid "`Auth0`_"
 msgstr ""
 
@@ -2787,204 +2787,206 @@ msgstr ""
 #: ../development/specifications.rst:122
 #: ../development/specifications.rst:124
 #: ../development/specifications.rst:132
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
-#: 517701d2d9ae411db882f60fd1747fd0
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
+#: 8f85eeab9d6945af894c55e2a4aa0b9b
 msgid "❔"
 msgstr ""
 
 #: ../development/specifications.rst:114
-#: 1682bb5887184cd9bff0b61796d76876
+#: 47ff7b1213464f85b246c4282f3af933
 msgid "`Authelia`_"
 msgstr ""
 
 #: ../development/specifications.rst:114
 #: ../development/specifications.rst:118
 #: ../development/specifications.rst:126
-#: d82982be3ee7475a983ce04e39624c7b
-#: d82982be3ee7475a983ce04e39624c7b
-#: d82982be3ee7475a983ce04e39624c7b
+#: 5db56fd3e64948f5a108d2f74f7070b4
+#: 5db56fd3e64948f5a108d2f74f7070b4
+#: 5db56fd3e64948f5a108d2f74f7070b4
 msgid "Go"
 msgstr ""
 
 #: ../development/specifications.rst:114
 #: ../development/specifications.rst:126
-#: 44c24ba16cb6419abd4d3af84403a709
-#: 44c24ba16cb6419abd4d3af84403a709
+#: 741e97755b8c4478b7e19ba006898401
+#: 741e97755b8c4478b7e19ba006898401
 msgid "50k"
 msgstr ""
 
 #: ../development/specifications.rst:116
-#: 9110311d7f6e48b38ba0b32706d706e8
+#: 7fb71b70103e40eeb178e1281ea81de3
 msgid "`Authentic2`_"
 msgstr ""
 
 #: ../development/specifications.rst:116
-#: d5b5b77fa7e544278f1e017ebe7b9b73
+#: cb26c38797d9416fafe5d1a1b5c5b03b
 msgid "65k"
 msgstr ""
 
 #: ../development/specifications.rst:118
-#: 0f7c8328ceb74a3286d140ea99595441
+#: 6f7fc7bbb2694f09a12393a74ffc8013
 msgid "`Authentik`_"
 msgstr ""
 
 #: ../development/specifications.rst:118
-#: 9b22f0bb6f364ffba33f4906e6bca29d
+#: bb964534c0704925b6d856bd54af7c7f
 msgid "55k"
 msgstr ""
 
 #: ../development/specifications.rst:120
-#: 935dcdae37fe48a68e5dfb04ab8f64f8
+#: 4604cb0778044b63807b2be23ced893c
 msgid "`CAS`_"
 msgstr ""
 
 #: ../development/specifications.rst:120
 #: ../development/specifications.rst:124
 #: ../development/specifications.rst:128
-#: a9de8918cec743a1a9d325a74233ece4
-#: a9de8918cec743a1a9d325a74233ece4
-#: a9de8918cec743a1a9d325a74233ece4
+#: aa3618e441ac413e83acdfe56631d15a
+#: aa3618e441ac413e83acdfe56631d15a
+#: aa3618e441ac413e83acdfe56631d15a
 msgid "Java"
 msgstr ""
 
 #: ../development/specifications.rst:120
-#: fd1f63cd853f44e885dd67b3a6094f9a
+#: c316893b4f00454a8c5745071e0888b1
 msgid "360k"
 msgstr ""
 
 #: ../development/specifications.rst:122
-#: f10eb07a326744518a2f6b631cb88d15
+#: c8a158afb8d841209c20b9ef42e563cb
 msgid "`Connect2id`_"
 msgstr ""
 
 #: ../development/specifications.rst:124
-#: 4c26496dd0e544ef97d8d345c3d9169f
+#: a264cd68201c442faf08474397c550aa
 msgid "`Gluu`_"
 msgstr ""
 
 #: ../development/specifications.rst:126
-#: b505e8661bf24fe287f1fc77d1326ab2
+#: e54b53bfeafd4764b01095c1cd0077b7
 msgid "`Hydra`_"
 msgstr ""
 
 #: ../development/specifications.rst:128
-#: 53abb4819cbf4fb7ad273fa25556814e
+#: 87594578370246d494ef5e63196a3a92
 msgid "`Keycloak`_"
 msgstr ""
 
 #: ../development/specifications.rst:128
-#: 5d8e6ef889ba4715986a7a237b753297
+#: d6304d1f41714ad5af15edb6febbfbc5
 msgid "600k"
 msgstr ""
 
 #: ../development/specifications.rst:130
-#: 30fe26bf61584e29ac73c07d679ba6a5
+#: 2efe7957b848447dacfecb082a95c438
 msgid "`LemonLDAP`_"
 msgstr ""
 
 #: ../development/specifications.rst:130
-#: 12a5b8832f2b4831a41af30522055343
+#: cdd25b565e5d4de4b4202f82f4407843
 msgid "Perl"
 msgstr ""
 
 #: ../development/specifications.rst:130
-#: 42f8e0deef9246a5a4f9a3cb69a5966f
+#: 51b2d4fcc1fc43d2a692826a2b2c62d1
 msgid "130k"
 msgstr ""
 
 #: ../development/specifications.rst:132
-#: 8bcf4b8cde474ff49b0e8bbc96e52986
+#: 4c2a5d27487345f7bc3c1bbd0c897c47
 msgid "`Okta`_"
 msgstr ""
 
 #: ../features.rst:11
-#: ede71f0291474638a54b3c73dbf2e4bf
+#: 5dd070084abb440ebf87c36df501f197
 msgid "Here are the different features that Canaille provides. You can enable any of those features with the :doc:`configuration <references/configuration>` to fit any :doc:`use cases <usecases>` you may meet. Check our  :ref:`roadmap <features:Roadmap>` to see what is coming next."
 msgstr ""
 
 #: ../features.rst:15
-#: cf814f15959a43cfaa0392cd83755fce
+#: 83eef1f1157b4d37b4627438618f31ab
 msgid "Users can interact with Canaille through its :ref:`web interface <features:Web interface>` and administrators can also use its :ref:`command line interface <feature_cli>`. Canaille can handle data stored in different :ref:`database backends <feature_databases>`."
 msgstr ""
 
 #: ../features.rst:19
-#: 02e100abc6e44fe49224f9e4046dc49e
+#: 73c7e363c37147fc825deea06ee26975
 msgid "User and group management"
 msgstr ""
 
 #: ../features.rst:21
-#: 09d69566150048b4a17d192bfc4d5112
+#: e19b2b99a8544219b61bbedc1229e77c
 msgid "Canaille web interface can be used either in :doc:`production environments <tutorial/deployment>` or locally for development purposes."
 msgstr ""
 
 #: ../features.rst:26
 #: ../index.rst:27
-#: 4a8e8cfdbaaf4d86a28840ef0939d7d9
-#: 947ce49c0ff9406fb81b5e3cc5329c24
+#: 759b0714ba194bc5a5d043350cb4cd14
+#: dd79223676e0465293d1499d8929fa26
 msgid "Profile management"
 msgstr ""
 
-#: ../features.rst:-1
-#: d4de0b07d24e47b9aba16e48ed9cbe27
-#: 542fdff284144a8c805b4824d03d6b76
+#: ../features.rst:28
+#: ../features.rst:231
+#: 53e5483c51ae4df28138ae990c16de07
+#: 0a36f2261b84450b98131ff740f7ceb9
 msgid "Profile"
 msgstr ""
 
 #: ../features.rst:33
-#: c59d37a518514008bc2c6f2c18dd6326
+#: 864adfa77693422cad803b08d9187a5e
 msgid "Canaille provides an interface to manage user profiles."
 msgstr ""
 
 #: ../features.rst:35
-#: 8b67e3a00af440328b615d2921dc27a6
+#: 505ce537381249ec82445d38a4e093df
 msgid "The exact list of displayed fields, and whether they are :attr:`writable <canaille.core.configuration.ACLSettings.WRITE>` or :attr:`read-only <canaille.core.configuration.ACLSettings.READ>` depends on the user :class:`Access Control List settings (ACL) <canaille.core.configuration.ACLSettings>`."
 msgstr ""
 
 #: ../features.rst:37
-#: eb4ca5b563c44281aefc8d4ad4c549e8
+#: 625c7cea8a034a7ba263a71ce0587a26
 msgid "Depending on their ACL :class:`permissions <canaille.core.configuration.Permission>`, users can either be allowed to edit their own profile, edit any user profile, or do nothing at all."
 msgstr ""
 
 #: ../features.rst:42
-#: e4d34befed5941bab9161eb3c0330fad
+#: 530dac22b587444cbd5de9ba2d7a3a90
 msgid "Email confirmation"
 msgstr ""
 
 #: ../features.rst:44
-#: 28a9397d838e4ffaaf5c8f8558416355
+#: 2c3acd412bb944ab81ff2631784bff71
 msgid "If the :attr:`email confirmation feature <canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is enabled, any modification or addition of a profile email will send a confirmation mail to the new address. The mail will contain a link that users will need to click on to confirm their email address."
 msgstr ""
 
 #: ../features.rst:46
-#: d3563178a13d42268ae8a3f0cb15b90f
+#: 8d597149b59e45f896eff2baa716fc20
 msgid "Users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can set user emails without confirmation though."
 msgstr ""
 
 #: ../features.rst:51
-#: 280cf35bfcbe4a25b39bb567780bafdb
+#: 4a6be5a6b71a4a5ea35d7c4a41630e35
 msgid "Group management"
 msgstr ""
 
-#: ../features.rst:-1
-#: 1d74522e450c43f5adec93c195b5a356
-#: ca799065d4684b54940c65062bed411b
+#: ../features.rst:53
+#: ../features.rst:140
+#: 4824338c1fbf4fdd8c2e01534219ee98
+#: 3d8b9fc086e945d890bf9b3e01c82984
 msgid "Group edition"
 msgstr ""
 
 #: ../features.rst:58
-#: 1471f707ae604de8b2b0222ca43eb2c2
+#: afc7e192d41148e0a2ef8ec6f8944729
 msgid "In a similar fashion than :ref:`profile management <feature_profile_management>` Canaille provides an interface to manage user groups."
 msgstr ""
 
 #: ../features.rst:60
-#: 08eb7bac987947149589e0b40c938b0c
+#: b83c6d0af7fe45228496bb2c594cf88c
 msgid "The group management is quite simple at the moment and consists in a group name and description, and the list of its members. Group membership can be use as :attr:`ACL Filter <canaille.core.configuration.ACLSettings.FILTER>` to define user permissions."
 msgstr ""
 
@@ -2993,772 +2995,772 @@ msgstr ""
 #: ../features.rst:149
 #: ../tutorial/deployment.rst:13
 #: ../tutorial/provisioning.rst:21
-#: 4ca7b990ff9c429aa56f1ec0ab57aef9
-#: 2cf4c2bbf0ab431f857b4fe0f7b840a0
-#: 1382b05cef654b76b8fb57324f33b950
-#: 757f761fb4724713bdc1308505431bfb
-#: 12614607f99a412c9cf9f161db77c3ac
+#: 6fdf0a969ccb49e1bf9bfc28f4df9169
+#: 4065a0b70a1444058df3bb16f0abc445
+#: bc0be7a805e04b5f91b89db28d7dffae
+#: 7ab21494d11e4287acffeb771f8f5244
+#: 9df6890219304d7dbb04c9b7817147f5
 msgid "Todo"
 msgstr ""
 
 #: ../features.rst:64
-#: 89199041503f41d3b7cad73267f4cf96
+#: 60eafd84b6934482b1ec0831e6aaa3b7
 msgid "At the moment adding an user to a group can only be achieved by the user settings page, but we are :issue:`working to improve this <192>`."
 msgstr ""
 
 #: ../features.rst:66
-#: fcdf9f9d5f1e4723b46a2ca1fc89539e
+#: 6440e19e527d4d5f8abc44d99c8a3dba
 msgid "Group management can be enable with a :attr:`dedicated user permission <canaille.core.configuration.Permission.MANAGE_GROUPS>`."
 msgstr ""
 
 #: ../features.rst:69
-#: 95eff978c7994138a3200e090c84471d
+#: 2382414ec97641a4925e741a26ae3148
 msgid "Due to limitations in the :ref:`LDAP backend <tutorial/databases:LDAP>`, groups must have at least one member. Thus it is not possible to remove the last user of a group without removing the group."
 msgstr ""
 
 #: ../features.rst:75
 #: ../index.rst:34
-#: 177c53d2c6094d43875d87ca2a55ed98
-#: 937baa96f2514cdaad76f4d28816abe7
+#: b136f97d836d4c8dbb63cd671ceebe4e
+#: 76d8725ced9e421f98de5fb1e1ee01a2
 msgid "User authentication"
 msgstr ""
 
 #: ../features.rst:77
-#: d461efae4b9d41e4b7dba32a75588df0
+#: 022b43e4ff7f4932aa151eaade78aeb6
 msgid "Unless their account is :ref:`locked <feature_account_locking>`, users can authenticate with a login and a password."
 msgstr ""
 
 #: ../features.rst:81
-#: 3c53cd1507ce48c780297457fc4efd97
+#: 1a8cb7dc227a452b81768be3758a8fb4
 msgid "For security reasons, it won't be told to users if they try to sign in with an unexisting logging, unless explicitly :attr:`set in the configuration <canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS>`."
 msgstr ""
 
 #: ../features.rst:83
-#: 80eee19145c64fbc9ea0c26464fab965
+#: 778349cb3c344689bd8cc06184005e10
 msgid ":ref:`LDAP backend <tutorial/databases:LDAP>` users can define which :class:`user field <canaille.core.models.User>` should be used as the login (such as :attr:`~canaille.core.models.User.user_name` or :attr:`~canaille.core.models.User.emails`) using a :attr:`configuration parameter <canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER>`, but other backends can only login using :attr:`~canaille.core.models.User.user_name`. We are :issue:`working to improve this <196>`."
 msgstr ""
 
 #: ../features.rst:88
-#: 560be09061014d5485f75f3c90d3790c
+#: aa467ae3118543ed94401a8ca23776f1
 msgid "User registration"
 msgstr ""
 
 #: ../features.rst:90
-#: 4780fab4d36744c6991df9ae3919e4a0
+#: c81ba8ba520c4d8bb6c8475fe023404b
 msgid "Users can create accounts on Canaille if the :attr:`registration feature <canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION>` is enabled. They will be able to fill a registration form with the fields detailed in the default :class:`ACL settings <canaille.core.configuration.ACLSettings>`."
 msgstr ""
 
 #: ../features.rst:92
-#: f1e0991feda34f918887bf7653c16801
+#: c1f2442a948d414e9b9983d79aa91ae4
 msgid "If :attr:`email confirmation <canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is also enabled, users will be sent a confirmation link to their email address, on which they will need to click in order to finalize their registration."
 msgstr ""
 
-#: ../features.rst:-1
 #: ../features.rst:97
-#: 6edf18a1ecff4430baaed61db6717c23
-#: a2293ea9f6564b6b8bc9c02c5a8f0f40
+#: ../features.rst:99
+#: 3d200c871e19420db3ce1885f7414a3c
+#: 7bf61d1ad01240f7b1ed2db4ab0fdf77
 msgid "User invitation"
 msgstr ""
 
 #: ../features.rst:104
-#: 7f4e56bdbb9842beba1644e2fabad41f
+#: 134f042cb892434e922c01d62222ed54
 msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can create an invitation link for one user."
 msgstr ""
 
 #: ../features.rst:106
-#: 05145189cce34c4d80a56aa785cee5f5
+#: e054dbb49f644364a6aaadcb2f5a0024
 msgid "The link goes to a registration form, even if regular :ref:`user registration <feature_user_registration>` is disabled."
 msgstr ""
 
 #: ../features.rst:108
-#: 24a4d13134934174aaedf461e03f2363
+#: 536cbb5eff1444dda4ac45998d356fe6
 msgid "It can be automatically sent by email to the new user."
 msgstr ""
 
 #: ../features.rst:113
-#: a05444b5846248f9aebaa28b316be1b8
+#: c24731829c1949aeb3f54f0167ed8b37
 msgid "Account locking"
 msgstr ""
 
 #: ../features.rst:115
-#: 1c40bbaf596c4a28993904e4aab8b076
+#: 48e7bf2282b5487f9437be3863edc5ed
 msgid "If Canaille is plugged to a :ref:`backend <feature_databases>` that supports it, user accounts can be locked by users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>`. The lock date can be set instantly or at a given date in the future."
 msgstr ""
 
 #: ../features.rst:118
-#: e6053c7a0e4c4feabd77b2aa14c50018
+#: 31e7e6b90652414ab1b450f98ddb7d53
 msgid "At the moment a user account is locked:"
 msgstr ""
 
 #: ../features.rst:120
-#: 1614c2a9020a4da58427064a8b480050
+#: 6be8caf7464643e99cb2614ce0138045
 msgid "their open sessions will be closed;"
 msgstr ""
 
 #: ../features.rst:121
-#: bd083a39c3e94f20b0ca06eb45a6ee68
+#: 93da628150674abe85e3ff8f27e83c0a
 msgid "they won't be able to sign in again;"
 msgstr ""
 
 #: ../features.rst:122
-#: 3f671916358b469d91fb687a638b5c39
+#: e5196d576eb445d9aa83989d6f241c42
 msgid "no new OIDC token will be issued;"
 msgstr ""
 
 #: ../features.rst:124
-#: 2cc679d736b341e4bde79d159d806618
+#: c784a99a157b46028eb5c3543da73e38
 msgid "User accounts must be manually unlocked by an administrator for the users to regain access to those actions."
 msgstr ""
 
 #: ../features.rst:129
-#: fb080216984840ba99f095aece85255d
+#: da2f0b388508475cbb3fd080de1ff44c
 msgid "Account deletion"
 msgstr ""
 
 #: ../features.rst:131
-#: 1339699fc6974a4e8e1ab03633a79a69
+#: 5bc09c4f89764a1a950c44dc255b98d2
 msgid "Users with the :attr:`account deletion permission <canaille.core.configuration.Permission.DELETE_ACCOUNT>` are allowed to delete their own account."
 msgstr ""
 
 #: ../features.rst:133
-#: 65b2e1806f3a437aa8b5238f022e0352
+#: 85f4ea778e8f45f7841ddf39f1bc8b41
 msgid "Users that also have the :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` are also allowed to delete other users accounts."
 msgstr ""
 
 #: ../features.rst:138
-#: 278ed12bce6b4b318f677aa6d22138f5
+#: 86a66e197de94dcbb90d559730b89318
 msgid "Password recovery"
 msgstr ""
 
 #: ../features.rst:145
-#: c2409768ec7a46d584ed1ed235e7a4d0
+#: 6693db5e96354da69ed660a259c109ce
 msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured and the :attr:`password recovery feature <canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY>` is enabled, then users can ask for a password reset email if they cannot remember their password."
 msgstr ""
 
 #: ../features.rst:147
-#: 7dbfa07474cd40c7a7c17748fbb21a07
+#: 2f356fab771549f9bdca5fa4f3ca2e5e
 msgid "The email will be sent to the email addresses filled in their profile, and will contain a link that will allow them to choose a new password. ."
 msgstr ""
 
 #: ../features.rst:151
-#: 410c54a611eb4b1c8a372b80f744f941
+#: a603b57c4fc54e67ba04056b0037ae8e
 msgid "Check that password recovery is disabled on locked accounts."
 msgstr ""
 
 #: ../features.rst:156
-#: 2c4f6c64da0c42eab5520711fca1dc46
+#: 1bdb193d14a444a2a823f0dcef03e8ad
 msgid "Password reset"
 msgstr ""
 
 #: ../features.rst:158
-#: 383eb7a045cd41f0909ad9aad2601065
+#: 077ee41f3059484dad80b08733aae520
 msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can send password reset mails to users. The mails contains a link that allow users to choose a new password without having to retrieve the old one."
 msgstr ""
 
 #: ../features.rst:164
-#: 7be9af4a393e4203b3da626d93d71d69
+#: c4e7b07761674e608a0e2bfdd50a659a
 msgid "Password initialization"
 msgstr ""
 
 #: ../features.rst:166
-#: 02bd8f9a76fd4b66a8f803288246c0ef
+#: 5043df71775449a78e19ce0296f8d9ee
 msgid "User :attr:`passwords <canaille.core.models.User.password>` are optional. If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, when users with no password attempt to sign in, they are invited to click a button that will send them a password initialization mail. The mail contains a link that leads to a form that allows users to choose a password."
 msgstr ""
 
 #: ../features.rst:173
-#: 4f60c7a56e5544afa1bbaee9df0805e0
+#: 412b386c0c794b5d8c71ea7b51278da8
 msgid "Password compromission check"
 msgstr ""
 
 #: ../features.rst:175
-#: 3dc13b94cd014d6f976426da9840a3d6
+#: 35e11da6bbdf4e2da05a3a66c24e1dbe
 msgid "If :attr:`password compromission check feature <canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK>` is enabled, Canaille will check for password compromise on HIBP (https://haveibeenpwned.com/) every time a new password is register. You will need to set an :attr:`admin email <canaille.core.configuration.CoreSettings.ADMIN_EMAIL>`."
 msgstr ""
 
 #: ../features.rst:180
-#: d0049b96f7c1401a91d968aa93715930
+#: 478b4f7b443f4f728085a2ea686b0248
 msgid "Multi-factor authentication"
 msgstr ""
 
 #: ../features.rst:182
-#: c480b36838b64abbbe3986a7295613d5
+#: 2e2c9ae9e2e24bce942de98d12d7fb33
 msgid "If the :attr:`one-time password feature <canaille.core.configuration.CoreSettings.OTP_METHOD>` is set, then users will need to authenticate themselves using a one-time password via an authenticator app. Two options are supported : \"TOTP\" for time one-time password, and \"HOTP\" for HMAC-based one-time password. In case of lost token, TOTP/HOTP authentication can be reset by users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>`. If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured and the :attr:`email one-time password feature <canaille.core.configuration.CoreSettings.EMAIL_OTP>` is enabled, then users will need to authenticate themselves via a one-time password sent to their primary email address. If a :class:`smpp server <canaille.core.configuration.SMPPSettings>` is configured and the :attr:`sms one-time password feature <canaille.core.configuration.CoreSettings.SMS_OTP>` is enabled, then users will need to authenticate themselves via a one-time password sent to their primary phone number."
 msgstr ""
 
 #: ../features.rst:189
-#: a9118911f6a341a3b529fd8882c4e3e4
+#: cbba3fccd9f84230b6eb0774cfd7e109
 msgid "Web interface"
 msgstr ""
 
 #: ../features.rst:194
-#: 277603f8de354f15857ad0068f148115
+#: fab0081b9bd4460098de6df7d8c317b5
 msgid "Internationalization"
 msgstr ""
 
-#: ../features.rst:-1
-#: 6bc7d90be4bf486d8a2e84a48cc76b66
+#: ../features.rst:196
+#: 46cf7a3a3e9047439aa7fa6654b07921
 msgid "Translation state"
 msgstr ""
 
 #: ../features.rst:201
-#: a1f40124b57e452a85abf8af401dc2b1
+#: 0a5afedc31de47a28d0bf7842a8558cd
 msgid "Canaile will display in your :attr:`preferred language <canaille.core.models.User.preferred_language>` if available, or your browser language if available (and if it is not you can :ref:`help us with the translation <development/contributing:Code translation>`). If you prefer, you can also :attr:`force a language <canaille.core.configuration.CoreSettings.FAVICON>` for every users."
 msgstr ""
 
 #: ../features.rst:207
-#: 8bf0ddac3fee4b4f931bd704bbb167dc
+#: 2caebf718cab47029a83bb91253e36e5
 msgid "Lightweight"
 msgstr ""
 
 #: ../features.rst:209
-#: 3774910a87b34b9dba3b6c28a1e6ba68
+#: e3cbad3b2af0422287a92a4094559d8b
 msgid "The web interface is lightweight, so everything should load quickly. There is a few Javascript here and there to smooth the experience, but no Javascript at all is needed to use Canaille."
 msgstr ""
 
 #: ../features.rst:213
-#: 0da766448075460d9360204e6975a0f4
+#: a7db848b637a46b1874f04fb542009e2
 msgid "Customizable"
 msgstr ""
 
 #: ../features.rst:215
-#: 737f45bc79a542ee903e8349947c3b5f
+#: 0c829a128889493fbc97247a60390954
 msgid "The default theme should be good enough for most usages. It has a dark theme, display well on mobile, and let you choose a :attr:`logo <canaille.core.configuration.CoreSettings.LOGO>` and a :attr:`favicon <canaille.core.configuration.CoreSettings.FAVICON>`."
 msgstr ""
 
 #: ../features.rst:218
-#: 36b615461b0c49e9aca81c65a60c3308
+#: 3a69d40c024744af967a1408c054aca0
 msgid "If you need more you can also use a :attr:`custom theme <canaille.core.configuration.CoreSettings.THEME>`."
 msgstr ""
 
 #: ../features.rst:225
-#: 02908b4590a0462cac7afbc2fd17d7f6
+#: 003c4e8eee334a9d89486e2c0ae5d106
 msgid "Canaille implements a :ref:`subset<development/specifications:State of the specs in Canaille>` of the OAuth2/OpenID Connect specifications . This allows to provide :abbr:`SSO (Single Sign-On)` and :abbr:`SLO (Single Log-On)` to applications plugged to Canaille."
 msgstr ""
 
 #: ../features.rst:229
-#: f8c59847b97049d19a13ccaa6539f863
+#: 51e9a6e1ddb04b99a6a73135fc8728e7
 msgid "Consent management"
 msgstr ""
 
 #: ../features.rst:237
-#: 8e7afe2e2e6943feb664ab03ae9da770
+#: a613e3d10f1243f3bc5d4e796b278c89
 msgid "Users can give their consent to application requesting access to their personal information, and then revoke those consent at their will."
 msgstr ""
 
 #: ../features.rst:241
-#: c7a8da519165448ebc4e1c53eb25f207
+#: 115bec7ea8944f6ab98641d9bd2540ec
 msgid "Application management"
 msgstr ""
 
 #: ../features.rst:243
-#: 2e65c0c497da4a77bc85c9500a074047
+#: 526d36374a8747d6ad6280379bcf664c
 msgid "Users with the right :attr:`permission <canaille.core.configuration.Permission.MANAGE_OIDC>` can manager OIDC clients through the web interface."
 msgstr ""
 
 #: ../features.rst:245
-#: bafe35db98f749d99557feec3ceaf4e7
+#: 79f0217902dc4b2ca73128ff6c16e7b5
 msgid "In some cases, it might be useful to avoid the consent page for some trusted applications, so clients can be pre-consented."
 msgstr ""
 
 #: ../features.rst:248
-#: 76b48b09fc1c44038a697dfa816afbcc
+#: d1f7f85df6404afe91d29e4dee44be1d
 msgid "Discovery"
 msgstr ""
 
 #: ../features.rst:250
-#: f251fff6b3374ecd9fde5bdebced6313
+#: 8b306f1c76664574a0f3d85805a46d87
 msgid "Canaille implements the :doc:`Discovery specifications <development/specifications>` so most of the applications plugged to Canaille can auto-configure themselves."
 msgstr ""
 
 #: ../features.rst:253
-#: 4fac1fe3bcd346aeb34e8c600df0d542
+#: d5a2f0c4fa2f4363b5e87c4243376aaa
 msgid "Dynamic Client Registration"
 msgstr ""
 
 #: ../features.rst:255
-#: f53321a9a89d40c0b7fdc48be51240a4
+#: 800aec57df82487f80fc7da359dc5c34
 msgid "Canaille implements the :doc:`Dynamic Client Registration specifications <development/specifications>`, so when the :attr:`feature is enabled <canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN>`, clients can register themselves on Canaille without an administrator intervention."
 msgstr ""
 
 #: ../features.rst:258
-#: ec8846e6d8404a8185860b509814e54c
+#: 9cae9e0af58f499dac34354e9c12785d
 msgid "System administration"
 msgstr ""
 
 #: ../features.rst:263
 #: ../references/commands.rst:2
-#: 511d3810fbd4411dbf14065b1f014256
-#: a07ec9235c4347858a3f9dd667ade4b6
+#: 9b5fcf18f6214856ae377f83005f8309
+#: e2a97a5dfb5844f9a74c78b1a28ed23f
 msgid "Command Line Interface"
 msgstr ""
 
 #: ../features.rst:265
-#: 446a668dea4548ffb184afa168ed6115
+#: 98ef5f39d74944668dfff8b63d9d6199
 msgid "Canaille comes with a :abbr:`CLI (Command Line Interface)` to help administrators in hosting and management."
 msgstr ""
 
 #: ../features.rst:267
-#: 1b76ec06f2f841ccb8396a5345014ffd
+#: 9a30112ff2eb47c69263e73aa3c4ee15
 msgid "There are tools to :ref:`check your configuration <cli_check>` or to :ref:`install missing parts <cli_install>`. You can use the CLI to :ref:`create <cli_create>`, :ref:`read <cli_get>`, :ref:`update <cli_set>` and :ref:`delete <cli_delete>` models such as :class:`users <canaille.core.models.User>`, :class:`groups <canaille.core.models.Group>` or  :class:`OIDC clients <canaille.oidc.basemodels.Client>`."
 msgstr ""
 
 #: ../features.rst:270
-#: 9f10d5a6354c4cda8b1a4e652c129231
+#: 02d13c90aa8f41f5b1007cd67fcea510
 msgid "There are also tools to :ref:`fill your database <cli_populate>` with random objects, for tests purpose for instance."
 msgstr ""
 
 #: ../features.rst:275
 #: ../tutorial/databases.rst:2
-#: 3f06ed32b21149799d58c75cad1db5ff
-#: fbfabda71be84552b6583acdaa13af3e
+#: 0225297b7d884971a952f5ec904a15ac
+#: cf1fc0e0abb74b3ca66c1e92a5e773e9
 msgid "Databases"
 msgstr ""
 
 #: ../features.rst:277
-#: 004f29ea7eb74ee2912627a929e87f1c
+#: 1a7af5dc07fa4f6c9231664737ee46a7
 msgid "Canaille can handle data from the most :ref:`common SQL databases <tutorial/databases:SQL>` such as PostgreSQL, MariaDB or SQLite, as well as :ref:`OpenLDAP <tutorial/databases:LDAP>`. It also comes with a no-dependency :ref:`in-memory database <tutorial/databases:Memory>` that can be used in unit tests suites."
 msgstr ""
 
 #: ../features.rst:283
-#: 8add6581a16b4877a66ba7c8827152ca
+#: a6a6a7334af54051aebed82d83027ea8
 msgid "Logging"
 msgstr ""
 
 #: ../features.rst:285
-#: 1179b565c1de4b11a03ca824cce52977
+#: 9bc7705bd378459abf2f813381aa58a6
 msgid "Canaille writes :attr:`logs <canaille.core.configuration.CoreSettings.LOGGING>` for every important event happening, to help administrators understand what is going on and debug funky situations."
 msgstr ""
 
 #: ../features.rst:287
-#: a6282bdfca0b4e2c8ecfd02478d3623d
+#: 2aeb5161276a4f048c40a7256c3d7f0e
 msgid "The following security events are logged with the log level \"security\" for easy retrieval :"
 msgstr ""
 
 #: ../features.rst:289
-#: 49f7ec7627e7414aa616f1060c33d110
+#: ed4be0b57afe4ce9976c45f03c249444
 msgid "Authentication attempt"
 msgstr ""
 
 #: ../features.rst:290
-#: a26713f492ff4f14a2e3a881e7ab19f1
+#: 452456f9907e4bbd89439903c2fc9ebc
 msgid "Password update"
 msgstr ""
 
 #: ../features.rst:291
-#: ca7c103705f14293950cc12dedd96378
+#: 9ccb4ef2a139403c85223576eb87a182
 msgid "Email update"
 msgstr ""
 
 #: ../features.rst:292
-#: 0e01ba62ff054e4e849ae1d4c1f6fdee
+#: bd0936deb7994f8fb59f2f0a47115edc
 msgid "Forgotten password mail sent to user"
 msgstr ""
 
 #: ../features.rst:293
-#: 0e01ba62ff054e4e849ae1d4c1f6fdee
+#: bd0936deb7994f8fb59f2f0a47115edc
 msgid "One-time password mail sent to user"
 msgstr ""
 
 #: ../features.rst:294
-#: d0049b96f7c1401a91d968aa93715930
+#: 478b4f7b443f4f728085a2ea686b0248
 msgid "Multi-factor authentication reset"
 msgstr ""
 
 #: ../features.rst:295
-#: 8f4e5a1567114749b944d391c43ad2bb
+#: 02079fe76d2041aaba48a6b2079630f1
 msgid "Token emission"
 msgstr ""
 
 #: ../features.rst:296
-#: 04cf77b4e9514ab7805b4f4156209cff
+#: 814519684d8c47a5b0b5ae6eaa9aa66e
 msgid "Token refresh"
 msgstr ""
 
 #: ../features.rst:297
-#: ec6501d110694e58b6181468d6154bda
+#: 4489f99b64dd40248f28453fb8b4b0df
 msgid "Token revokation"
 msgstr ""
 
 #: ../features.rst:298
-#: 76f7ecd101a541d3a1dbb7b3090db868
+#: 99abcc04f85649c1b184e22e67b36f18
 msgid "New consent given for client application"
 msgstr ""
 
 #: ../features.rst:299
-#: 100d9e39db3644c78ed000b9d27342a4
+#: c64802d623a74d678c4aca29f82c39d7
 msgid "Consent revokation"
 msgstr ""
 
 #: ../features.rst:304
-#: 267852d80a8f4235af2ca961f8de8f09
+#: f9d92f5f76a745ee97ea36afc853c516
 msgid "Development and testing tool"
 msgstr ""
 
 #: ../features.rst:309
-#: 3dd5b1afcdf74705a07096fb3d7fd788
+#: 9c0500515a5847c2bec5b1bb743f42fc
 msgid "Unit-testing tool"
 msgstr ""
 
 #: ../features.rst:311
-#: 8c74a6c31d294bcb85e4fd0db0bb40fd
+#: b1dc62a0c2024ff1bd6682408301766a
 msgid "Thanks to its lightweight :ref:`in-memory database <tutorial/databases:Memory>` and its curated :ref:`dependency list <tutorial/install:Get the code>`, Canaille can be used in the unit test suite of your application, so you can check how it behaves against a real world OpenID Connect server. If you work with python you might want to check :doc:`pytest-iam:index`."
 msgstr ""
 
 #: ../features.rst:314
-#: 197c22656e1b44b89c3587f95b3bb5c8
+#: ff4f45059bc2485eb5fa0145f5f01f9a
 msgid "Development server"
 msgstr ""
 
 #: ../features.rst:316
-#: 5f930c719ffe484d9680e8d7f3169e54
+#: a430530dc1ac42b680a9024e920dad7d
 msgid "It can also being launched in your development environment, if you find that launching a Keycloak in a Docker container is too heavy for your little web application."
 msgstr ""
 
 #: ../features.rst:321
-#: e9cc836cf3d54a32ad7b1d691826bc39
+#: 3594d882079a4c89b28f0d9b25b5a647
 msgid "Continuous Integration tools"
 msgstr ""
 
 #: ../features.rst:323
-#: a4c714c1c0d44b7ab7a10dff7105a725
+#: f7bb141a215c46df915ce63b47f13cdb
 msgid "It also fits well in continuous integration scenarios. Thanks to its :ref:`CLI <feature_cli>`, you can prepare data in Canaille, let your application interact with it, and then check the side effects."
 msgstr ""
 
 #: ../features.rst:326
-#: cef90af6922045ccb06933f9c96c6f6e
+#: beb39ccb89e040118104ba0c0f41eb71
 msgid "Roadmap"
 msgstr ""
 
 #: ../features.rst:329
-#: 35efac03aaf843308e6941fa96ff921b
+#: 4fee3c311fe844bbb345bd5b562844ad
 msgid "Bêta version"
 msgstr ""
 
 #: ../features.rst:331
-#: 390267ac81744daf95a62fffcd0af834
+#: f699343ae7fe4f12a9d12f4692c22827
 msgid "To go out of the current Alpha version we want to achieve the following tasks:"
 msgstr ""
 
 #: ../features.rst:333
-#: 16cbac25ee2f420abda2992cd351559c
+#: c8aec1fe7d574a789319e75cc64bd2e7
 msgid ":issue:`Configuration validation using pydantic <138>`"
 msgstr ""
 
 #: ../features.rst:336
-#: 9f7d9a2a96974645bd8fc63a44d1a2c8
+#: 706d590389f54c40ba1b219877946bb5
 msgid "Stable version"
 msgstr ""
 
 #: ../features.rst:338
-#: 2736b944f850403f9592ba3265b6f986
+#: 54c0d4cc60054a5ebe7456575b1b70c3
 msgid "Before we push Canaille in stable version we want to achieve the following tasks:"
 msgstr ""
 
 #: ../features.rst:341
-#: 4a9ef596fb13405185ef106cd2dda007
+#: 7807e2d92e264bc78fd5b6a3c63beb3a
 msgid "Security"
 msgstr ""
 
 #: ../features.rst:343
-#: a09c2af5ad3e424eba893efd02faf213
+#: 577ab46503ee45e89daa8c42938635e5
 msgid ":issue:`Password hashing configuration <175>`"
 msgstr ""
 
 #: ../features.rst:344
-#: 3001ee87077c4479b3f3c8b3b5aecd33
+#: a337cb0aac704dbca90dd70f1d68456d
 msgid ":issue:`Authentication logging policy <177>`"
 msgstr ""
 
 #: ../features.rst:345
-#: e4387f0454dd483eb1c33ce14ef1d9ea
+#: 39adf64b80444b27bb6f9f11747a6960
 msgid ":issue:`Intruder lockout <173>`"
 msgstr ""
 
 #: ../features.rst:346
-#: e38560428a8f48528d9f02a5e00197fb
+#: 3eeac7b1dec04fe9b990864b8810db50
 msgid ":issue:`Password expiry policy <176>`"
 msgstr ""
 
 #: ../features.rst:347
-#: de013ed91c4443d190d9783c5cff060a
+#: 4ad4707b7d02481ab507ded2d410eb70
 msgid ":issue:`Multi-factor authentication: Email <47>`"
 msgstr ""
 
 #: ../features.rst:348
-#: d0049b96f7c1401a91d968aa93715930
+#: 478b4f7b443f4f728085a2ea686b0248
 msgid ":issue:`Multi-factor authentication: SMS <47>`"
 msgstr ""
 
 #: ../features.rst:349
-#: e5e2f43901ae4d00bd1c675076fb846d
+#: fd624a7e3d404428830928ee05ec5348
 msgid ":issue:`Multi-factor authentication: OTP <47>`"
 msgstr ""
 
 #: ../features.rst:352
-#: 277364ce7ca04a169409ad5acf68d075
+#: a6acbc89a16a4fad8658fb33764830ad
 msgid "Packaging"
 msgstr ""
 
 #: ../features.rst:354
-#: dece9c7d75d441cdbdce48eb7a4bebcf
+#: 575b556539994d1190e50cbfd0133bd4
 msgid ":issue:`Nix package <190>`"
 msgstr ""
 
 #: ../features.rst:355
-#: a53f52a497344bb6b889fa63de7d9c26
+#: f8facef108bf4d668509e57200f732bb
 msgid ":issue:`Docker / OCI package <59>`"
 msgstr ""
 
 #: ../features.rst:358
-#: 6a738414fcb944ac9c4d5b61a53f0d11
+#: 92825d26f07c4b718121c2784a9b6b81
 msgid "And beyond"
 msgstr ""
 
 #: ../features.rst:360
-#: 66a95c24a32940118517f6bb3bf27838
+#: ac17ddb06c4d400ebc190454535608c2
 msgid ":issue:`OpenID Connect certification <182>`"
 msgstr ""
 
 #: ../features.rst:361
-#: 73307b368d454e338ff4bbd05657bbcc
+#: 1b80703b0f434fe6ade3288840b9cf3c
 msgid ":issue:`SCIM support <116>`"
 msgstr ""
 
 #: ../index.rst:15
-#: 8d018998cb4b4ff38d92f2a73326716e
+#: 2c1f5afe842843a6bbedd65606fde0f5
 msgid "Lightweight Identity and Authorization Management"
 msgstr ""
 
 #: ../index.rst:19
-#: 55ed7b7eb88e42f78ef42eb5b55a3555
+#: 0fa9dc97ee984c00a9460a07144eba66
 msgid "**Canaille** is a French word meaning *rascal*. It is roughly pronounced **Can I?**, as in *Can I access your data?* Canaille is a lightweight identity and authorization management software. It aims to be very light, simple to install and simple to maintain. Its main features are :"
 msgstr ""
 
 #: ../index.rst:31
-#: d12af997fa5e48da987d2ecfcb4f149f
+#: 8b56e6fd5b374afbadf70d3371ad8538
 msgid "User profile and groups management, Basic permissions"
 msgstr ""
 
 #: ../index.rst:38
-#: ea53cfd918924c97a6726cfd357f5ce5
+#: ae2a113a2f63489ebb6a9696df422ed1
 msgid "Authentication, registration, email confirmation, \"I forgot my password\" emails"
 msgstr ""
 
 #: ../index.rst:40
-#: 127cca0af1054bf08a8ce05d1c55d539
+#: c4659885674a4b848e904b352c94b89c
 msgid "SSO"
 msgstr ""
 
 #: ../index.rst:44
-#: f4b6d7b278ba480da9d7c964849ba988
+#: 3dabf6a8010d4aff943f07dbf6fe52aa
 msgid "OpenID Connect identity provider"
 msgstr ""
 
 #: ../index.rst:46
-#: be1ff5f7d2ca468fa300f595696d9c10
+#: f7caa27d43354246a89db295901976cb
 msgid "Multi-database support"
 msgstr ""
 
 #: ../index.rst:50
-#: 92a7a7f6ee474890bf705bd67945dd9e
+#: 73b988c55cc241eeafe075a55fd037a0
 msgid "PostgreSQL, Mariadb and OpenLDAP first-class citizenship"
 msgstr ""
 
 #: ../index.rst:52
-#: b1569cdc9eef44d68ed3b52496ef75b3
+#: 9caead4464284ccca1a59bff67fbec2d
 msgid "Customization"
 msgstr ""
 
 #: ../index.rst:56
-#: 68415646dbfa4be79d953583749246fe
+#: e2604712b57b4583b53181a9fefcda0e
 msgid "Put Canaille at yours colors by choosing a logo or use a custom theme!"
 msgstr ""
 
 #: ../index.rst:58
-#: 2a6a4e752e494f65b7766a082624d1a4
+#: b168d0612c04400e8b259edb581dc6c7
 msgid "Developers friendliness"
 msgstr ""
 
 #: ../index.rst:62
-#: 42693164646349bcbe9f680b08cd904b
+#: 8b5f849ae22348f19d5d8feca1590032
 msgid "Canaille can easily fit in your unit tests suite or in your Continuous Integration."
 msgstr ""
 
 #: ../index.rst:66
-#: bc563a309b784f2cbc15399c3ad8f51c
+#: a4dbd4558bda425cab549061b5952854
 msgid ":doc:`Full feature list <features>` :doc:`Common use cases <usecases>`"
 msgstr ""
 
 #: ../references/commands.rst:4
-#: aebb427c91ed41da9c0b7ecdfcaf590a
+#: 574cb073f7584f8599a4cc129a337c4a
 msgid "Canaille provide several commands to help administrator manage their data."
 msgstr ""
 
 #: ../references/commands.rst:6
-#: b907889f6d0d4dabb1a963c60758fedf
+#: aa7436e81d0347aca49e76837769f92b
 msgid "Generally, some configuration has to be loaded by `Canaille`. This can be achieved by :ref:`configuration loading method<references/configuration:Load the configuration>` available, but most of the time a ``CONFIG`` environment variable is used. For the sake of readability, it is omitted in the following examples."
 msgstr ""
 
 #: ../../canaille check:1
-#: e48a730fe9c94efcb41a272f5478ed19
+#: d3880ac07b8641fbb96a657384193437
 msgid "Test the configuration file."
 msgstr ""
 
 #: ../../canaille check:1
-#: 41aae9c8d46743aba9e79f57c079d0c7
+#: 8edd9caa824f4c3aa3298a3e0b28a418
 msgid "Attempt to reach the database and the SMTP server with the provided credentials."
 msgstr ""
 
 #: ../../canaille clean:1
-#: e4dceb9281e14cf0adbd56154fffbc04
+#: 15fc7dadf416460fb034401cb2298ddc
 msgid "Remove expired tokens and authorization codes."
 msgstr ""
 
 #: ../../canaille install:1
-#: fade86f4801a403dab35e0e1cf5bb2a9
+#: f58f2f270c9642208409eab2a078aa10
 msgid "Installs canaille elements from the configuration."
 msgstr ""
 
 #: ../../canaille install:1
-#: 59f7082a6fc74329965dacbbd4b29d74
+#: ee828128d3684eaea85f63a4d8efb295
 msgid "For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas."
 msgstr ""
 
 #: ../../canaille populate:1
-#: 10dd1f2f8dfd4382ba79586e84d228b6
+#: df2355b792904bae8c2adfdc44e3abc1
 msgid "Populate the database with generated random data."
 msgstr ""
 
 #: ../references/commands.rst:0
-#: eef93c8f7efa4bcca26a9984edfec552
-#: ab621caa7a2c4d8fa849e7797625d3ba
-#: f8d114457ca741bf800ee8c4b3f942a1
-#: 6fbad5feee934277bdbbbd04f071fe34
-#: b61fa1c2360748b999a9aced4bd164ab
-#: 7c65f97affff43a2a78f72e6d2a8b2bf
-#: 20f752045a96446387d44095a57eca5c
-#: 14304e9889da477c8a93cf9b9dd6c1e5
-#: bb0e8261f2454b65aa180dd68ad176d8
-#: 16a6ff9805e447789f9cee87d357b936
-#: a7c4100a940e41fe9440ad6b0bbd28dd
-#: 296c95633a584e4e924f2f36676c1c2f
-#: e0d5e5ab4bf9456aa3c194dbb343ffd8
-#: 230b27138fe641e19ac2bda6f21d1507
-#: 682d03c24b1349d1be236737cf9c8478
-#: 0201087fa2f8445c9c291d4cc4ba3700
-#: a537cbb030a84e5b96ca899c18aaef63
-#: aa0eedc786284ae49d37dab255457175
-#: 1715de5f32c34e7cab8f1379549071f9
-#: f9c437d0c28c4079995fd7bc83ed2ec9
+#: 25c273b3659241e5a58c4ccfc4d1aa62
+#: 23e595a7ef3e40738c72964260d647d4
+#: b9df5380bb904ef3b2c158886514b1f4
+#: 810cab23bf5f4e0bbe5e403092b4739f
+#: 2b944a79e15441a28501202fb405ceec
+#: 337385bfcd154b46942fd5cc685e3c53
+#: 3c51398f5ef14fafac576c18c1938015
+#: f7857604a6af425d92b5f49a3a571724
+#: 50ab489bedfa413b941eaca1514e779e
+#: 817fa12a167549c2b2dcda5cf8aca990
+#: e144249ab1e4497a8e2b59433d28dd94
+#: 8e13e364d31643ebbcbea2ec3c48cebb
+#: 93521a77f0084af9b274926a73bb1866
+#: 979aef4626814c74bd3208394714d692
+#: 145d1e9e3fe74947b6695497c7f75b40
+#: 7e7e2edd89534686997d302f673e5005
+#: 2d123fd2ca8b46dbb63d2f8cd67b8a9b
+#: 658ca5556e9b484884784c60355dcaba
+#: ecc2c5a1d0ee4d75a8dabc1519c9b46f
+#: e9427573b4fd4fea8baa73d3dfd6c901
 msgid "Options"
 msgstr ""
 
 #: ../../canaille populate:1
-#: 94ba9e16305a484ea1415b3237723cf1
+#: 757aacf7045343ac87f0d6123fe1e181
 msgid "Number of items to create"
 msgstr ""
 
 #: ../../canaille populate groups:1
-#: 379afc690fa147acb76c519bccb010a6
+#: 0e4a01018e724dc6a6ca0b638d66852a
 msgid "Populate the database with generated random groups."
 msgstr ""
 
 #: ../../canaille populate groups:1
-#: da4cf29b95b846119a772e8d9f73f96b
+#: b8f050417d3e4d5cb1abef74d5b23fef
 msgid "The maximum number of users that will randomly be affected in the group"
 msgstr ""
 
 #: ../../canaille populate users:1
-#: b87d2b5df82a46e0a11fccb84a997ab9
+#: 27cbff2cac6c4d0ba3a881e593e6d298
 msgid "Populate the database with generated random users."
 msgstr ""
 
 #: ../../canaille get:1
-#: ce45ebf26cf149d3b0fd406e1ed2b5a9
+#: a991a3b616044f2c932b1b5781575930
 msgid "Read information about models."
 msgstr ""
 
 #: ../../canaille get:1
-#: 00dbea345e914dafb4a736214b895b1c
+#: ff29fb8d5ce14bc291589af023d25348
 msgid "Options can be used to filter models::"
 msgstr ""
 
 #: ../../canaille get:1
-#: 43207b9c3af4494e9714cbf6ff2c473d
+#: ebb9a30bb4ad418b937898f33eb3154d
 msgid "Displays the matching models in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille get authorizationcode:1
-#: 8f0d2152f80d49e8be0e904a850cacdd
+#: 3b7cec01bf904fbd95a74ecc629450d4
 msgid "Search for authorizationcodes and display the matching models as JSON."
 msgstr ""
 
 #: ../../canaille get client:1
-#: bef20cbd666c49ff993234428725ddd3
+#: 04713bc174844fbc90ffcd66309a32d7
 msgid "Search for clients and display the matching models as JSON."
 msgstr ""
 
 #: ../../canaille get consent:1
-#: 173ac74323844b969fdb2ce7bb9632c7
+#: 3d85785b1e954ca48fb3600e102060dc
 msgid "Search for consents and display the matching models as JSON."
 msgstr ""
 
 #: ../../canaille get group:1
-#: 8cc4308278af4625bc3d625a22ea5aa3
+#: a7f5ed4db7ca4b6e990d3008e3df40dd
 msgid "Search for groups and display the matching models as JSON."
 msgstr ""
 
 #: ../../canaille get token:1
-#: 5307294d0c7a49d6ad21d0d505f11aab
+#: f28ab88c832f4310ba8fce02409a0471
 msgid "Search for tokens and display the matching models as JSON."
 msgstr ""
 
 #: ../../canaille get user:1
-#: db01fd1777f4431793d3885c834b7680
+#: 243977ad7e504fedbd9646f89f934592
 msgid "Search for users and display the matching models as JSON."
 msgstr ""
 
 #: ../../canaille set:1
-#: cec2b45a156b461faacc323380171e6f
+#: f1db85f49bf44d11a4bb25bef94995c7
 msgid "Update models."
 msgstr ""
 
 #: ../../canaille set:1
-#: e5fc377719b04495a57faa42a87be86a
+#: 81f6f6bde2db46419feea67dae446a01
 msgid "The command takes an model ID and edit one or several attributes::"
 msgstr ""
 
 #: ../../canaille set:1
-#: 4e8bb50216e741f0bb44ecc365265370
+#: 2605d2f99fff4a3685e4acb6c7d08749
 msgid "Displays the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille set authorizationcode:1
-#: 03d1eebac72e42b58b3aef5a429dee1b
+#: 0e3e63095aaa4d10827812a9df412418
 msgid "Update a authorizationcode and display the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete authorizationcode:1
 #: ../../canaille set authorizationcode:1
-#: ddbdb0447cd34e59b5e1c6f9f852c619
-#: 4abf794613df4e5c8472ce2a6e7dc989
+#: 272d0df08f904f519632f9fd2fe65385
+#: 2f9f07b54e574b76b44a885d2edcee5f
 msgid "IDENTIFIER should be a authorizationcode id or authorization_code_id"
 msgstr ""
 
 #: ../references/commands.rst:0
-#: f2adfafce0754af79d2770a34dae5309
-#: 283f0c7412de4a97bb4e7954f008ff3e
-#: 46a35e9dcc73463db8ff772da3638b31
-#: fae552d2703d4a2186332c0847506798
-#: 4fafb5c0151f445c9c573b6472b4d0f5
-#: 3115c2cba5f04f9094165896feac1cc9
-#: e3c459094f734f6382847753305e76aa
-#: 4e8a2cd6e1224733b644484774cf0621
-#: 6f97567dcca64c4a92c0b869a6ce337d
-#: fea5ce77581940eabec5498e9347643b
-#: 7b57a6d1d40d40eaa51b6bba807602b5
-#: 0c5b1219cf2c4d97bc0cf7717c7b4ef3
-#: db2adb3cef774a07b40893884737f7d0
+#: 68201cc09cab43ae872191c5e1e0de51
+#: 797f38593b54447e9abe286cd709857c
+#: 5f7b7a34cec54b7bb8813914c7b1da9e
+#: e2da0bdb8e364ad4ac3fa9a24108e9c9
+#: 7a653436ae5244b3915e22f7b337b441
+#: 83d05fec78e043fcbf55d763d9664075
+#: 314878b93dce45baac9f4ab7248087c2
+#: 59d47562162a44fcb07558824e722d39
+#: 811906b3e60e4f96bb46272adf7a2702
+#: 9f85ada6864146db941a9b74f9dccdcc
+#: e15f98264ca3466aa879164b237471d4
+#: 23cb9085c4df46c5919811da9786751a
+#: 22f22ab9560046afbb4b9dec19f5e0c6
 msgid "Arguments"
 msgstr ""
 
@@ -3775,196 +3777,196 @@ msgstr ""
 #: ../../canaille set group:1
 #: ../../canaille set token:1
 #: ../../canaille set user:1
-#: c0f3d574bd3640aca180dbe7695f53e9
-#: 61c7448c4a41497a8b923a636124b2be
-#: e523b87636874d088f2ef6e7c2d8c79a
-#: 3e12bc882bce4c71928c127525ee8358
-#: ef0be6baac8a4a44bd4a317601ea2018
-#: f60f6b4edba24b98a79df93768b3041f
-#: c1192e9d2ddc429f911056db63d54e6c
-#: 4e3ae120210c4d62bfd1cc1d7c199f7a
-#: 3b9c5a9904f74f9e8308a21d4ee8da42
-#: a6ecc5cf2bb54dfe98d8553f7f49c5d6
-#: 6492e2a92bac400c990cc3182c8b1cb0
-#: ca2ec2ca915e40438b1b18eb27c46670
-#: b4375f9e9c624b5f8667c31b65446bcf
+#: cafe88a3ce2e428eac214691a4cceb5a
+#: 7b2ff0501238407193726c30d9eca3c9
+#: 0ba51222ad4a4533b4b41b1757a35c64
+#: ea0c5446d43d40c49f2b92c5b3541ce9
+#: 9ac86d8bfd664383a081e3c1ede9c96e
+#: cd7e04caa435456ca0cf597a4cf2b866
+#: 8d3a56d3d2d8434a96e06ee1db5c7f74
+#: ee33e52044104463b44bf754ebc2bfd3
+#: ec1ed557213c433f960f06a20c6305f0
+#: 79fcf662ca834cb9bad46e70395f5c0d
+#: a2446c9d8a43489f95b98774f9e95af2
+#: c84e4574c2934d05b8911fbf5ff07255
+#: bf9e0c9d41c44b8b8cdebcc4b7005f8f
 msgid "Required argument"
 msgstr ""
 
 #: ../../canaille set client:1
-#: f2b0a1421fdf46d684fbe616a1771b62
+#: 8fd29a2556aa4939a91f5dff64f750f9
 msgid "Update a client and display the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete client:1
 #: ../../canaille set client:1
-#: 04f98ee9b5254ad58f59cba6824a2ef0
-#: db9ef2c5ffc342fe858b000bc05fbcc8
+#: 1fe7624c6c204327b3dea4672369b25c
+#: a507a2cde7be4e01b653d88b1143bcc1
 msgid "IDENTIFIER should be a client id or client_id"
 msgstr ""
 
 #: ../../canaille set consent:1
-#: d8dbf4d59a0e4afcac26174972d6804c
+#: bc9887077625496493e99ffd14864f21
 msgid "Update a consent and display the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete consent:1
 #: ../../canaille set consent:1
-#: ecded87087fb4018854b4d14a277df8f
-#: bfebd623b59243cb8efe4178994c8209
+#: c40a621613bb4a57ae61d0bf635d4be1
+#: 36c566d3a8d64d98b3139d1d408e6e33
 msgid "IDENTIFIER should be a consent id or consent_id"
 msgstr ""
 
 #: ../../canaille set group:1
-#: 1f36d3e6d60343989097aac3e4424ed4
+#: 24bf72192e064a11ba8f4408dc6cd2f2
 msgid "Update a group and display the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete group:1
 #: ../../canaille set group:1
-#: 772ff82f2ff54593b9ef8dc8e0af8d4f
-#: f5e84ce4a1dc4bcdbf5a660209e2d7d9
+#: f9bb7a0e3cb74e87bd9647b1d854d4c5
+#: 2b44dcf76741473980e37c9fb1f972c9
 msgid "IDENTIFIER should be a group id or display_name"
 msgstr ""
 
 #: ../../canaille set token:1
-#: 6534c48546d94e76a03c8ea1521c5cd4
+#: ed64c8271e11430f829f537ac1c9fb03
 msgid "Update a token and display the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete token:1
 #: ../../canaille set token:1
-#: edecbc4f0f9946c48834bf53a5fbf0f8
-#: 3dacc05a5d1240ea812eb792ed737810
+#: 5872d15912fa4904bc7429f1e6c4e4e5
+#: 2e473a0a6bc4446eb92d334a50bad9e0
 msgid "IDENTIFIER should be a token id or token_id"
 msgstr ""
 
 #: ../../canaille set user:1
-#: da1f8e5fba5f40ad8f20a017e886aa02
+#: 6db0783b2700470888b19c5bc6144406
 msgid "Update a user and display the edited model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete user:1
 #: ../../canaille reset-otp:1
 #: ../../canaille set user:1
-#: bf3b446f2eda4b26a9ef702f4c6dd0b9
-#: 881aab67b4fb4777a160e9affc77be0c
-#: 16e4d79ff89a42ea92ea157e3c46c583
+#: e98462e8df9b4465af9a63c0bbf21546
+#: d7cebb3763ed4824afd5b69c0a82f605
+#: df12574865ac496e81bfdf5c8218cba0
 msgid "IDENTIFIER should be a user id or user_name"
 msgstr ""
 
 #: ../../canaille create:1
-#: 563f23f330bc43ed951ca8812fa0c2fc
+#: 3f6211fedcff4c49a1a05bb0d923b452
 msgid "Create models."
 msgstr ""
 
 #: ../../canaille create:1
-#: 9d4c06295f304ac093848a3de8b716bb
+#: dabf2e993c7e4f4e958ecf36a3a64cfa
 msgid "The model attributes can be passed as command options::"
 msgstr ""
 
 #: ../../canaille create:1
-#: 63735ef4eb924ae1ab2a244a018dc3be
+#: 88fc347eb7814471b13dc9a6b562dd75
 msgid "Displays the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille create authorizationcode:1
-#: a96e7d0b6bed4a7bb8e0257b08600be1
+#: 428bc4494e3f4f6d875f2a701295e030
 msgid "Create a new authorizationcode and display the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille create client:1
-#: 41428e12aeae44479602c0f92a840d2c
+#: 4f234a94637b44698b95c220d5c3d59e
 msgid "Create a new client and display the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille create consent:1
-#: 994455a2e844478bbffe389520751a33
+#: 741d27c2f5fb448da39ad4955e77518e
 msgid "Create a new consent and display the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille create group:1
-#: c3b6e110307b45c4b7e8ce07a66a4cf9
+#: 973102f969a0499692c7a2416dd0f469
 msgid "Create a new group and display the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille create token:1
-#: 3774f3cf8635474fb6ba63ac1b57aa1b
+#: 4f44ca45c9f8454b950534b228e8ef12
 msgid "Create a new token and display the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille create user:1
-#: ae4b9357629c41f2bd3443048f12f734
+#: 35ce000da38042699e6154f107a3e814
 msgid "Create a new user and display the created model in JSON format in the standard output."
 msgstr ""
 
 #: ../../canaille delete:1
-#: 416fbf5d468742f6af7aa3afe222389c
+#: fd758e22b29a4fd4b7f1c92876768518
 msgid "Delete models."
 msgstr ""
 
 #: ../../canaille delete:1
-#: 05ea570bc20b42c9943f9073f58c19f9
+#: 42450f0ac5674556be84bcf4cc34c98f
 msgid "The command takes a model ID and deletes it::"
 msgstr ""
 
 #: ../../canaille delete authorizationcode:1
-#: e73a91f3f9d347d082621014cb60fd7f
+#: 4607eae8cf4c40a3a37bef887f2254a1
 msgid "Delete a authorizationcode."
 msgstr ""
 
 #: ../../canaille delete client:1
-#: d376d0088bff46ca817210c0ae84ccec
+#: 01b65f6e61a848c490034606d1d00095
 msgid "Delete a client."
 msgstr ""
 
 #: ../../canaille delete consent:1
-#: 2cd2f844ba974bbaa3c2a84cd7fa1a68
+#: b1dfdb33eba94dc2a71f9172cff74acb
 msgid "Delete a consent."
 msgstr ""
 
 #: ../../canaille delete group:1
-#: bf80244164a54ae887b7caadf7914dc1
+#: 6c79a439e1f54f4f81194cc8d6fc5944
 msgid "Delete a group."
 msgstr ""
 
 #: ../../canaille delete token:1
-#: 3bf34916fadf48139dbcf439545c4276
+#: 1fb9fa8740c442ff82297d480fbba5ca
 msgid "Delete a token."
 msgstr ""
 
 #: ../../canaille delete user:1
-#: 22a78b7140094b6ebe34988f5b37fec3
+#: b0298caa666647268cd204cbd1cccd4d
 msgid "Delete a user."
 msgstr ""
 
 #: ../../canaille reset-otp:1
-#: 7c6ec1734fad47e29b224fb85e9a66f3
+#: 541bd186f2b6471d823d13677e2477bb
 msgid "Reset one-time password authentication for a user and display the edited user in JSON format in the standard output."
 msgstr ""
 
 #: ../references/configuration.rst:2
-#: e23c84272ce74d1d87f815825cb4a488
+#: 6c3d1ad364a84afb9586b1b62e42dedb
 msgid "Configuration"
 msgstr ""
 
 #: ../references/configuration.rst:5
-#: 90eeb71ed1294fd7bc6bf7f8c8ed5c8c
+#: fca2326d4bf84702b7d8d0f5d3a65f20
 msgid "Load the configuration"
 msgstr ""
 
 #: ../references/configuration.rst:7
-#: f2621ade958b4ffb9815fa8322ca64e5
+#: 51e2253170d4489ab9598217182b6f1d
 msgid "Canaille can be configured either by a environment variables, environment file, or by a configuration file."
 msgstr ""
 
 #: ../references/configuration.rst:10
-#: 37d9f514da104c6aa15bf83cb6303487
+#: 1560e71d7b2d42aa8ec0accc06131b3d
 msgid "Configuration file"
 msgstr ""
 
 #: ../references/configuration.rst:12
-#: 88467c2beaea43a19228f85c1f398494
+#: 0fc2b0bc764345caba3f9402376e279a
 msgid "The configuration can be written in `toml` configuration file which path is passed in the :envvar:`CONFIG` environment variable."
 msgstr ""
 
@@ -3974,167 +3976,167 @@ msgstr ""
 #: ../tutorial/databases.rst:23
 #: ../tutorial/databases.rst:37
 #: ../tutorial/databases.rst:138
-#: 1b8aaa7b767b49eb9a81d6663fb6c1e8
-#: bb4c8f23d29248f5abfd0d96af2d80bf
-#: ee90ce99e8a4449fbb7cb28d559147b5
-#: 84cfcdaa79ef439cb013e00e3c4cd792
-#: cb517d061c4a4d16ae4a868999611801
-#: 3fc7e3d6f94f47579174c1ebcb598f6a
+#: 3626de52eeca4eecbda8f1d47354a80c
+#: f59eab2f20b542f1af3ae7e6e4856266
+#: f59eab2f20b542f1af3ae7e6e4856266
+#: c1e56e5ab5ba40228c68cd9eb470348d
+#: 8acf4c15626e4f6897aa81c2e5e8ef42
+#: 830059290ddc4cf1b2249c45fc303b98
 msgid "config.toml"
 msgstr ""
 
 #: ../references/configuration.rst:26
-#: 4f4e3b14ad79434b93659ff0d99e92d5
+#: 4b63b3891e1c45788780ea1af554d1db
 msgid "You can have a look at the :ref:`example file <references/configuration:Example file>` for inspiration."
 msgstr ""
 
 #: ../references/configuration.rst:29
-#: 52e72a243eda4c6d8c20601ec11d21ea
+#: 8cbac0cd9e3e4bc3ad5fc60d82180568
 msgid "Environment variables"
 msgstr ""
 
 #: ../references/configuration.rst:31
-#: 5a5db358ab214e86b11ce341a71a4abb
+#: b909831b5aed44a4b439b37701feabb7
 msgid "In addition, parameters that have not been set in the configuration file can be read from environment variables. The way environment variables are parsed can be read from the `pydantic-settings documentation <https://docs.pydantic.dev/latest/concepts/pydantic_settings/#parsing-environment-variable-values>`_."
 msgstr ""
 
 #: ../references/configuration.rst:36
-#: 9c85a8e682a74e9d9d8c3aa79e2d02ba
+#: fd22a354c18f4733b8b1962cfcbe2139
 msgid "For environment vars, the separator between sections and variables is a double underscore: ``__``. For instance, the ``NAME`` var in the ``CANAILLE`` section shown above is ``CANAILLE__NAME``."
 msgstr ""
 
 #: ../references/configuration.rst:40
-#: 26c9129f81c54386966cffd31c323f14
+#: f12f0cbb606e4627be2fa3b2a895f162
 msgid "Environment file"
 msgstr ""
 
 #: ../references/configuration.rst:42
-#: 54056c93ac3b40e882bf20789d72fded
+#: 434c11ee0d6a4a118f9b8802d407d447
 msgid "Any environment variable can also be written in an environment file, which path should be passed in the ``ENV_FILE`` environment variable. For instance, set ``ENV_FILE=.env`` to load a ``.env`` file."
 msgstr ""
 
 #: ../references/configuration.rst:45
-#: ba796d7f6bdb4ef5a32865f844ead63e
+#: 83d91b20c3204d09b61a4a6de8c84769
 msgid ".env"
 msgstr ""
 
 #: ../references/configuration.rst:63
-#: 3c2136aab27c4650acf0d25ced3636e2
+#: 8fc48610072c4e248c494befe2a4c8f6
 msgid "Configuration methods priority"
 msgstr ""
 
 #: ../references/configuration.rst:65
-#: 6e85c7ec407f4fc68adff17adb6652b2
+#: d3fdde7c8d9841e49e92bcba763e33d8
 msgid "If a same configuration option is defined by different ways, here is how Canaille will choose which one to use:"
 msgstr ""
 
 #: ../references/configuration.rst:67
-#: 8857be48d8f54be7aa8d350d5346887a
+#: b79bfecad485446b85a8866657222448
 msgid "environment vars have priority over the environment file and the configuration file;"
 msgstr ""
 
 #: ../references/configuration.rst:68
-#: d946c715e1c34f55acfe97acc96cab68
+#: 63800f5a14d44e1fa3ed0266e19f5482
 msgid "environment file will have priority over the configuration file."
 msgstr ""
 
 #: ../references/configuration.rst:71
-#: 369d25ff21b042fbabf703be7b66e138
+#: e8e7a0f78d68479a9586036adf25e183
 msgid "Parameters"
 msgstr ""
 
 #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:1
-#: 2226ecd0f90440d58a4089df736be757
+#: ba32908d458e4689a5d90a46b386fdf3
 msgid "The top-level namespace contains the configuration settings unrelated to Canaille."
 msgstr ""
 
 #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:4
-#: f53fd6edbc9148c781006d112688f022
+#: fffc30ea67ab47d99472750172be2a29
 msgid "The configuration parameters from the following libraries can be used:"
 msgstr ""
 
 #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:6
-#: 0a1ba7d3d9d24c598640a87301549190
+#: ae9ceb139bfc47f8b383dec852b507c2
 msgid ":doc:`Flask <flask:config>`"
 msgstr ""
 
 #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:7
-#: 6288bee773454f6fb13d7c3c43c0acfe
+#: 3d01d0dc9cdc47e59420f5b121370277
 msgid ":doc:`Flask-WTF <flask-wtf:config>`"
 msgstr ""
 
 #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:8
-#: 8dc449c88676405aa689c232c0c17eaa
+#: d573a04c56154eaf857d49c057690bfd
 msgid ":doc:`Flask-Babel <flask-babel:index>`"
 msgstr ""
 
 #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:9
-#: f0f21a8b4661490ea85203669e05fe2a
+#: 552391e3f12c4385abb3e1a2e3929cfa
 msgid ":doc:`Authlib <authlib:flask/2/authorization-server>`"
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:1
-#: aee2c3dead184d3ab7655e0df3b9f66c
+#: 4309008dba2c4aa79584299f19987ac4
 msgid "The Flask :external:py:data:`DEBUG` configuration setting."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:3
-#: da1c3a1146284b0597c12fab8ac713a9
+#: f8cb9ba68ed14b818c2fb2bcfbffb16a
 msgid "This enables debug options."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:7
-#: 22813fdeb3ad46729bf6d91f1a6a799b
+#: 553b378e895a4b74aa242c08cd29450f
 msgid "This is useful for development but should be absolutely avoided in production environments."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:1
-#: 8d9650f0f1c34ab7b888fce27cfcc459
+#: cb2cc7437e4a4d3c90895c4148186b25
 msgid "The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration setting."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:4
-#: 33538d7dda284e2da14720d9ecf5b81f
+#: 530f78ce6f4842c983c10b38fe4c4b93
 msgid "This sets the url scheme by which canaille will be served."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:1
-#: ca299cb1b21a4aff913e478725dee516
+#: 42e179fea274407eb26dd67e4a6d14a5
 msgid "The Flask :external:py:data:`SECRET_KEY` configuration setting."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:3
-#: e0e842ea56e7409da386c9fa3b44f45f
+#: b16e239dce5c4f199a2fba1707c82d1a
 msgid "You MUST change this."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:1
-#: 8aaa9ab83eb245a996e82b25f47a18be
+#: 0f0f60195f334cf597f67857740b2ace
 msgid "The Flask :external:py:data:`SERVER_NAME` configuration setting."
 msgstr ""
 
 #: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:3
-#: a7a33ff93b6d471e9395fffab55b8497
+#: 39edb89e79af4a10a154a5c42d51e86e
 msgid "This sets domain name on which canaille will be served."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:1
-#: 49b29a899f644466acba509b0b3e9f00
+#: d831c1b108eb4e96bb11a6ddc92ed45e
 msgid "The settings from the ``CANAILLE`` namespace."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:3
-#: 63104b7fc45e4ef39f55f96c7a093f33
+#: a51801e81d914eb3bfe1fa4e649133c1
 msgid "Those are all the configuration parameters that controls the behavior of Canaille."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:1
-#: 1c134db317ea498d8b595a7a3b2f610e
+#: 89de24471b434051a4a84e39bc47aded
 msgid "Mapping of permission groups. See :class:`ACLSettings` for more details."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:3
-#: c2f72f20b39c4706b4e5ba01db79eb2c
+#: 1f85af06bed64d9da4417c6e6f7e244e
 msgid "The ACL name can be freely chosen. For example:"
 msgstr ""
 
@@ -4142,731 +4144,731 @@ msgstr ""
 #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:6
 #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:5
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:12
-#: 7f4c9bc691c14d29b0465e0af9e49012
-#: 7e37e8d6e156472e9a7a39fac9d88ff2
-#: f9cab605f9cd4a48ace060c109339896
-#: d723924be3cf4f0bbfc5f4f454c9fd17
+#: 56ce67b55d3b4d8eba9a07b4feed2587
+#: d9b0f4816c2644679233ec3b797c2fc4
+#: d9b0f4816c2644679233ec3b797c2fc4
+#: d9b0f4816c2644679233ec3b797c2fc4
 msgid "..code-block:: toml"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:7
-#: c5d39ea293234d4aa11c0494ddc011b6
+#: dc73b62baf4f465598787ebb33191c7b
 msgid "[CANAILLE.ACL.DEFAULT] PERMISSIONS = [\"edit_self\", \"use_oidc\"] READ = [\"user_name\", \"groups\"] WRITE = [\"given_name\", \"family_name\"]"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:12
-#: 27f179210a5a4bae899d38bc6d1963c0
+#: 56d15bcfdbcc4556a3848702228b970f
 msgid "[CANAILLE.ACL.ADMIN] WRITE = [\"user_name\", \"groups\"]"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:1
-#: da428b02fcc6465ca83593370a8c52c1
+#: e07c109febe5434e95b532da3dadf454
 msgid "Administration email contact."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:3
-#: 80265b26992742b4a55529bb9514ef19
+#: 7a5e93e36d434fcb96b85beea8f1adc6
 msgid "In certain special cases (example : questioning about password corruption), it is necessary to provide an administration contact email."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:1
-#: aae582f58bfa47f2a6f5b32a1b5c3ead
+#: 478effaaf0da47a1a31b996b06b8c650
 msgid "If :py:data:`True`, users will need to click on a confirmation link sent by email when they want to add a new email."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:4
-#: 35bd824b2f8d4040898ed4dbdb7e599d
+#: b82dc4dc6818409eb5fa256462c4ac19
 msgid "By default, this is true if ``SMTP`` is configured, else this is false. If explicitly set to true and ``SMTP`` is disabled, the email field will be read-only."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_OTP:1
-#: 15d696ce895d4517964f6a9fe0269d30
+#: 8e19d8a485fe456191ab16773f84483e
 msgid "If :py:data:`True`, then users will need to authenticate themselves via a one-time password sent to their primary email address."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK:1
-#: 2bb9ee1a4a1f4c3dac7cd54259173873
+#: cb4478169a09415a9f17e3df16239ecd
 msgid "If :py:data:`True`, Canaille will check if passwords appears in compromission databases such as `HIBP <https://haveibeenpwned.com>`_ when users choose a new one."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY:1
-#: 9b83a2bb7e5a45358efb53447ed21cda
+#: b70cf94037df4bd1ae8a74acc370b3a5
 msgid "If :py:data:`False`, then users cannot ask for a password recovery link by email."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:1
-#: ad8746125fae4336a86e7a5a47949ea4
+#: 6ee78ec59c21456e8761778153d4f700
 msgid "If :py:data:`True`, then users can freely create an account at this instance."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:4
-#: 4519e48effe84001a82418bf3a2da190
+#: 979b9444b9c04354add2e781bd324752
 msgid "If email verification is available, users must confirm their email before the account is created."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:1
-#: ad1dce6bc9dd49608f1556cebf0f44fe
+#: 8931d55b0c264be0982765f04f83ae38
 msgid "You favicon."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:3
-#: 36086dc79c1b485fa6594ef442028011
+#: 7991e0eec12c457dad401f49b34ad835
 msgid "If unset and :attr:`LOGO` is set, then the logo will be used."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:1
-#: 15d696ce895d4517964f6a9fe0269d30
+#: 8e19d8a485fe456191ab16773f84483e
 msgid "If :py:data:`True`, when users try to sign in with an invalid login, a message is shown indicating that the password is wrong, but does not give a clue whether the login exists or not."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:5
-#: 8203d7591b394141b0beec099e5a0c8d
+#: dffe6e218f4f48e981ac5a9fa9a21e37
 msgid "If :py:data:`False`, when a user tries to sign in with an invalid login, a message is shown indicating that the login does not exist."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.HTMX:1
-#: fca447a64b184732b6664c3c20ade0ce
+#: b200882d189b46f3a83f217ff8b59551
 msgid "Accelerates webpages loading with asynchronous requests."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:1
-#: c3295518c8ce46359cb5fc8012267002
+#: 2dc15bd9ea8a4386b7202dbdbab5de36
 msgid "The validity duration of registration invitations, in seconds."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:3
-#: cca98367f271454987d915c9da1deecc
+#: c6aaae8719c34838aec54b8fea2d5101
 msgid "Defaults to 2 days."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.JAVASCRIPT:1
-#: f10d5dbbd4054185b5caff2aa7b4602c
+#: 70d5c7fa2dfa4e6695c84f2b4ab547c9
 msgid "Enables Javascript to smooth the user experience."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:1
-#: caa7570c19d343d8a5350b38ab890a08
+#: 1e1cda3ec4c04a4aaeb2069ccc8f376f
 msgid "If a language code is set, it will be used for every user."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:3
-#: 2f02910686974fa68a6b3af15a9e1c42
+#: 6818acfcf652444db48e1c61878b6bb6
 msgid "If unset, the language is guessed according to the users browser."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:1
-#: aad50a21706943fda6f1cde1c79762fb
+#: 63800f5a14d44e1fa3ed0266e19f5482
 msgid "Configures the logging output using the python logging configuration format:"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:3
-#: 75bb9ce97f514d3eb50ed11a5fcaf986
+#: 62d20006362a45ca8ff0f0a8fbb82bf4
 msgid "If :data:`None`, everything is logged in the standard error output. The log level is :data:`~logging.DEBUG` if the :attr:`~canaille.app.configuration.RootSettings.DEBUG` setting is :py:data:`True`, else this is :py:data:`~logging.INFO`."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:6
-#: a8552f90740e4287bd06aab66b4dc85d
+#: 44c6ded187ab4e44aac024c2cdb85303
 msgid "If this is a :class:`dict`, it is passed to :func:`logging.config.dictConfig`:"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:7
-#: 1987a5781d6e42af97e3df073b29599b
+#: 6e269ac8b9144e9699a5856c375d7a37
 msgid "If this is a :class:`str`, it is expected to be a file path that will be passed to :func:`logging.config.fileConfig`."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:4
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:10
-#: edd8ec5aad1047688bbbc5613d9896f5
-#: edd8ec5aad1047688bbbc5613d9896f5
+#: ba8b9d6794e2459492abfa778736328a
+#: ba8b9d6794e2459492abfa778736328a
 msgid "For example:"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:14
-#: 397db3f41bce4260b537ae55755badaf
+#: 2eedaa2fba4545698dfd11007a2e0c9c
 msgid "[CANAILLE.LOGGING] version = 1 formatters.default.format = \"[%(asctime)s] %(levelname)s in %(module)s: %(message)s\" root = {level = \"INFO\", handlers = [\"canaille\"]}"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:19
-#: 623ab6abfdc84ec38448df94e0562f97
+#: 4b44c1c288c3433fb0edba70dd9c1343
 msgid "[CANAILLE.LOGGING.handlers.canaille] class = \"logging.handlers.WatchedFileHandler\" filename = \"/var/log/canaille.log\" formatter = \"default\""
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGO:1
-#: 40c46d3aa7bb4e81a857540a99eb3df9
+#: 851b93aeb7b54426872a6b4a2ed973b9
 msgid "The logo of your organization, this is useful to make your organization recognizable on login screens."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:1
-#: 04c3b3e362a74164bd49cbedad027ea8
+#: 88cd67b65c954dc7a261df77d1823cda
 msgid "User password maximum length."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:3
-#: a40eddffe3bc4c46ac7624a5f7d40c8f
+#: 435e72d3f33642da9016c521a88f15e6
 msgid "There is a technical of 4096 characters with the SQL backend. If the value is 0, :data:`None`, or greater than 4096, then 4096 will be retained."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:1
-#: 129e3bbcdb1c40bbb45933fe156f00b1
+#: b15846ed6b2a4ad49bbb19cde177023a
 msgid "User password minimum length."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:3
-#: 1f84fb34d6234361b2c215fda0d8a6d9
+#: 820670101aa7436eb014aa61e1c1a7eb
 msgid "If 0 or :data:`None`, password won't have a minimum length."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.NAME:1
-#: befe22deda144065bcee73d9d0404dea
+#: a41944f564f5438fb8572449b5d13995
 msgid "Your organization name."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.NAME:3
-#: 0a659d2aa1994859a59506e97a715ea7
+#: d61df1326c344b45b6d1c7b24e12b207
 msgid "Used for display purpose."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.OTP_METHOD:1
-#: c0ade835e0164d5e9dcb405ff53f299e
+#: 622f83bdd580459cad5b3b328fb2de3b
 msgid "If OTP_METHOD is defined, then users will need to authenticate themselves using a one-time password (OTP) via an authenticator app. If set to :py:data:`TOTP`, the application will use time one-time passwords, If set to :py:data:`HOTP`, the application will use HMAC-based one-time passwords."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL:1
-#: 6ab659ea03d349d88fef1b5cdc9da5f8
+#: 4501d236ecc142e2ad045599ee19ac19
 msgid "Have i been pwned api url for compromission checks."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:1
-#: 42626c8f0fa24a3fbfc131099bae6302
+#: 0b234cbe21824f31b27a3b3c893fd37b
 msgid "A `Sentry <https://sentry.io>`_ DSN to collect the exceptions."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:3
-#: b29a9995f9b04c71a953d7ea902bd1f5
+#: 2eab9799f4c0478aa5479f62e826b170
 msgid "This is useful for tracking errors in test and production environments."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SMPP:1
-#: 78b26880da2746c583f686747b26f179
+#: 79d66e38b7d94974a21563fac9a58149
 msgid "The settings related to SMPP configuration."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SMPP:3
-#: 24787179b702424697f1fe11214d1f9c
+#: 41d396512e7d40b28223841b21f8ed09
 msgid "If unset, sms-related features like sms one-time passwords won't be enabled."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SMS_OTP:1
-#: 15d696ce895d4517964f6a9fe0269d30
+#: 8e19d8a485fe456191ab16773f84483e
 msgid "If :py:data:`True`, then users will need to authenticate themselves via a one-time password sent to their primary phone number."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:1
-#: 78b26880da2746c583f686747b26f179
+#: 79d66e38b7d94974a21563fac9a58149
 msgid "The settings related to SMTP and mail configuration."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:3
-#: 24787179b702424697f1fe11214d1f9c
+#: 41d396512e7d40b28223841b21f8ed09
 msgid "If unset, mail-related features like password recovery won't be enabled."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.THEME:1
-#: 65f9f8cf44c347b9b18a9bd8e3624c6b
+#: e327a089ace6495285f29ade69226d1b
 msgid "The name of a theme in the 'theme' directory, or a path to a theme."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.THEME:3
-#: a930cadcbbaf40e59f78c34a6fea099e
+#: 641146b41ecc461d9fa7280687a462d9
 msgid "Defaults to ``default``. Theming is done with `flask-themer <https://github.com/tktech/flask-themer>`_."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:1
-#: 60a19e875a924f2ca2f466cc2a3de293
+#: 421c3427b77b4cc4af9619406463c1c2
 msgid "The timezone in which datetimes will be displayed to the users (e.g. ``CEST``)."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:4
-#: 3674c492480c4bc8877913002b54efa1
+#: d8d80524578e4697a5bb9f7e83c7d113
 msgid "If unset, the server timezone will be used."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:1
-#: 0513a51a39d44f719e5bf3b7abfe7224
+#: 2f0178f9dbe747c695273f89e42da8c2
 msgid "The SMTP configuration. Belong in the ``CANAILLE.SMTP`` namespace. If unset, mail related features will be disabled, such as mail verification or password recovery emails."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:5
-#: 2b30db6216b44d98973d7401cd778e03
+#: 598e1ca109154455ad98b50d8853891d
 msgid "By default, Canaille will try to send mails from localhost without authentication."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:1
-#: 60a234eca526445b86c8669fbfda12c5
+#: 8ab9425f8a6b42dc9097b69e3eaa334a
 msgid "The sender for Canaille mails."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:3
-#: 0ed3035ba98243e3814d51329ceac05f
+#: f8f5f1377e5147d4baf9782ff95b4aa3
 msgid "Some mail provider might require a valid sender address."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.HOST:1
-#: 734742323e1a40e482a2433adbed3cf9
+#: 9059b29ae44849efb180f3b2da128c19
 msgid "The SMTP host."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.LOGIN:1
-#: 6b56c482d9274a7d9b308055ce3d8b07
+#: 0bf8168dc84545cb810a8f25bbb4abf7
 msgid "The SMTP login."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.PASSWORD:1
-#: 8ca424cbdc7647a99400ae460510a183
+#: ec1b4f81894e45f5abcae80dfaee87a9
 msgid "The SMTP password."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.PORT:1
-#: f581660baf5a4637974640c3d253692f
+#: 514104bb8bcc4331b1e7fff12e550ba3
 msgid "The SMTP port."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.SSL:1
-#: 129075d9b7284662b50893663f3b3c74
+#: f4e65d7811cb43d5b7d86ec07af2576d
 msgid "Whether to use SSL to connect to the SMTP server."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMTPSettings.TLS:1
-#: b34e44fef5b24697bab696419b926d6d
+#: bd8dac0e38f14b6583d024fca1768b7d
 msgid "Whether to use TLS to connect to the SMTP server."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMPPSettings:1
-#: 0513a51a39d44f719e5bf3b7abfe7224
+#: 2f0178f9dbe747c695273f89e42da8c2
 msgid "The SMPP configuration. Belong in the ``CANAILLE.SMPP`` namespace. If not set, sms related features such as sms one-time passwords will be disabled."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMPPSettings.HOST:1
-#: 734742323e1a40e482a2433adbed3cf9
+#: 9059b29ae44849efb180f3b2da128c19
 msgid "The SMPP host."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMPPSettings.LOGIN:1
-#: 6b56c482d9274a7d9b308055ce3d8b07
+#: 0bf8168dc84545cb810a8f25bbb4abf7
 msgid "The SMPP login."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMPPSettings.PASSWORD:1
-#: 8ca424cbdc7647a99400ae460510a183
+#: ec1b4f81894e45f5abcae80dfaee87a9
 msgid "The SMPP password."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.SMPPSettings.PORT:1
-#: 0780176282814cd1ad4ceb1567e2f160
+#: 1c6040260eac4930a107d3f612c6ef6e
 msgid "The SMPP port. Use 8775 for SMPP over TLS (recommended)."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:1
-#: ddbf39ff35684a7c8be7dd8442348d9b
+#: 45f3089188214078ab06f2b1cff3b0e0
 msgid "Access Control List settings. Belong in the ``CANAILLE.ACL`` namespace."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:3
-#: fb2bf8e9b559475fa0da8a5a9a716d1b
+#: 733df203b313404eb417f40ed8708a2e
 msgid "You can define access controls that define what users can do on canaille. An access control consists in a :attr:`FILTER` to match users, a list of :attr:`PERMISSIONS` matched users will be able to perform, and fields users will be able to :attr:`READ` and :attr:`WRITE`. Users matching several filters will cumulate permissions."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:1
-#: 44a6412c07e74f10991a803bec3ffd5b
+#: a14933a4c7244138bb59a43c9d288955
 msgid ":attr:`FILTER` can be:"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:3
-#: a46c99d48a184f8f9cbbd60fd0113bd9
+#: d0f71dfab2ec47fca2184767e58eec59
 msgid ":py:data:`None`, in which case all the users will match this access control"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:4
-#: 3b80807a79704eb9b5c53f31319a334f
+#: e33849bb0c954228951cb18c56a9e70d
 msgid "a mapping where keys are user attributes name and the values those user attribute values. All the values must be matched for the user to be part of the access control."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:7
-#: 53ad291e288c490abd5b1e854132a0ef
+#: 2ed07fdd7da94cfd90167b2d1f4cb4eb
 msgid "a list of those mappings. If a user values match at least one mapping, then the user will be part of the access control"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:10
-#: eb01b4eb724941cab7f44d69c0627b1e
+#: 657a11f5921947b88bfc47cf8affbe00
 msgid "Here are some examples::"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:1
-#: 75a4d0c394fa4aebbb48d077e63aa0f0
+#: df95253032c647229909e34386b1e5cc
 msgid "A list of :class:`Permission` users in the access control will be able to manage."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:8
-#: 721eb691ae3e4151a5eaf811c2a1b01c
+#: 700fa74aeea44e9aa6dd204df7870e90
 msgid "PERMISSIONS = [\"manage_users\", \"manage_groups\", \"manage_oidc\", \"delete_account\", \"impersonate_users\"]"
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.READ:1
-#: d3e143b82c304e238a797124231f644f
+#: ab801708874c4b1bb937f62969614340
 msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to read."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.ACLSettings.WRITE:1
-#: cd5c4a6863b3455795388ea58d2f8ff1
+#: 384d296240314638a1f1b6b7719c6bb6
 msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to edit."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:1
-#: d0fc68105eb54d359eb01628902767b5
+#: f9eec27878c64e608b2783b5e89172ed
 msgid "The permissions that can be assigned to users."
 msgstr ""
 
 #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:3
-#: 8f3355f64e2c490ab0e8b4765dca8781
+#: 217cf0cc0b9b4a48a26abeaad488c131
 msgid "The permissions are intended to be used in :attr:`ACLSettings <canaille.core.configuration.ACLSettings.PERMISSIONS>`."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:1
-#: 500cfd5a09554ac0b3efb8801a314e38
+#: 370dec6e2b8049d0b7353b085340b102
 msgid "Allows users to delete their account."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:3
-#: cca431c321484569862b3a05616c7907
+#: f7be239942c94727a948d27c6c93408e
 msgid "If used with :attr:`~canaille.core.configuration.Permission.MANAGE_USERS`, users can delete any account."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.EDIT_SELF:1
-#: 6dc188b41f5440319e87c333aea28060
+#: 1f716bb0d0ec481ab5dff0a02f5c9e37
 msgid "Allows users to edit their own profile."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.IMPERSONATE_USERS:1
-#: 113e6c4d2b714be79d746c84a0bde30a
+#: c9018bb9aceb40bc9536cc03320c5bad
 msgid "Allows users to take the identity of another user."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.MANAGE_GROUPS:1
-#: 9531fd7773fe46f78f3da23f5d7e6f02
+#: 1072c369689f4922997715eb5337795a
 msgid "Allows group edition and creation."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.MANAGE_OIDC:1
-#: 6a14ecfbecc7402b90c1f984af552750
+#: 014b4028381e4f4d8dcc8dc8a5e3a26f
 msgid "Allows OpenID Connect client managements."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.MANAGE_USERS:1
-#: 7d115497bd7e4284b71cee12f6012e06
+#: ff39df8edc7143c7b23d22bb773b5198
 msgid "Allows other users management."
 msgstr ""
 
 #: ../../docstring of canaille.core.configuration.Permission.USE_OIDC:1
-#: 5e48261fd5c9437eb453e703f93703b5
+#: c7e27c4618a9460e8373c17f558f8d1e
 msgid "Allows OpenID Connect authentication."
 msgstr ""
 
 #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:1
-#: 63057e3d73a14c63bbe40bc95a0e4c84
+#: e2e226bd197b4d6f87291ee45a3004ef
 msgid "OpenID Connect settings."
 msgstr ""
 
 #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:3
-#: 035105e6e931419a8302feadec577ed6
+#: db9af81a48ac4b1a914370a2e47bf4e0
 msgid "Belong in the ``CANAILLE_OIDC`` namespace."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:1
-#: fba0c11bf0f648909450d12e1ceffdb9
+#: 092f0d4259994eb8b834b256a8f72453
 msgid "Whether a token is needed for the RFC7591 dynamical client registration."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:3
-#: f5ba930ce26f4588b539da7703aafd4d
+#: 506f1fcd0f424df4bdafd9a69307f645
 msgid "If :py:data:`True`, no token is needed to register a client. If :py:data:`False`, dynamical client registration needs a token defined in :attr:`DYNAMIC_CLIENT_REGISTRATION_TOKENS`."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_TOKENS:1
-#: 092b15419a354a5888a9f80ab6194696
+#: 30861c9a3a294daf8105dd5ac9007282
 msgid "A list of tokens that can be used for dynamic client registration."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.OIDCSettings.JWT:1
-#: 9cd2e236fdb14317b0ffed9a3d2608bb
+#: 04e054bb3d094e4ea8f23ab6fdec9bf6
 msgid "JSON Web Token settings."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:1
-#: fa7308da6bb547ae821995b6d7995ad1
+#: 95b1ee4fd0da4ec2b30beb3e25944cd9
 msgid "Force the nonce exchange during the authentication flows."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:3
-#: 0c8ebdd95ff84eca839a0b3e755815e8
+#: de680082bc4546a6883ff4826df0067b
 msgid "This adds security but may not be supported by all clients."
 msgstr ""
 
 #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:1
-#: 37bc9fb542044bd794610b97da9255f3
+#: 750fbe7d77954d87855e68d3199c81e7
 msgid "JSON Web Token settings. Belong in the ``CANAILLE_OIDC.JWT`` namespace."
 msgstr ""
 
 #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:3
-#: 13ef6c0a21924214b46130443a178a3b
+#: 03945dc4192c4f7abefbcd2b5c7c2bd9
 msgid "You can generate a RSA keypair with::"
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.ALG:1
-#: d2bc59d1182f47bea20962eb0acc5690
+#: d65a4aaf4cb64130ac59c97cddcffb0b
 msgid "The key algorithm."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.EXP:1
-#: f282a838950942ea9e15a209546aece5
+#: c0c460480db94b1a9ebceea06528d426
 msgid "The time the JWT will be valid, in seconds."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.ISS:1
-#: 8ad74727c039426d84a5df7154d85088
+#: 6501426215db4b27b7b5d217954ca6be
 msgid "The URI of the identity provider."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.KTY:1
-#: cc46bfa52a58479ebeeabc645f0efbee
+#: 3e338458e42e405fb025bfcfc53688f4
 msgid "The key type."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:1
-#: 521a0d91f9c54a45b362036aeabf476b
+#: 27a15f235d63447884175edd85e55cf4
 msgid "The private key."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:3
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:3
-#: 8f11d684881944cd8a2e7a7bcbb48c48
-#: 8f11d684881944cd8a2e7a7bcbb48c48
+#: 29d2c1b105e74d46b80db01b78954711
+#: 29d2c1b105e74d46b80db01b78954711
 msgid "If :py:data:`None` and debug mode is enabled, then an in-memory key will be used."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:1
-#: f0f19ad86cb94cc7b63447e2a6d6ef56
+#: e88605c89e4b47989186fd27e5aff172
 msgid "The public key."
 msgstr ""
 
 #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:1
-#: 1380be8739ba4fbab5425af1c0253066
+#: 235687b99f2c408aaf1c063061975f77
 msgid "Mapping between the user model and the JWT fields."
 msgstr ""
 
 #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:3
-#: 6f4c5c2cbd07499c972d2f1ab29ffa1e
+#: ebe87d5efdaa458b97451b5ab4fdeb3d
 msgid "Fields are evaluated with jinja. A ``user`` var is available."
 msgstr ""
 
 #: ../../canaille/scim/configuration.py:docstring of canaille.scim.configuration.SCIMSettings:1
-#: a52a23313e76499f8eb015c9a754c440
+#: e2e226bd197b4d6f87291ee45a3004ef
 msgid "SCIM settings."
 msgstr ""
 
 #: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:1
-#: 8a43c250075c4918b0ce4204fa803047
+#: b7ccdac0ebd14f47be2d77ea52bd75d7
 msgid "Settings related to the SQL backend."
 msgstr ""
 
 #: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:3
-#: 038af6ccc90c4711bf2630c27656a810
+#: 07e03b184cb54e0a92ca3a33033da5cd
 msgid "Belong in the ``CANAILLE_SQL`` namespace."
 msgstr ""
 
 #: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:1
-#: 1aacc345a8b74b12af594ae00bb018d6
+#: 4d1ff118c1a44a50a962e527d1a8e2a2
 msgid "The SQL server URI. For example:"
 msgstr ""
 
 #: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:6
-#: 677e3555144149ed9ca260747ac80af7
+#: 4bb9ca2e412a461caacf1a146582247f
 msgid "DATABASE_URI = \"postgresql://user:password@localhost/database_name\""
 msgstr ""
 
 #: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:1
-#: 3f3caf7b34464a66a3616e93568df5d0
+#: e656ae1d120e45109618f653d29d845e
 msgid "Settings related to the LDAP backend."
 msgstr ""
 
 #: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:3
-#: dfa0746894e344faa806b939a64e1bc4
+#: 9877879932a3406b87f9893f4a6bf8f3
 msgid "Belong in the ``CANAILLE_LDAP`` namespace."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_DN:1
-#: 6bfbb516f18341ccb29ba837eee1182e
+#: 96d852cc067c459cabfcc201a7271cf0
 msgid "The LDAP bind DN."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_PW:1
-#: 2f6f3c3c7b4946898c03f95709e8ada4
+#: 084f3814a8604375aed794d649845045
 msgid "The LDAP bind password."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:1
-#: 6d51a73361254d7b83fce929ae2b6b37
+#: 8f56c7d2bfb348afbcc36de24398dfac
 msgid "The LDAP node under which groups will be looked for and saved."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:3
-#: 59bb594131944870a7bdbffcec6cb47b
+#: 58cf9c9e87464b709e4e8508577fbd63
 msgid "For instance `\"ou=groups,dc=mydomain,dc=tld\"`."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_CLASS:1
-#: 6ef1fa2af1cb49d48dc49e16da349186
+#: 3b6a2121763e4302aa1780cb6d51d9d6
 msgid "The object class to use for creating new groups."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_NAME_ATTRIBUTE:1
-#: 6b02bb2acfa949848ac24822ba9e65a2
+#: 10d8bb8232bf4b30b6c631847ea70b2b
 msgid "The attribute to use to identify a group."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_RDN:1
-#: d4b05df5c7c44d4aa00e29be5efbe08b
+#: 688132cb0d4e4f27973a02406d50edaa
 msgid "The attribute to identify an object in the Group DN."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.ROOT_DN:1
-#: 1dfee889fb7348d39a4fd73315b92f0f
+#: 4428b1de4b664a55b077caa3969d6769
 msgid "The LDAP root DN."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.TIMEOUT:1
-#: bf016c8880b2441ebc1f7eb63c472e1f
+#: 5a175d6a66e445458ee6bc473d614a45
 msgid "The LDAP connection timeout."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.URI:1
-#: f2d63d56281a4ac9bf59a566fca49efb
+#: 3172b80b5b86434699f226a3b713c52f
 msgid "The LDAP server URI."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:1
-#: 2b9e8a84a0a741dba1b0eb8183d14a91
+#: 0e03c3262f504b79b84847041ee442e5
 msgid "The LDAP node under which users will be looked for and saved."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:3
-#: 7e3ac032d5bd418482f13ab7c81d1515
+#: e1d16301542b40929d9e65c9a949b303
 msgid "For instance `ou=users,dc=mydomain,dc=tld`."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_CLASS:1
-#: 5791e76405f94f38b07650cf43719cf8
+#: 92a1f8f8665848c9aaf4d5f9f1f3b6b7
 msgid "The object class to use for creating new users."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:1
-#: d5ccfe3b5d7e438389f98cad6718a9d0
+#: 228fcd64b4704fa0b4ea52ab85f48f08
 msgid "Filter to match users on sign in."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:3
-#: 737d190e512f480a9227e6fe72f96c26
+#: f61c66f7c0e94e67ae5a4ce5de0dc548
 msgid "For instance ``(|(uid={{ login }})(mail={{ login }}))``. Jinja syntax is supported and a ``login`` variable is available, containing the value passed in the login field."
 msgstr ""
 
 #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_RDN:1
-#: b7d504ef3c74424abeccc8ad35072d0f
+#: d49e7765b3d6440d9fdcb0ecb18c06c1
 msgid "The attribute to identify an object in the User DN."
 msgstr ""
 
 #: ../references/configuration.rst:92
-#: d0a193b9740940ceac9bbb0b609c7b38
+#: c4674c5a1b434e81944983c7ec2fb0f1
 msgid "Example file"
 msgstr ""
 
 #: ../references/configuration.rst:94
-#: 380ab48a596a497789c004a25fd645c8
+#: 87c3dcb2ef5a4f649ec0fa9005449a79
 msgid "Here is a configuration file example:"
 msgstr ""
 
 #: ../references/index.rst:2
-#: 7aedfd273422477bb60f319eb4c1eb09
+#: 51ac90bb647f41b69879253e3e7c475e
 msgid "References"
 msgstr ""
 
 #: ../references/models.rst:2
-#: 40ab2b878a534ca38780473aa8c0dd24
+#: bf9a972313e94c6aa0e72470dfc9677c
 msgid "Data models"
 msgstr ""
 
 #: ../references/models.rst:4
-#: fc86419b230d4b3ea107617213675e38
+#: 620f9112555349eba4cc5daecdb72217
 msgid "This reference details the data models used by Canaille. This is mostly useful for developers."
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1
-#: af7b8f2e8eae457f8451e659c3213675
-#: 0d1f4ecf6c974902b15375ec2f545d11
+#: b407db3f81d14e789f9f7f2e2bec7613
+#: b29fcc3a6bdc4ee582d1e14851e430b7
 msgid "Bases: :py:class:`object`"
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1
-#: 5c4d9070fe3a46a695c06ef143b7b3e0
+#: 664ca63468e648ddb0b2f2f957139ae9
 msgid "The backend model abstract class."
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:3
-#: 51d88470412841bdb28daefe752259c8
+#: e16c978524f44a57affe6f2e15fdb5e2
 msgid "It details all the methods and attributes that are expected to be implemented for every model and for every backend."
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1
-#: 91a5b49dc4f54e4ba3acea5e80114ad6
+#: 9f46b7e1801e4a57a346c598161cbdac
 msgid "The model abstract class."
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:3
-#: 05f702c2e3324742a9840c46621f02e7
+#: f4dad754b1d7448f842620b4f7b6069b
 msgid "It details all the common attributes shared by every models."
 msgstr ""
 
 #: ../../docstring of canaille.backends.models.Model.created:1
-#: 55c80d78a6514379b68db68d53d08628
+#: 8685782e932b476a8b6f80256ebca659
 msgid "The :class:`~datetime.datetime` that the resource was added to the service provider."
 msgstr ""
 
 #: ../../docstring of canaille.backends.models.Model.id:1
-#: 6c1d3282e98e4d7b96213c626e92665a
+#: 112d9fd0a032418682875fe5f5685fc8
 msgid "A unique identifier for a SCIM resource as defined by the service provider. Id will be :py:data:`None` until the :meth:`~canaille.backends.models.BackendModel.save` method is called."
 msgstr ""
 
 #: ../../docstring of canaille.backends.models.Model.id:5
-#: 64c1848034b34d2086fa0d50e1b94a98
+#: fe3e4be3b44b43ebbbd11fe81fdc2613
 msgid "Each representation of the resource MUST include a non-empty \"id\" value.  This identifier MUST be unique across the SCIM service provider's entire set of resources.  It MUST be a stable, non- reassignable identifier that does not change when the same resource is returned in subsequent requests.  The value of the \"id\" attribute is always issued by the service provider and MUST NOT be specified by the client.  The string \"bulkId\" is a reserved keyword and MUST NOT be used within any unique identifier value.  The attribute characteristics are \"caseExact\" as \"true\", a mutability of \"readOnly\", and a \"returned\" characteristic of \"always\".  See Section 9 for additional considerations regarding privacy."
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:1
-#: bd6bdb35102f4e4d803a072d6c012255
+#: 4f16f8a2628746e0bbb013e0ebdd53de
 msgid "Returns a unique value that will be used to identify the model instance."
 msgstr ""
 
 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:4
-#: 3ee0208a12e4453abe733d48f8046054
+#: 570af0c54d8a4b9ca5e1180a154578c6
 msgid "This value will be used in URLs in canaille, so it should be unique and short."
 msgstr ""
 
 #: ../../docstring of canaille.backends.models.Model.last_modified:1
-#: 339106d4e64c4cce82c7b4eb3e783713
+#: a64d636f5ae843698bae18cbc27adae5
 msgid "The most recent :class:`~datetime.datetime` that the details of this resource were updated at the service provider."
 msgstr ""
 
 #: ../../docstring of canaille.backends.models.Model.last_modified:4
-#: c7d7e9d90b744b41ac4899977c14174f
+#: 1478742051c64d3c8e8cb44b101c2337
 msgid "If this resource has never been modified since its initial creation, the value MUST be the same as the value of :attr:`~canaille.backends.models.Model.created`."
 msgstr ""
 
@@ -4876,1140 +4878,1140 @@ msgstr ""
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1
-#: d3ae97f457864dbf953ac9a3cfc043e2
-#: c8d3896a864d4331a8d5532b312376db
-#: c1c3e9ca21a04c1d851e4a75082b1c90
-#: c1c3e9ca21a04c1d851e4a75082b1c90
-#: c1c3e9ca21a04c1d851e4a75082b1c90
-#: c1c3e9ca21a04c1d851e4a75082b1c90
+#: 31058fb082044629ab68e330524f37d4
+#: 963c873782434df6bc7a6314e406858e
+#: ec3b5ed7c8e94f728377c74990bc94e6
+#: ec3b5ed7c8e94f728377c74990bc94e6
+#: ec3b5ed7c8e94f728377c74990bc94e6
+#: ec3b5ed7c8e94f728377c74990bc94e6
 msgid "Bases: :py:class:`~canaille.backends.models.Model`"
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.Group:1
-#: fcf6434c92de4c0e9ae1790f19a43d8c
+#: d8d4759602c44e048e0d4f053dc5c895
 msgid "User model, based on the `SCIM Group schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.Group.display_name:1
-#: 6ae4c021384e45b3b90ca7840c9caa48
+#: f557ae62a380458ca1e212165ff7ebd2
 msgid "A human-readable name for the Group."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.Group.display_name:3
 #: ../../docstring of canaille.oidc.basemodels.Client.client_id:1
-#: 94bf457053a8408a80e8157f385e6127
-#: 8ef14562e7c1440e89a45a65c05b07c4
+#: 3a782effac4c44f2b4084280c168f909
+#: 038998149ec146249f6cd7993b6ea7c2
 msgid "REQUIRED."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.Group.members:1
-#: 0b61dbdad02b48bbb9a9ace3f9ce130a
+#: 83c94299de834bb7899fc5d919567ddf
 msgid "A list of members of the Group."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.Group.members:3
-#: 4f5d6c5417ce40c39617fed66f507f2d
+#: f8395458983d4efd966c1f2bd3e771dc
 msgid "While values MAY be added or removed, sub-attributes of members are \"immutable\".  The \"value\" sub-attribute contains the value of an \"id\" attribute of a SCIM resource, and the \"$ref\" sub-attribute must be the URI of a SCIM resource such as a \"User\", or a \"Group\".  The intention of the \"Group\" type is to allow the service provider to support nested groups.  Service providers MAY require clients to provide a non-empty value by setting the \"required\" attribute characteristic of a sub-attribute of the \"members\" attribute in the \"Group\" resource schema."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User:1
-#: ea9a3214f2fe40079b36d4acc3993d0b
+#: 3de74c338e4e45d4ada0909e1d6a2c1d
 msgid "User model, based on the `SCIM User schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_, `Entreprise User Schema Extension <https://datatracker.ietf.org/doc/html/rfc7643#section-4.3>`_ and `SCIM Password Management Extension <https://datatracker.ietf.org/doc/html/draft-hunt-scim-password-mgmt-00.html>`_ draft. Attribute description is based on SCIM and put there for information purpose. The description may not fit the current implementation in Canaille."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User.can:1
-#: 50465e6a043e4772901bbc25136c15c7
+#: dd44c29c7f88458e923a6bdc89ff4bd8
 msgid "Whether or not the user has the :class:`~canaille.core.configuration.Permission` according to the :class:`configuration <canaille.core.configuration.ACLSettings>`."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.department:1
-#: 300ebcf15c3d4ee8b50478aa38113f2f
+#: d09b761f1c3d4bcda3c7c5841cb86768
 msgid "Identifies the name of a department."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.display_name:1
-#: 44d18f2b6f5147d7bb381e18daf093e3
+#: 7a92e34396f14701a901c6342ba43372
 msgid "The name of the user, suitable for display to end-users."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.display_name:3
-#: c04b6da17ce14862afd1911eb9fda1fd
+#: e89fec83b2eb42deaac70264489240e3
 msgid "Each user returned MAY include a non-empty displayName value.  The name SHOULD be the full name of the User being described, if known (e.g., \"Babs Jensen\" or \"Ms. Barbara J Jensen, III\") but MAY be a username or handle, if that is all that is available (e.g., \"bjensen\").  The value provided SHOULD be the primary textual label by which this User is normally displayed by the service provider when presenting it to end-users."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.emails:1
-#: c7a7d69b175742f692f41bfdff6d3957
+#: 5383ce6b712040c4a0bba18c1bbef93d
 msgid "Email addresses for the User."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.emails:3
-#: 63f46cb0c21a4fa4b8b0a720c8d14248
+#: dcbfe09f878141a4bd5a20b9e2d9b6da
 msgid "The value SHOULD be specified according to [RFC5321].  Service providers SHOULD canonicalize the value according to [RFC5321], e.g., \"bjensen@example.com\" instead of \"bjensen@EXAMPLE.COM\".  The \"display\" sub-attribute MAY be used to return the canonicalized representation of the email value. The \"type\" sub-attribute is used to provide a classification meaningful to the (human) user.  The user interface should encourage the use of basic values of \"work\", \"home\", and \"other\" and MAY allow additional type values to be used at the discretion of SCIM clients."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.employee_number:1
-#: 3c9e8a305a2e45188d1991241730c384
+#: 6cc0c003bd234628a0bc0a0c27cccaee
 msgid "A string identifier, typically numeric or alphanumeric, assigned to a person, typically based on order of hire or association with an organization."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.family_name:1
-#: dd49515b6ca4486487bbb848d32ec95d
+#: db1cbc1b88a44555ac36431d951ed1bc
 msgid "The family name of the User, or last name in most Western languages (e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen, III\")."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.formatted_address:1
-#: f80305cee214421eb76ae29dd6697765
+#: 19bb2c52eb2747a8bae2df988b0f3226
 msgid "The full mailing address, formatted for display or use with a mailing label."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.formatted_address:4
-#: 85a0ba3e7b064d75b6bb0f9135fb23c1
+#: aaf2f2de713c468a8388bd976795c621
 msgid "This attribute MAY contain newlines."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.formatted_name:1
-#: 4e458944ffe74d00bfc78e91f7f4b925
+#: 6e02928b97a944b5929f0002f9c7b70c
 msgid "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen, III\")."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.given_name:1
-#: f44fded253494128a007b56f7303dc14
+#: 0adf168d41024021aca8fcbf22e2b575
 msgid "The given name of the User, or first name in most Western languages (e.g., \"Barbara\" given the full name \"Ms. Barbara Jane Jensen, III\")."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.groups:1
-#: e31e09adf6404439bf17d6aab21fff32
+#: ef755a48c32047c187a2405190a88b07
 msgid "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.groups:4
-#: c05221c0bcca4718bfa6fdb9519fe95e
+#: 0d7136476f7649ddad322de96971e938
 msgid "The values are meant to enable expression of common group-based or role-based access control models, although no explicit authorization model is defined.  It is intended that the semantics of group membership and any behavior or authorization granted as a result of membership are defined by the service provider.  The canonical types \"direct\" and \"indirect\" are defined to describe how the group membership was derived.  Direct group membership indicates that the user is directly associated with the group and SHOULD indicate that clients may modify membership through the \"Group\" resource. Indirect membership indicates that user membership is transitive or dynamic and implies that clients cannot modify indirect group membership through the \"Group\" resource but MAY modify direct group membership through the \"Group\" resource, which may influence indirect memberships.  If the SCIM service provider exposes a \"Group\" resource, the \"value\" sub-attribute MUST be the \"id\", and the \"$ref\" sub-attribute must be the URI of the corresponding \"Group\" resources to which the user belongs.  Since this attribute has a mutability of \"readOnly\", group membership changes MUST be applied via the \"Group\" Resource (Section 4.2).  This attribute has a mutability of \"readOnly\"."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User.has_password:1
-#: 995c5dd87f84486b866861819560cddf
+#: 034f9fa73a5d455382726ac4b448c136
 msgid "Check whether a password has been set for the user."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.hotp_counter:1
-#: b20ebcdbcb5844738f1587b2713c1ee3
-msgid "HMAC-based One Time Password counter, used for two-factor authentication."
+#: 05380b82ddda46bfa9678288cebf85a7
+msgid "HMAC-based One Time Password counter, used for multi-factor authentication."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.last_otp_login:1
-#: aeffd6550ea64663ab67d8acca53691b
+#: bdfeb17b4cc24311b1945121f22d4e61
 msgid "A DateTime indicating when the user last logged in with a one-time password. This attribute is currently used to check whether the user has activated one-time password authentication or not."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.locality:1
-#: 6392444bc3f54ec2b7a2e6d76dcebfd9
+#: 3d50110e459f4ba3b06af609c8f2bef8
 msgid "The city or locality component."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.lock_date:1
-#: 52b1f476fb584fa89da42a63597ba27d
+#: bc9386fb2f7c41cc82308c45d919feb9
 msgid "A DateTime indicating when the resource was locked."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User.locked:1
-#: 11adeee0c9264a899a29f6650947d5f9
+#: 8f227ede6e584fda946d50e86049afcb
 msgid "Whether the user account has been locked or has expired."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.one_time_password:1
-#: 6e8fc6e79f3d45ac804673abaed8ae41
-msgid "One time password used for email or sms two-factor authentication."
+#: 4f6ac05bac3845ea8325c2b34e8c0824
+msgid "One time password used for email or sms multi-factor authentication."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.one_time_password_emission_date:1
-#: 51fa37f2cd494b699222475514856ecf
+#: cc1503678fc046f9bb759040e7e561e1
 msgid "A DateTime indicating when the user last emitted an email or sms one-time password."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.organization:1
-#: 7f2c3e4f3c354bedbccde4710263b02f
+#: 39b14adbf8ad42b39c2cdd9fb0fcf96c
 msgid "Identifies the name of an organization."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:1
-#: 072e6b6f57ea480eb08da8b2014e78fc
+#: a4ec9a6f72834b47b82db401e1ebed2f
 msgid "This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password.  The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider.  If a service provider holds the value locally, the value SHOULD be hashed.  When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows:"
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:9
-#: ad7fb50b57bf4a0eaf4e0e96899afad2
+#: 4a4c0608f0ac4739bbb358ebfffbc94c
 msgid "Prepare the cleartext value for international language comparison.  See Section 7.8 of [RFC7644]."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:12
-#: 46d03fb43b2e40cc9f2ad6ea3dd511ff
+#: 770cfb12f1c943188e281ef2e527ccb2
 msgid "Validate the value against server password policy.  Note: The definition and enforcement of password policy are beyond the scope of this document."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:16
-#: 72ece62774ba4f9c9ef5ddf163d12af4
+#: 736bf805f27d4dfb8c1292b5afaca0be
 msgid "Ensure that the value is encrypted (e.g., hashed).  See Section 9.2 for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:20
-#: 094d9a68c6b743f3af8832f6fe75e71e
+#: 605f5a91894e42ee9d14686ae2f346cd
 msgid "A service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)).  If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:28
-#: a4f2fcdde65c4774a2cb672677275686
+#: 198ed93545fe467ea461cef9a184362c
 msgid "Testing for an equality match MAY be supported if there is an existing stored hashed value.  When testing for equality, the service provider:"
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:32
-#: 7595e72df7db44f9b6c42796e830f12b
+#: becd82e6d299471d94ab4906ce105218
 msgid "Prepares the filter value for international language comparison.  See Section 7.8 of [RFC7644]."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:35
-#: 61b66fa2e8814634889657f8d0edfab0
+#: ca91b3fdd3ae434dbb47d55b73ccbcb2
 msgid "Generates the salted hash of the filter value and tests for a match with the locally held value."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.password:38
-#: a7cfcbc3765b4f78a7155e4dd9415a1e
+#: 0c4d62a31f2d442981432c2f841abdac
 msgid "The mutability of the password attribute is \"writeOnly\", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic \"returned\" is \"never\")."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.phone_numbers:1
-#: 9c94598375724785b44ef15df37f51e4
+#: 636757499c76498ca8a1cbad6ea4fbb7
 msgid "Phone numbers for the user."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.phone_numbers:3
-#: 5dd8841664b34a61b816f4809063e0c2
+#: dabf654512714fda965fded70f74aeac
 msgid "The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'.  Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate.  The \"display\" sub-attribute MAY be used to return the canonicalized representation of the phone number value.  The sub- attribute \"type\" often has typical values of \"work\", \"home\", \"mobile\", \"fax\", \"pager\", and \"other\" and MAY allow more types to be defined by the SCIM clients."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.photo:1
-#: 291043b969b54c499248e5cd4137ba46
+#: 27d8a36d06ce46858ed9974cfb3a9a9b
 msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.photo:5
-#: d20c5f4d9f154642a7e5197897542d16
+#: 8d0e8ca2555c48b0aad26fa7fdb102cf
 msgid "The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather than a web page containing an image.  Service providers MAY return the same image in different sizes, although it is recognized that no standard for describing images of various sizes currently exists.  Note that this attribute SHOULD NOT be used to send down arbitrary photos taken by this user; instead, profile photos of the user that are suitable for display when describing the user should be sent. Instead of the standard canonical values for type, this attribute defines the following canonical values to represent popular photo sizes: \"photo\" and \"thumbnail\"."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.postal_code:1
-#: 43d41ad405ca4db99f51e8c857e137e3
+#: ca9c10bc74eb4a2b90365bbd3473b1be
 msgid "The zip code or postal code component."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.preferred_language:1
-#: c8f7b6dd86d646f191246ff0070da604
+#: 5c7d29d6e6334161b21068010f566af2
 msgid "Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.preferred_language:4
-#: 7bf574c66b664d229948814478d62a8a
+#: c45f7e1feb59446daa9dbea7cce24305
 msgid "The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including \"Accept-Language:\") and is specified in Section 5.3.5 of [RFC7231].  The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.profile_url:1
-#: 1cb9deea306246f8a148e8cd469da0d8
+#: 267adc8c4ecf4750a9db3464eb2b8573
 msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page)."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.profile_url:5
-#: 84b648830c3148ecb4e74a368b850c23
+#: 7f227419ab034b3da8303fe94affeb6c
 msgid "URIs are canonicalized per Section 6.2 of [RFC3986]."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:1
-#: 58a2e21fdb434721a2f63d42d309bdf5
+#: e064888816ad4e228797af005daa0c1b
 msgid "The fields the user can read according to the :class:`configuration <canaille.core.configuration.ACLSettings>` configuration."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:4
-#: 13d48165549548f4b93daef3011da021
+#: d51b5c9a3058444187f7f52aafcc57ce
 msgid "This does not include the :attr:`writable <canaille.core.models.User.writable_fields>` fields."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.region:1
-#: 6f59b77e31f04e928a5ba62b1e24e768
+#: 7781da46bb4f45c19d4061a73efd1860
 msgid "The state or region component."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.secret_token:1
-#: 976966fe6b494fa7881ec2bb7c992d48
-msgid "Unique token generated for each user, used for two-factor authentication."
+#: 3764681cd7844fdaa69cc2ab072ff732
+msgid "Unique token generated for each user, used for multi-factor authentication."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.street:1
-#: 499ca20e98174187b6a7e067dc8bb99d
+#: e15de46ed1a745e580399d0bf40e96b8
 msgid "The full street address component, which may include house number, street name, P.O."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.street:4
-#: 9da29eeb9a7749388ec24a3d730cdcca
+#: 663a1b080f3646f5bbc30492beccda49
 msgid "box, and multi-line extended street address information.  This attribute MAY contain newlines."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.title:1
-#: d210c0de6da84b4f8336209ae9719f87
+#: 96571ab69f47443087e9de7cdf2af3ef
 msgid "The user's title, such as \"Vice President\"."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.user_name:1
-#: 3fdb69a67da040b1bfb2682e3c8b99d4
+#: 5a41c74aee6040d78b20e68feedbe91d
 msgid "A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider."
 msgstr ""
 
 #: ../../docstring of canaille.core.models.User.user_name:4
-#: 1028aa46fd5b4dc2b9315aabf36ab31c
+#: 305c46ac8a734b4fb513c2da9c0bd78d
 msgid "Often displayed to the user as their unique identifier within the system (as opposed to \"id\" or \"externalId\", which are generally opaque and not user-friendly identifiers).  Each User MUST include a non-empty userName value.  This identifier MUST be unique across the service provider's entire set of Users.  This attribute is REQUIRED and is case insensitive."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.User.writable_fields:1
-#: 6f4310b43c8c41af8069664ccee7283a
+#: f99945951b7f476484908fef5eb9bee4
 msgid "The fields the user can write according to the :class:`configuration <canaille.core.configuration.ACLSettings>`."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.string_code:1
-#: fc53171fc0944808ba403af52c2ba136
+#: 81f725c1782d45b395593f37c0776e41
 msgid "Add leading 0 if the code length does not match the defined length."
 msgstr ""
 
 #: ../../canaille/core/models.py:docstring of canaille.core.models.string_code:3
-#: ae60e7010ca94353a14a569775471e8e
+#: 1cc69f629da14627a5d08132c7388c45
 msgid "For instance, parameter ``digit=6``, but ``code=123``, this method would return ``000123``::"
 msgstr ""
 
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.AuthorizationCode:1
-#: a121e077c37d4a8cab594a0629893230
+#: 470216f2acc344a9bc4fe9408cf38b4c
 msgid "OpenID Connect temporary authorization code definition."
 msgstr ""
 
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1
-#: 176b8928ffc54ed0b7a4b727cdf50387
+#: b0248a05ffa44100bfcf4e84de0e154b
 msgid "OpenID Connect client definition, based on the `OAuth 2.0 Dynamic Client Registration protocols <https://datatracker.ietf.org/doc/html/rfc7591.html>`_ and the `OpenID Connect RP-Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_ specifications."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_id:3
-#: 501569fe51a94e8b9cfee76865f5720a
+#: 9630f3464163481993a425c28c308969
 msgid "OAuth 2.0 client identifier string.  It SHOULD NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:1
 #: ../../docstring of canaille.oidc.basemodels.Client.client_secret:1
 #: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:1
-#: 155223b8bff641ed9a0375b3d458c5c9
-#: 155223b8bff641ed9a0375b3d458c5c9
-#: 155223b8bff641ed9a0375b3d458c5c9
+#: 05d209d5010c49c99c2e88fd070c5595
+#: 05d209d5010c49c99c2e88fd070c5595
+#: 05d209d5010c49c99c2e88fd070c5595
 msgid "OPTIONAL."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:3
-#: 8f9ab854501246b68994edefd2c22365
+#: fb189c4d73054f559edc1f71e252013c
 msgid "Time at which the client identifier was issued.  The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of issuance."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_name:1
-#: 8610eab8370a4184937f0d1169b54c51
+#: 90b1171c71784152b30c868ce6a69e92
 msgid "Human-readable string name of the client to be presented to the end-user during authorization."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_name:4
-#: ce9a8c14a98f4a31b17100c0ca14c199
+#: 2f438f6285d3455f81459326d3ed2a3d
 msgid "If omitted, the authorization server MAY display the raw \"client_id\" value to the end-user instead.  It is RECOMMENDED that clients always send this field. The value of this field MAY be internationalized, as described in Section 2.2."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_secret:3
-#: f737139e11a14b14be8545e1a2c5c0f6
+#: b659e17a18ae49d6b460ce4bfd3ef720
 msgid "OAuth 2.0 client secret string.  If issued, this MUST be unique for each \"client_id\" and SHOULD be unique for multiple instances of a client using the same \"client_id\".  This value is used by confidential clients to authenticate to the token endpoint, as described in OAuth 2.0 [RFC6749], Section 2.3.1."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:1
-#: 01979509cf224c5b8ba2127719435fc8
+#: fe3efeb714e642038fddaee69b85a240
 msgid "REQUIRED if \"client_secret\" is issued."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:3
-#: 48959dbf918e45ba9c37a50f77a0adf9
+#: 8224ead887464588a9b93fc320780f69
 msgid "Time at which the client secret will expire or 0 if it will not expire.  The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_uri:1
-#: 20f5972c57c540f6ab8392896c84be8c
+#: c7ec8c5c04bd41fa87825f3d6f4e71b3
 msgid "URL string of a web page providing information about the client."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.client_uri:3
-#: 30041d9b4c124152a5c0443ff9b2191c
+#: 8be313c7ec5848419e7a0062beefd60c
 msgid "If present, the server SHOULD display this URL to the end-user in a clickable fashion.  It is RECOMMENDED that clients always send this field.  The value of this field MUST point to a valid web page.  The value of this field MAY be internationalized, as described in Section 2.2."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.contacts:1
-#: 5cce7321f5e5400589f9393258dc3a4a
+#: 133418eefb1d484ba26f492838063c04
 msgid "Array of strings representing ways to contact people responsible for this client, typically email addresses."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.contacts:4
-#: af06fcccdc594f869be314af985cf14c
+#: 4c4d89f737af445da4e7eb5882887e00
 msgid "The authorization server MAY make these contact addresses available to end-users for support requests for the client.  See Section 6 for information on Privacy Considerations."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:1
-#: b4a5975375c641eaa946ccd90ce211a6
+#: 5105e93451e946fea6c3fd0b09c19683
 msgid "Array of OAuth 2.0 grant type strings that the client can use at the token endpoint.  These grant types are defined as follows:"
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:4
-#: bbc3935e899e47f3bafe281f1d888251
+#: 471bb398e08d45d588f320d2c25cb025
 msgid "\"authorization_code\": The authorization code grant type defined in OAuth 2.0, Section 4.1."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:7
-#: 64449ef0ca7f424c9fab46a991d69d96
+#: c1785e60703f46e5a3a6e7131ba26894
 msgid "\"implicit\": The implicit grant type defined in OAuth 2.0, Section 4.2."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:10
-#: f236e27b48c94daf906f45e1448426c6
+#: 99ec3801466340bd83367ab92a351ac3
 msgid "\"password\": The resource owner password credentials grant type defined in OAuth 2.0, Section 4.3."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:13
-#: 9e81137e52f94762be9551134791deaf
+#: a62c7b8185ee4863aec423c5fe445ae5
 msgid "\"client_credentials\": The client credentials grant type defined in OAuth 2.0, Section 4.4."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:16
-#: e7293d36a66346228115f0e7a1db1628
+#: 2fd298fce6974e4da2f670da31280955
 msgid "\"refresh_token\": The refresh token grant type defined in OAuth 2.0, Section 6."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:19
-#: 8fcedc410abe4cb4ba32399205c1fdb4
+#: 2fb0f1de8f46429eb46970d53c954d91
 msgid "\"urn:ietf:params:oauth:grant-type:jwt-bearer\": The JWT Bearer Token Grant Type defined in OAuth JWT Bearer Token Profiles [RFC7523]."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:23
-#: 45a990b4f0c3428ca6b0f466163b444d
+#: dd4f8e0551e048d599a3f95740ea3cf1
 msgid "\"urn:ietf:params:oauth:grant-type:saml2-bearer\": The SAML 2.0 Bearer Assertion Grant defined in OAuth SAML 2 Bearer Token Profiles [RFC7522]."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:27
-#: da938e538dfb4cbcb06eb0257bae0c5d
+#: 241768369988480b8f79cae93fa06ff4
 msgid "If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the \"grant_type\" parameter passed to the token endpoint defined in the grant type definition.  Authorization servers MAY allow for other values as defined in the grant type extension process described in OAuth 2.0, Section 4.5.  If omitted, the default behavior is that the client will use only the \"authorization_code\" Grant Type."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.jwk:1
-#: 61a94c54874e45c7b6d6a0080b303c06
+#: 779d5b8c355f4e469d0880100f197dbd
 msgid "Client's JSON Web Key Set [RFC7517] document value, which contains the client's public keys."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.jwk:4
-#: 878eeb4b93db4411b3227ebfce480fb2
+#: 786a840808f042fdb3a97eb1bd7f7a98
 msgid "The value of this field MUST be a JSON object containing a valid JWK Set.  These keys can be used by higher-level protocols that use signing or encryption.  This parameter is intended to be used by clients that cannot use the \"jwks_uri\" parameter, such as native clients that cannot host public URLs.  The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:1
-#: bdc8f6ae5aa54e2e8cd3968ba2b834e5
+#: 29bbb97b4b0545df84cf23ec1e6b14cf
 msgid "URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:4
-#: f0514e0625524e80b9d71112f8f845fd
+#: 4021b5fbeabb464d938a3903ef7e718b
 msgid "The value of this field MUST point to a valid JWK Set document. These keys can be used by higher-level protocols that use signing or encryption.  For instance, these keys might be used by some applications for validating signed requests made to the token endpoint when using JWTs for client authentication [RFC7523].  Use of this parameter is preferred over the \"jwks\" parameter, as it allows for easier key rotation.  The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:1
-#: a8573dc1a7474be593d58ac595763de8
+#: 723f17b9b9df481394bcff341b2730b1
 msgid "URL string that references a logo for the client."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:3
-#: a2ca19d94ea94ee8b9938118fc25f1fa
+#: 6b1a034be4f248e98f185c7a0ef2c3b5
 msgid "If present, the server SHOULD display this image to the end-user during approval. The value of this field MUST point to a valid image file.  The value of this field MAY be internationalized, as described in Section 2.2."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:1
-#: 14d06cf8a7e34fedad15b82247d69d39
+#: 92446c1f45fc4da9bf18fed32b046f26
 msgid "URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:5
 #: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:5
-#: 1ea0d5026129456fbbc197bfce61c98e
-#: 1ea0d5026129456fbbc197bfce61c98e
+#: 470f3a6ebe5a470d97207d2d724d7a50
+#: 470f3a6ebe5a470d97207d2d724d7a50
 msgid "The authorization server SHOULD display this URL to the end-user if it is provided.  The value of this field MUST point to a valid web page.  The value of this field MAY be internationalized, as described in Section 2.2."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:3
-#: 50f7bef11f5244e4b91bdd115c92c874
+#: 80775602163f4c4eae2aa73101fb4a59
 msgid "Array of URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0 [RFC6749], and provided the OP allows the use of http RP URIs."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:1
-#: e6a72fe3893b4db4adc05a9684a6dc4a
+#: 9864218626a9495d837ca07ecabe2e83
 msgid "Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:4
-#: d8400c42df344766b3fa56e4d0973700
+#: a1f4e7a342764daf9b91f5c582e0d704
 msgid "As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.response_types:1
-#: 8be6e16541944c6f9cad4f83c72a13b5
+#: 2b675d8a76b64442baaf96288a99145f
 msgid "Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.  These response types are defined as follows:"
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.response_types:5
-#: 460f3e0ea3674308963d0510ac0d6444
+#: 3f19f3d3bf244c669c336230f4e548e5
 msgid "\"code\": The authorization code response type defined in OAuth 2.0, Section 4.1."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.response_types:8
-#: a6be11c01465486aa6fc6d52b002b3c6
+#: 8be17e9ef4c642a0a227974a40450da2
 msgid "\"token\": The implicit response type defined in OAuth 2.0, Section 4.2."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.response_types:11
-#: 0629b093e32248559987eb03c2802856
+#: 3be1d7f3ab82407ebcf77c9ad6294934
 msgid "If the authorization endpoint is used by the grant type, the value of this parameter MUST be the same as the value of the \"response_type\" parameter passed to the authorization endpoint defined in the grant type definition.  Authorization servers MAY allow for other values as defined in the grant type extension process is described in OAuth 2.0, Section 4.5.  If omitted, the default is that the client will use only the \"code\" response type."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.scope:1
-#: c8200e01d757418294c72a8c1f4dd013
+#: 99bf5a0735f3490eb63943c7926eb165
 msgid "String containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.scope:5
-#: 6b5bfcb30b5443cea8e88e0e0074c1ff
+#: d9c4d3be73ae454fbc08c0452c4cafba
 msgid "The semantics of values in this list are service specific.  If omitted, an authorization server MAY register a client with a default set of scopes."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.software_id:1
-#: c16d3f6118f24f639ffa8f395fb26d51
+#: ee3bd26091c94945b33584e781c19370
 msgid "A unique identifier string (e.g., a Universally Unique Identifier (UUID)) assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.software_id:6
-#: dae7107648bc4e498d3924fdff934e29
+#: 8fd0e02b12354b72b7175ade2536eac3
 msgid "Unlike \"client_id\", which is issued by the authorization server and SHOULD vary between instances, the \"software_id\" SHOULD remain the same for all instances of the client software.  The \"software_id\" SHOULD remain the same across multiple updates or versions of the same piece of software.  The value of this field is not intended to be human readable and is usually opaque to the client and authorization server."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.software_version:1
-#: c620c60307f64b08a6322573b5dd0561
+#: 2d69ee9b36d244ec98fb0ca3135ac74f
 msgid "A version identifier string for the client software identified by \"software_id\"."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.software_version:4
-#: e0c0f27106824081827201c50fb85ae7
+#: 0da082aab3354aad8196b87ea111796f
 msgid "The value of the \"software_version\" SHOULD change on any update to the client software identified by the same \"software_id\".  The value of this field is intended to be compared using string equality matching and no other comparison semantics are defined by this specification.  The value of this field is outside the scope of this specification, but it is not intended to be human readable and is usually opaque to the client and authorization server.  The definition of what constitutes an update to client software that would trigger a change to this value is specific to the software itself and is outside the scope of this specification."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:1
-#: c226846c2d1c4874bf900ddd10cf4144
+#: e666c285e9d0483a8b06ed07b9596fd1
 msgid "String indicator of the requested authentication method for the token endpoint.  Values defined by this specification are:"
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:4
-#: aca79c0bc52744e0aedf325049fa2b15
+#: 75019e0ffa134fe0a48fc885130c97ee
 msgid "\"none\": The client is a public client as defined in OAuth 2.0, Section 2.1, and does not have a client secret."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:7
-#: e63eaadeb384412199ed4f6ed7053e47
+#: 6d1fcab0de3a41e18101687e93c45444
 msgid "\"client_secret_post\": The client uses the HTTP POST parameters as defined in OAuth 2.0, Section 2.3.1."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:10
-#: 271a83d28e854ac0ba72171a974b346b
+#: 75493a43244c4357842d2fdfa745f330
 msgid "\"client_secret_basic\": The client uses HTTP Basic as defined in OAuth 2.0, Section 2.3.1."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:13
-#: 20907504b16b4d2785df51328c1ef639
+#: 070320a7585e4d9ba744cbaed1593208
 msgid "Additional values can be defined via the IANA \"OAuth Token Endpoint Authentication Methods\" registry established in Section 4.2.  Absolute URIs can also be used as values for this parameter without being registered.  If unspecified or omitted, the default is \"client_secret_basic\", denoting the HTTP Basic authentication scheme as specified in Section 2.3.1 of OAuth 2.0."
 msgstr ""
 
 #: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:1
-#: 00b5b754a5c5419f92fab486003e081a
+#: 95cc7b66c6da48e5a189a32abaa9c24e
 msgid "URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client."
 msgstr ""
 
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1
-#: a05f59c629e3458fbbf64e91e88819bf
+#: bf6c359aadbc4404ba1967b1b8d26255
 msgid "Long-term user consent to an application."
 msgstr ""
 
 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1
-#: 7b57192679024787a3be94302cb00b86
+#: a20eaa516c854599a62222141346d76b
 msgid "OpenID Connect token definition."
 msgstr ""
 
 #: ../tutorial/databases.rst:4
-#: 5748f2a24c36444993b0ac2c8ce280bb
+#: 2934007ee99c4b5096855dd9bf47208b
 msgid "Canaille can read and save data in different databases. This page presents the different database backends and their specificities:"
 msgstr ""
 
 #: ../tutorial/databases.rst:10
-#: 5d24828b6f5649039d526b7fb689db99
+#: 4d8d9b1634cf47eca9c118b3af6173df
 msgid "Canaille comes with a lightweight inmemory backend by default. It is used when no other backend has been configured."
 msgstr ""
 
 #: ../tutorial/databases.rst:13
-#: afdd59c782fc4a28851af9f8a3c24428
+#: 5383f833c2634382a279cf9c2e9efff5
 msgid "This backend is only for test purpose and should not be used in production environments."
 msgstr ""
 
 #: ../tutorial/databases.rst:18
-#: 883a0e443e914abb8edfe20bf57f1296
+#: 5c04f9416e954990a51ad770b994755d
 msgid "Canaille can use any database supported by `SQLAlchemy <https://www.sqlalchemy.org/>`_, such as sqlite, postgresql or mariadb."
 msgstr ""
 
 #: ../tutorial/databases.rst:21
-#: 70e3f1710abf4134b85427a21dedeaa4
+#: 5cef0f1dda384284a256492c7b8dfcca
 msgid "It is used when the ``CANAILLE_SQL`` configuration parameter is defined. For instance:"
 msgstr ""
 
 #: ../tutorial/databases.rst:29
-#: 30971ee8de5542819657f07c3e215be2
+#: cedc3bb2dba0427b93cf11791b189c96
 msgid "You can find more details on the SQL configuration in the :class:`dedicated section <canaille.backends.sql.configuration.SQLSettings>`."
 msgstr ""
 
 #: ../tutorial/databases.rst:34
-#: da789ef60396408eb64b22001aaaf8fe
+#: fd9f8f823d184c72840274fd13de5b91
 msgid "Canaille can use OpenLDAP as its main database. It is used when the ``CANAILLE_LDAP`` configuration parameter is defined. For instance:"
 msgstr ""
 
 #: ../tutorial/databases.rst:52
-#: c64cf1c4f3664390a27dbef6f154878e
+#: dbd09fe39b724102813c8d259ad336f6
 msgid "If you want to use TOTP/HOTP authentication, you will need to add the ``oathHOTPToken`` class to the user :"
 msgstr ""
 
 #: ../tutorial/databases.rst:58
-#: aa4b16bc9b7946d7904708e1f424f53f
+#: fcbc8501c455465daa5142894408bb38
 msgid "You can find more details on the LDAP configuration in the :class:`dedicated section <canaille.backends.ldap.configuration.LDAPSettings>`."
 msgstr ""
 
 #: ../tutorial/databases.rst:61
-#: faa136c2f11c4d79b3bbe652a901e785
+#: 2c710def18bc46539b2962ee1bde2bf6
 msgid "Currently, only the ``inetOrgPerson``, ``oathHOTPToken`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome."
 msgstr ""
 
 #: ../tutorial/databases.rst:66
-#: 21591edbced444b499d300486e257a91
+#: b7014bf888504dcc865871e8275190f6
 msgid "OpenLDAP overlays integration"
 msgstr ""
 
 #: ../tutorial/databases.rst:68
-#: 33eaffdc103c4d709fb434da45ecca39
+#: a67abbc0745e4c7e9353697969a4fbab
 msgid "Canaille can integrate with several OpenLDAP overlays:"
 msgstr ""
 
 #: ../tutorial/databases.rst:71
-#: b542d311f0444aef936af14660f9ddd3
+#: b1eebe57d90648b3b24cb48cb49c5436
 msgid "memberof / refint"
 msgstr ""
 
 #: ../tutorial/databases.rst:73
-#: e3756a8fbe1d4c469d6df3b4504b73d9
+#: 6bb596696373483ab0a52f0e8169ab9e
 msgid "`memberof <https://www.openldap.org/doc/admin26/overlays.html#Reverse%20Group%20Membership%20Maintenance>`_ and `refint <https://www.openldap.org/doc/admin26/overlays.html#Referential%20Integrity>`_ overlays are needed for the Canaille group membership to work correctly."
 msgstr ""
 
 #: ../tutorial/databases.rst:77
 #: ../tutorial/databases.rst:100
 #: ../tutorial/databases.rst:123
-#: 9b7b5412ee544d7bbb97fc1e30152585
-#: 9b7b5412ee544d7bbb97fc1e30152585
-#: 9b7b5412ee544d7bbb97fc1e30152585
+#: bff8a12ffd4b4d179d6938a046810186
+#: bff8a12ffd4b4d179d6938a046810186
+#: bff8a12ffd4b4d179d6938a046810186
 msgid "Here is a configuration example compatible with canaille:"
 msgstr ""
 
 #: ../tutorial/databases.rst:79
-#: 1b8c284120b44c859cc9bd56b4c8e123
+#: d8858049d6d44b7cae4cbd659f9f8ba2
 msgid "memberof-config.ldif"
 msgstr ""
 
 #: ../tutorial/databases.rst:83
-#: 3fc7e3d6f94f47579174c1ebcb598f6a
+#: 830059290ddc4cf1b2249c45fc303b98
 msgid "refint-config.ldif"
 msgstr ""
 
 #: ../tutorial/databases.rst:87
 #: ../tutorial/databases.rst:110
-#: 39d5ac83d9724a36af9b2185453d86f3
-#: 39d5ac83d9724a36af9b2185453d86f3
+#: 4070700e524f481ba82662576453c6b3
+#: 4070700e524f481ba82662576453c6b3
 msgid "You can adapt and load those configuration files with:"
 msgstr ""
 
 #: ../tutorial/databases.rst:96
-#: 359072b68f5d4338830ee414e509d7c2
+#: e37e96d3eac048e191b4da59788b6096
 msgid "ppolicy"
 msgstr ""
 
 #: ../tutorial/databases.rst:98
-#: a589837a0cf14ad3b8f8116f78356f76
+#: 88ed660b0098483fa77e880febad6b52
 msgid "If the `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.html>`_ overlay is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the :attr:`~canaille.core.models.User.lock_date` attribute."
 msgstr ""
 
 #: ../tutorial/databases.rst:102
-#: fe864493f65b47008ba79f9154931883
+#: 0194f8cb96554ed9a209784cd1a5a10e
 msgid "ppolicy-config.ldif"
 msgstr ""
 
 #: ../tutorial/databases.rst:106
-#: da19de8897bd448aaa8a8f6450974789
+#: 09776d76a5c54f6eb7d79e15a0dbed82
 msgid "ppolicy.ldif"
 msgstr ""
 
 #: ../tutorial/databases.rst:119
-#: ccb4fa4c948c461580569a7ec7a55885
+#: 7bb7048ad0234c28a245626aa50d9c62
 msgid "otp"
 msgstr ""
 
 #: ../tutorial/databases.rst:121
-#: 9b6afdb7651743a78e1955ef59319e29
+#: 89b862fd590f4c49a156ed490b778051
 msgid "If the `otp <https://www.openldap.org/software/man.cgi?query=slapo-otp>`_ overlay is configured, you will be able to add one-time password authentication in canaille."
 msgstr ""
 
 #: ../tutorial/databases.rst:125
-#: fe864493f65b47008ba79f9154931883
+#: 0194f8cb96554ed9a209784cd1a5a10e
 msgid "otp-config.ldif"
 msgstr ""
 
 #: ../tutorial/databases.rst:129
-#: 39d5ac83d9724a36af9b2185453d86f3
+#: 4070700e524f481ba82662576453c6b3
 msgid "You can adapt and load this configuration file with:"
 msgstr ""
 
 #: ../tutorial/databases.rst:136
-#: b0815f933dae41f8a18ffc5c389a8796
+#: 14e54c22e9114f30b809b1605c494c6f
 msgid "You will also need to add the ``oathHOTPToken`` class to the user:"
 msgstr ""
 
 #: ../tutorial/deployment.rst:2
-#: 968d6daab5054d1bbbaac721a53f21e6
+#: f396d7b4fa884f55bf66b57b6c046fdb
 msgid "Deployment"
 msgstr ""
 
 #: ../tutorial/deployment.rst:5
-#: 341af181b96a4e449f124bb22e58723a
+#: 2cbff8a64b41470396973c1f66482110
 msgid "Application service"
 msgstr ""
 
 #: ../tutorial/deployment.rst:7
-#: 856f5e097bd34696b59aa74f451a1a33
+#: d60be98207bd489299d7492480a091c5
 msgid "After having finished Canaille installation you have to run it in a WSGI application server. Here are some WSGI server configuration examples you can pick. Do not forget to update the paths."
 msgstr ""
 
 #: ../tutorial/deployment.rst:11
-#: c2fc01d884054c2c9e9f3cf5b1e7fe01
+#: cf41e4599bea477a8b6742ed38c09555
 msgid "gunicorn"
 msgstr ""
 
 #: ../tutorial/deployment.rst:15
-#: 0734bfeb3d07400d85abe6f2412c506c
+#: 9f4888747a6d4f5d85d9b94bc2814aff
 msgid "Write a gunicorn configuration sample file."
 msgstr ""
 
 #: ../tutorial/deployment.rst:18
-#: 12db5d68d59f42958e64d74cf0a8a852
+#: beb61a6d85dc407c923f0a1797571b4b
 msgid "uwsgi"
 msgstr ""
 
 #: ../tutorial/deployment.rst:42
-#: 7f42a8052b034e1e949f7308c1e80068
+#: 804b59080cfb46a5bece65e9dfe52ae4
 msgid "Webserver"
 msgstr ""
 
 #: ../tutorial/deployment.rst:44
-#: 261287d315864e4e958aab6892250086
+#: 3fd8ef72a9db483aaa18397b136708a4
 msgid "Now you have to plug your WSGI application server to your webserver so it is accessible on the internet. Here are some webserver configuration examples you can pick:"
 msgstr ""
 
 #: ../tutorial/deployment.rst:48
-#: 05ce956efe26448abaa00732f791ac5d
+#: 40d9837c5cdd4c9faf94797e578e409d
 msgid "Nginx"
 msgstr ""
 
 #: ../tutorial/deployment.rst:114
-#: 71a5e5d57a9547909ea4a78f80883422
+#: 5407fc49df8b4871a993d95ebe6b216e
 msgid "Apache"
 msgstr ""
 
 #: ../tutorial/deployment.rst:153
-#: c0216d38c6e74ed08fd2478d61524206
+#: 9e1ca64c07984a218f094949ed99bc6e
 msgid "Recurrent jobs"
 msgstr ""
 
 #: ../tutorial/deployment.rst:155
-#: 24d5e0ff3df449e49ec973125318f628
+#: 283551b28f2d465a830885e57a802334
 msgid "You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:"
 msgstr ""
 
 #: ../tutorial/deployment.rst:164
-#: 615cedede7b348a39bef43b8a0296fb0
+#: 3a91c9769ca04ed289ef4e08d71c84e0
 msgid "Webfinger"
 msgstr ""
 
 #: ../tutorial/deployment.rst:166
-#: 59c6373efd6040f2bc60ce6617810901
+#: c0c2aa060ee743e797e0e0e69ed34aad
 msgid "You may want to configure a `WebFinger`_ endpoint on your main website to allow the automatic discovery of your Canaille installation based on the account name of one of your users. For instance, suppose your domain is ``mydomain.example`` and your Canaille domain is ``auth.mydomain.example`` and there is a user ``john.doe``. A third-party application could require to authenticate the user and ask them for a user account. The user would give their account ``john.doe@mydomain.example``, then the application would perform a WebFinger request at ``https://mydomain.example/.well-known/webfinger`` and the response would contain the address of the authentication server ``https://auth.mydomain.example``. With this information the third party application can redirect the user to the Canaille authentication page."
 msgstr ""
 
 #: ../tutorial/deployment.rst:168
-#: ee64a42bf4104da2a68499149292566d
+#: d4f07f118d4443bcbd44e55144cf4d1f
 msgid "The difficulty here is that the WebFinger endpoint must be hosted at the top-level domain (i.e. ``mydomain.example``) while the authentication server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). Canaille provides a WebFinger endpoint, but if it is not hosted at the top-level domain, a web redirection is required on the ``/.well-known/webfinger`` path."
 msgstr ""
 
 #: ../tutorial/deployment.rst:170
-#: a1aa4ace653f416eb673a5ac6f536199
+#: b305def4f6e74643b1c47e5491e46126
 msgid "Here are configuration examples for Nginx or Apache:"
 msgstr ""
 
 #: ../tutorial/deployment.rst:172
-#: 54696b09f9de48daa0d752cab9cbbe60
+#: f07e30950c0443ea830fb6d01181cbce
 msgid "Nginx webfinger configuration for a top level domain"
 msgstr ""
 
 #: ../tutorial/deployment.rst:181
-#: 7277d41cdb83400ab68d06861f1bba9b
+#: f166862da12146e286d09f1189b44637
 msgid "Apache webfinger configuration for a top level domain"
 msgstr ""
 
 #: ../tutorial/deployment.rst:191
-#: 6c673a0168dc4f159d40898328555d97
+#: ed7f25a6ab90437984c0249217556b7a
 msgid "Create the first user"
 msgstr ""
 
 #: ../tutorial/deployment.rst:193
-#: 665633a1bc5a4185b3ac592a8e0d023d
+#: e983e9c5998a475e9472c54742b25c9f
 msgid "Once canaille is installed, soon enough you will need to add users. To create your first user you can use the :ref:`canaille create <cli_create>` CLI."
 msgstr ""
 
 #: ../tutorial/index.rst:2
-#: df05343770804349af328d9b3651f059
+#: 40de96b13f0b46ba88769f9f0c91bece
 msgid "Tutorial"
 msgstr ""
 
 #: ../tutorial/install.rst:2
-#: a0eef22998554712a838c86b94681306
+#: 990b0c4570294a4c914942072b835544
 msgid "Installation"
 msgstr ""
 
 #: ../tutorial/install.rst:6
-#: 366d1de010774522b5947172c22d1d64
+#: 1f5645b8ce114b08abc62b4f03e8d613
 msgid "Canaille is under heavy development and may not fit a production environment yet."
 msgstr ""
 
 #: ../tutorial/install.rst:8
-#: 7ec1652a0617445681d3b44ab4ef6607
+#: a76d3b71c19b4667a34e1d4b68261499
 msgid "The installation of canaille consist in several steps, some of which you can do manually or with command line tool:"
 msgstr ""
 
 #: ../tutorial/install.rst:11
-#: 39b5cccca7ae4928abc5ecac4466a670
+#: de05573555224e75869a68ac41471c97
 msgid "Get the code"
 msgstr ""
 
 #: ../tutorial/install.rst:13
-#: dd49fb118bd94e00810d55ca2e8e3c23
+#: 8d5ce5f2ad284774a673cad8e1be2cc5
 msgid "As the moment there is no distribution package for canaille. However, it can be installed with the ``pip`` package manager. Let us choose a place for the canaille environment, like ``/opt/canaille/env``."
 msgstr ""
 
 #: ../tutorial/install.rst:24
-#: 8f98f8e76182487aba2f150e7af39150
+#: 5e8dbf51cc8e401d8e7f2738c4c1e500
 msgid "Extras"
 msgstr ""
 
 #: ../tutorial/install.rst:26
-#: 364aff7067fe4ab0aea19ad6024893b1
+#: ff09c579e2834394992e462c1a7830e6
 msgid "Canaille provides different package options:"
 msgstr ""
 
 #: ../tutorial/install.rst:28
-#: 0b64d33198cf4965bf5ccec22054fc9b
+#: fba9a7d4ab8f42c1ba19ec58827c49bb
 msgid "`front` provides all the things needed to produce the user interface;"
 msgstr ""
 
 #: ../tutorial/install.rst:29
-#: 4f47aa89080f491e8f179aadf57a32e4
+#: 3c368569b3434d0c8821fcc5aa2a9fcd
 msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;"
 msgstr ""
 
 #: ../tutorial/install.rst:30
-#: 07d747ece341493cbfdbaacd17b9640d
+#: d2fa3adf12b04e879e8eb1ad5a86d131
 msgid "`ldap` provides the dependencies to enable the LDAP backend;"
 msgstr ""
 
 #: ../tutorial/install.rst:31
-#: bebbbd7c0b5b4694b70dd571d6087a25
+#: 9f0ac2527c844d26999ac4722b7a3062
 msgid "`sqlite` provides the dependencies to enable the SQLite backend;"
 msgstr ""
 
 #: ../tutorial/install.rst:32
-#: 1052d038f4154a29a0e27fd5c83f9abf
+#: 9f8652296fdd460d9d0885fd934a924f
 msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;"
 msgstr ""
 
 #: ../tutorial/install.rst:33
-#: 0696511547b64f22b36c1b3c5ade382a
+#: dba3b5d89e9e46c6b3774b01bf2ae122
 msgid "`mysql` provides the dependencies to enable the MySQL backend;"
 msgstr ""
 
 #: ../tutorial/install.rst:34
-#: 7ec9ca47bc1a487caeb4d706f0cabeec
+#: 3284b40cd5ff4177a9369e471dcd1de2
 msgid "`sentry` provides sentry integration to watch Canaille exceptions;"
 msgstr ""
 
 #: ../tutorial/install.rst:35
-#: 4e77c88c68b1404cbf1502574bc495af
+#: 11d315c8ffbb415cab5068a2fb287590
 msgid "`otp` provides the dependencies to enable one-time password authentication;"
 msgstr ""
 
 #: ../tutorial/install.rst:36
-#: e81b3959980b47898233e6a778b6cfa4
+#: c60670612f384704ad46fba12f41dcf9
 msgid "`sms` provides the dependencies to enable sms sending;"
 msgstr ""
 
 #: ../tutorial/install.rst:37
-#: 4355ba8d8f744ad6b49f6859e36d5276
+#: dfd39313c050407193deac1f01f23e54
 msgid "`all` provides all the extras above."
 msgstr ""
 
 #: ../tutorial/install.rst:39
-#: 2ad6fc294ad44e87a5c1b4389a8c280c
+#: 3d0f7f47cc1a469e9762578aed91f002
 msgid "They can be installed with:"
 msgstr ""
 
 #: ../tutorial/install.rst:46
-#: 59d5ecfe460d412ba993a785c0c20744
+#: b7732a260ca84ba3a4130bd6cb0d1619
 msgid "Configure"
 msgstr ""
 
 #: ../tutorial/install.rst:48
-#: 2bebd03f31724f66a8fc72e10fd4c00f
+#: 86df5b7acf954ddfbb2982dbe0a51da1
 msgid "Choose a path where to store your configuration file. You can pass any configuration path with the ``CONFIG`` environment variable."
 msgstr ""
 
 #: ../tutorial/install.rst:56
-#: 6f15d23d18c245dc9d341399328f752e
+#: 042753d9c5704f21b0da35d38a17a620
 msgid "You should then edit your configuration file to adapt the values to your needs. Look at the configuration details in the :doc:`configuration <../references/configuration>` page."
 msgstr ""
 
 #: ../tutorial/install.rst:59
-#: ede066e9fd9345ac86aa519c3bc66495
+#: a87138181fe64cd9891206619cad6d2d
 msgid "Install"
 msgstr ""
 
 #: ../tutorial/install.rst:61
-#: a888acd5f78142a88927d4585568a24a
+#: 2a7cde9a8ef54f6fb6b527734b5e471d
 msgid "The :ref:`install command <cli_install>` will apply most of the things needed to get Canaille working. Depending on the configured :doc:`database <databases>` it will create the SQL tables, or install the LDAP schemas for instance."
 msgstr ""
 
 #: ../tutorial/install.rst:70
-#: 1d9b520266704354910e893daaa1ac22
+#: faefbbda355349e19671492f478d3153
 msgid "Check"
 msgstr ""
 
 #: ../tutorial/install.rst:72
-#: da69d39139ef46eabe3e65ee743ad414
+#: ab77edb446f44686bf26ef04fbf3dc7d
 msgid "After a manual installation, you can check your configuration file using the :ref:`check command <cli_install>`:"
 msgstr ""
 
 #: ../tutorial/provisioning.rst:2
-#: fad9f07edb234ac5b4edf0f1a2850469
+#: 96b0ed3d70cf436a80f82cf3cd89bf37
 msgid "Provisioning"
 msgstr ""
 
 #: ../tutorial/provisioning.rst:4
-#: b34dc5e4480d4812abe1d615b40724ce
+#: a4047f8d0f904f6799d549e2f65181b2
 msgid "Canaille partially implement the :rfc:`SCIM <7642>` provisioning protocol at the ``/scim/v2`` endpoint."
 msgstr ""
 
 #: ../tutorial/provisioning.rst:6
-#: b435649989a5462fb58feedb7deff9e7
+#: 969c0c2d7d2a47de8fb1c7441ec62e2d
 msgid "At the moment, only the server part is implemented. It allows client applications to manage user profiles directly in Canaille."
 msgstr ""
 
 #: ../tutorial/provisioning.rst:9
-#: cca65894cd064a69b7c8a4dc2b4bc5b2
+#: 706556a4f4de43658b7ee3583115216a
 msgid "To allow clients to access the SCIM API, the client must have the ``client_credentials`` grant type configured. This allows clients to ask an authentication token on their own behalf and use this token to perform queries. Currently, user tokens are not supported."
 msgstr ""
 
 #: ../tutorial/provisioning.rst:13
-#: 7dc6ae431db5465aa6c1f6b104ef027b
+#: 5abc69c6a6ff4cd48e3f2b01cdaa1a52
 msgid "Then the :attr:`CANAILLE_SCIM.ENABLE_SERVER <canaille.scim.configuration.SCIMSettings.ENABLE_SERVER>` configuration parameter must be enabled."
 msgstr ""
 
 #: ../tutorial/provisioning.rst:23
-#: 5540926bcd3a4ff59b5c440933d22e93
+#: 37c0e4ee9eb54f9f94754fec060e0ac5
 msgid "Some SCIM :ref:`features and endpoints <scim_unimplemented>` are not implemented. In addition to these, Canaille will implement in the future:"
 msgstr ""
 
 #: ../tutorial/provisioning.rst:26
-#: df30885f79fd424fb426110529797eeb
+#: a5d6aea95b444cbb9d10731986ae66ac
 msgid "Access control for clients on the SCIM API endpoint, to finely manage permissions depending on clients."
 msgstr ""
 
 #: ../tutorial/provisioning.rst:27
-#: e37b47a3e64940adbfecfffc6245bb5f
+#: 98d88ce07bc640bcafedee10c9bbc98f
 msgid "Client-side implementation, to broadcast user and groups modifications among all the clients."
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:2
-#: a2179a1e932c44c59ec327cabf7a8b0e
+#: d5cca3688aea45bb9ed015f84d324407
 msgid "Troubleshooting"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:5
-#: 46107d829fdc4718adf7b92192756f96
+#: 584a62a0d78b4af391bfc8bd916e3934
 msgid "The web interface throws useless error messages"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:7
-#: 86ab63d58f8848b2a40435a2f048c12f
+#: acc3175f98324e73b0154a833f4291de
 msgid "Unless the current user has admin :class:`permissions <canaille.core.configuration.Permission>`, or the installation is in :attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error messages won't be too technical. For instance, you can see *The request you made is invalid*. To enable detailed error messages, you can **temporarily** enable the :attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration parameter."
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:12
-#: 988d674332bb4633b860095fe99420df
+#: 358b28e47d4a4b48ba2bde7ddd4bc5f3
 msgid "How to manually install LDAP schemas?"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:16
-#: 7be9fb2994f6417889820aac3fce6560
+#: 5e241c1fdd044454a5a27a9d4d609a6c
 msgid "Schema installation can be automatically done using the :ref:`install command <cli_install>`."
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:18
-#: c8c1648f65d348d0a7d601357a849604
+#: fa20dff6817848489fee9434d3e8c154
 msgid "As of OpenLDAP 2.4, two configuration methods are available:"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:20
-#: f37f56f196174ae895e792a933dfbea6
+#: 536b6d4fabea43d48240f3b1b4e256c6
 msgid "The `deprecated <https://www.openldap.org/doc/admin26/slapdconf2.html>`_ one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:21
-#: ae332fd671574a54b9f1ff1cce9ae3e0
+#: 2681e5ed98de4633ab3e958980570c61
 msgid "The new one, based on a configuration directory (generally ``/etc/ldap/slapd.d``)."
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:23
-#: b9fe35e9d0654a4b831845bf9f027a33
+#: e623df73a33a4425874322d64990dd09
 msgid "Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:26
-#: 45557c5a90314b65aca27329fe4f334b
+#: 7fa64ce5f9834bfc8a84a6b147776135
 msgid "Old fashion: Copy the schemas in your filesystem"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:35
-#: 4aa6e1b3b0154c4ca91a982f719c08b5
+#: 89ec7d1a5b9c488898dd0aeec512eb0f
 msgid "New fashion: Use slapadd to add the schemas"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:37
-#: 6ba05a570b0043078256af9a016309c4
+#: cf355b0d0d224146b9aa9bde63c3285b
 msgid "Be careful to stop your ldap server before running ``slapadd``"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:46
-#: 87adc4ca4b22405e948a90409bde21b0
+#: b688808b89a1486ea46f0a30671f0772
 msgid "How to manually generate the OIDC keypair?"
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:50
-#: 6770309338724a4aac6439943e58b66a
+#: fe622e23c48a4ec0ba3a9e00e24cfb88
 msgid "The keypair generation can be automatically done using the :ref:`install command <cli_install>`."
 msgstr ""
 
 #: ../tutorial/troubleshooting.rst:52
-#: 2fad5ba8eca14ba293b910f7c82f5b34
+#: 2467c8ae6d2a4ba19056d44a89656984
 msgid "Canaille needs a key pair to sign OIDC tokens. You can customize those commands, as long as they match the ``JWT`` section of your configuration file."
 msgstr ""
 
 #: ../usecases.rst:4
-#: 0012c5a2aeb84b40b7ccb861a1f8ea07
+#: dde73820d8ff46128f0ae5a245d4f212
 msgid "Use cases"
 msgstr ""
 
 #: ../usecases.rst:6
-#: 8fce8afa30574f348ea6a4b5169592b6
+#: 936471ec6e494f839a45d1a5048ddbe9
 msgid "Canaille is a lightweight IAM for simple needs. Here are a few use cases you might recognize in, where Canaille would fit your needs."
 msgstr ""
 
 #: ../usecases.rst:10
-#: e00eb880854f4c38a94285e1986b96d2
+#: 0c06bc8fc0754db6bdfbae05fe718b2e
 msgid "OpenID Connect provider on top of a LDAP directory"
 msgstr ""
 
 #: ../usecases.rst:12
-#: 354d32ad706d463ab06aa17efae022cc
+#: 0ec337c5784a4dc296538609b9d75dd6
 msgid "Your organization has an historic :ref:`LDAP directory <feature_databases>` and you want to add a :ref:`OpenID Connect <feature_oidc>` :abbr:`SSO (Single Sign-On)` layer on top of it, so users can use all your application while signin-in only once, without any data migration."
 msgstr ""
 
 #: ../usecases.rst:15
-#: c80ba39e4d3d49aeb126a3a4b0cbf6ee
+#: 35bb9bbb50064dc7a5383c9d5371adfd
 msgid "Profile edition of LDAP users"
 msgstr ""
 
 #: ../usecases.rst:17
-#: f7042aa80b384749a2a1c93cdf9fb3b6
+#: 87226e31a4ef425585e8de20647d72a3
 msgid "Your organization has a :ref:`LDAP directory <feature_databases>` and you want to provide a way to your users to :ref:`edit their personal information <feature_profile_management>` by themselves, without requiring any administrator intervention."
 msgstr ""
 
 #: ../usecases.rst:20
-#: 2175f903fd7049408fb6f8bca3817ec0
+#: 22ec6d0c58ed413b80cd6aca23f637b6
 msgid "Password recovery with a LDAP directory"
 msgstr ""
 
 #: ../usecases.rst:22
-#: ee7ae8f8496c4ddd95b00953f0da7fc9
+#: 46f418970c7640f9ace069002ed337bd
 msgid "Your organization has an historic :ref:`LDAP directory <feature_databases>` and you want to provide a way to your users to :ref:`recover their password <feature_password_recovery>` when they cannot remember it, without any administrator intervention."
 msgstr ""
 
 #: ../usecases.rst:25
-#: b270514f0fac465d9792c85a85c84525
+#: f44f325b29594fc7b31521d259e27d5f
 msgid "A lightweight IAM for unit testing"
 msgstr ""
 
 #: ../usecases.rst:27
-#: 88822c2e151f43a0b5dabed7616604b7
+#: c9f537fbf3cd4b3cb0e6d140b8a2327b
 msgid "You are :ref:`developing <feature_development>` an application relying on OAuth2 or OpenID Connect to authenticate the users. You don't want to mock the calls to the identity provider in your unit tests, but you want to :ref:`perform real OAuth2/OIDC requests <feature_testing>`, and test your application against different identity provider tunings."
 msgstr ""
 
 #: ../usecases.rst:30
-#: fe21632ea9034d16b4f5da19efa0b5ac
+#: 5b9b8e07b9154150a105088cc630ce6a
 msgid "A lightweight IAM for developing"
 msgstr ""
 
 #: ../usecases.rst:32
-#: 5f85f539d8cf4500889c40f6774d6e55
+#: 7a4ff703b94e4706b5123edb0c2abe51
 msgid "You are :ref:`developing <feature_development>` an application relying on OAuth2 or OpenID Connect to authenticate the users. You need a :ref:`IAM server to develop <feature_development>` locally, but your old computer cannot bear launching a full Keycloak in a Docker container."
 msgstr ""
 
 #: ../usecases.rst:35
-#: f94e9269e0d84b20998a5dc33d17bca7
+#: e594e15fba204d65a3f483c36e7c0aab
 msgid "A lightweight IAM for CIs"
 msgstr ""
 
 #: ../usecases.rst:37
-#: c59dd6c6c59a45b6b8cc4497275c35c1
+#: ff03e5a191564f90af81c7d210a3de24
 msgid "You are :ref:`developing <feature_development>` an application relying on OAuth2 or OpenID Connect to authenticate the users. You need a IAM server that could can populate with custom data, and integrate in your :ref:`continuous integration environment <feature_ci>`."
 msgstr ""
 
 #: ../usecases.rst:40
-#: 30c0a6e8cd2f4ec1837b2147176bed17
+#: 8a37de08f6594334a3ba6ed2f9a3b71e
 msgid "A CLI to quickly edit LDAP directory users"
 msgstr ""
 
 #: ../usecases.rst:42
-#: 884abc047ac34822b7b8fcd98ddb3f88
+#: b9d55e6eeca547aabb9bbfef3998f6d2
 msgid "Your organization has an historic :ref:`LDAP directory <feature_databases>`. You are tired to deal with *ldif* syntax to manage your users and group and would prefer a simple human-readable CLI."
 msgstr ""
diff --git a/tests/core/test_totp_hotp.py b/tests/core/test_totp_hotp.py
index 7fd21e74..e3e6470e 100644
--- a/tests/core/test_totp_hotp.py
+++ b/tests/core/test_totp_hotp.py
@@ -177,7 +177,7 @@ def test_new_user_setup_otp(testclient, backend, caplog, otp_method):
     assert res.location == "/setup-2fa"
     assert (
         "info",
-        "You have not enabled Two-Factor Authentication. Please enable it first to login.",
+        "You have not enabled multi-factor authentication. Please enable it first to login.",
     ) in res.flashes
     res = testclient.get("/setup-2fa", status=200)
     assert u.secret_token == res.form["secret"].value