diff --git a/pyproject.toml b/pyproject.toml
index 3d8899b..c678e99 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = 'quorra'
 dynamic = ["version"]
-description = 'Quorra API server'
+description = 'Quorra server'
 readme = 'README.md'
 requires-python = '>=3.8'
 license = {file = 'LICENSE'}
@@ -24,13 +24,13 @@ dependencies = [
     "pillow",
     "python-multipart",
     "deepmerge",
-    "python-jose"
+    "python-jose",
+    "bech32 @ git+https://github.com/Quorra-Auth/bech32.git"
 ]
 
 [tool.setuptools]
 packages = ["quorra", "quorra.routers"]
 
-# Doesn't work, need to figure out how to add static files to Python project
 [tool.setuptools.package-data]
 "quorra" = ["fe/**"]
 
diff --git a/quorra/classes.py b/quorra/classes.py
index ddabf48..764d59c 100644
--- a/quorra/classes.py
+++ b/quorra/classes.py
@@ -34,7 +34,7 @@ class QRDataResponse(BaseModel):
     qr_image: str
 
 class DeviceRegistrationRequest(SQLModel):
-    pubkey: str
+    pubkey: str = Field(unique=True)
     name: str | None = None
 
 class Device(DeviceRegistrationRequest, table=True):
@@ -42,21 +42,6 @@ class Device(DeviceRegistrationRequest, table=True):
     user_id: str = Field(default=None, foreign_key="user.id")
 
 
-class AQRMobileStateEnum(str, Enum):
-    accepted = "accepted"
-    rejected = "rejected"
-
-# TODO: Send a device UUID as well so that the server can get a hint
-class AQRMobileIdentifyRequest(BaseModel):
-    signature: str
-    message: str
-
-class AQRMobileAuthenticateRequest(BaseModel):
-    state: AQRMobileStateEnum
-    signature: str
-    message: str
-
-
 class TokenResponse(BaseModel):
     access_token: str
     token_type: Literal["Bearer"] = "Bearer"
@@ -65,7 +50,7 @@ class TokenResponse(BaseModel):
 
 class TransactionTypes(str, Enum):
     onboarding = "onboarding"
-    aqr_oidc_login = "aqr-oidc-login"
+    ln_oidc_login = "ln-oidc-login"
 
 class TransactionGetRequest(BaseModel):
     tx_type: TransactionTypes
@@ -84,7 +69,7 @@ class Transaction(BaseModel):
     tx_id: str | None = None
 
     # TODO: shorten
-    _expiry: int = 500
+    _expiry: int = 30
     _key_name: str | None = None
 
     def __init__(self, **data):
@@ -139,8 +124,10 @@ def add_private_data(self, path, data):
     def set_contents(self, contents):
         vk.json().set(self._key_name, Path.root_path(), contents)
 
-    def prolong(self):
-        vk.expire(self._key_name, self._expiry)
+    def prolong(self, expiry: int | None = None):
+        if expiry is None:
+            expiry = self._expiry
+        vk.expire(self._key_name, expiry)
 
     def delete(self):
         vk.delete(self._key_name)
@@ -154,12 +141,20 @@ class OnboardingTransaction(Transaction):
     # TODO: Move transition checks here
     tx_type: TransactionTypes = TransactionTypes.onboarding
 
-class AqrOIDCLoginTransaction(Transaction):
-    tx_type: TransactionTypes = TransactionTypes.aqr_oidc_login
+class LnOIDCLoginTransaction(Transaction):
+    tx_type: TransactionTypes = TransactionTypes.ln_oidc_login
 
-class AqrOIDCLoginTransactionStates(str, Enum):
+class LnOIDCLoginTransactionStates(str, Enum):
     created = "created"
     identified = "identified"
     confirmed = "confirmed"
-    rejected = "rejected"
-    token_issued = "token-issued"
+    finished = "finished"
+
+
+class LNStatusEnum(str, Enum):
+    ok = "OK"
+    error = "error"
+
+class LNStatusResponse(BaseModel):
+    status: LNStatusEnum
+    reason: str | None = None
diff --git a/quorra/fe/auth/auth.js b/quorra/fe/auth/auth.js
index ca10de0..7e53dbc 100644
--- a/quorra/fe/auth/auth.js
+++ b/quorra/fe/auth/auth.js
@@ -4,6 +4,12 @@ window.onload = async function() {
   await startAqr();
 };
 
+async function findReplace(objClass, text) {
+  document.querySelectorAll(`.${objClass}`).forEach(el => {
+    el.textContent = text;
+  });
+}
+
 async function startAqr() {
   const params = new Proxy(new URLSearchParams(window.location.search), {
   get: (searchParams, prop) => searchParams.get(prop),
@@ -12,17 +18,24 @@ async function startAqr() {
   if (params.nonce) {
     args = args + `&nonce=${params.nonce}`
   }
-  const response = await fetch(`/login/start?${args}`);
+  const response = await fetch(`../../processes/login/start?${args}`);
   if (!response.ok) throw new Error("Request failed");
   data = await response.json();
   txId = data.tx_id;
+  await findReplace("clientName", params.client_name);
+  const url = new URL(params.redirect_uri);
+  var urlString = url.origin
+  if (url.protocol !== "https:") {
+    urlString = `⚠️ ${url.origin} ⚠️`
+  }
+  await findReplace("redirectURI", urlString);
   await showQrCode();
   startPolling();
 }
 
 async function showQrCode() {
-  const payload = { "tx_type": "aqr-oidc-login", "tx_id": txId };
-  const response = await fetch("/login/qr", {
+  const payload = { "tx_type": "ln-oidc-login", "tx_id": txId };
+  const response = await fetch("../../lnurl-auth/qr", {
     method: "POST",
     headers: {
       "Content-Type": "application/json"
@@ -35,8 +48,8 @@ async function showQrCode() {
 }
 
 function startPolling() {
-  const pollingUrl = `/tx/transaction`;
-  const payload = { "tx_id": txId, "tx_type": "aqr-oidc-login" }
+  const pollingUrl = `../../tx/transaction`;
+  const payload = { "tx_id": txId, "tx_type": "ln-oidc-login" }
 
   const encodeGetParams = p =>
     Object.entries(p).map(kv => kv.map(encodeURIComponent).join("=")).join("&");
@@ -55,32 +68,21 @@ function startPolling() {
         return response.json();
       })
       .then(data => {
-        console.log("Polling data:", data);
         if (data.state == "identified") {
           // Hide qr_code_div and show identified_div
           if (!qr_div.classList.contains("hidden")) {
-            qr_div.classList.add("hidden");
-          }
-          if (identified_div.classList.contains("hidden")) {
-            identified_div.classList.remove("hidden");
+            showStep("identified_div");
           }
         }
         // TODO: rejected state
         else if (data.state == "confirmed") {
-          // Hide identified_div and qr_code_div, show finished_div
-          if (!qr_div.classList.contains("hidden")) {
-            qr_div.classList.add("hidden");
-          }
-          if (!identified_div.classList.contains("hidden")) {
-            identified_div.classList.add("hidden");
-          }
-          if (finished_div.classList.contains("hidden")) {
-            finished_div.classList.remove("hidden");
-          }
+          showStep("finished_div");
 
           clearInterval(intervalId);
           redirectParams = {"code": data.data.oidc_data.code, "state": params.state, "nonce": params.nonce};
-          window.location.href = params.redirect_uri + "?" + encodeGetParams(redirectParams);
+          const redirectAddress = params.redirect_uri + "?" + encodeGetParams(redirectParams);
+          manual_redirect.href = redirectAddress;
+          window.location.href = redirectAddress;
         }
       })
       .catch(error => {
diff --git a/quorra/fe/auth/index.html b/quorra/fe/auth/index.html
index 59736b7..1aaeae1 100644
--- a/quorra/fe/auth/index.html
+++ b/quorra/fe/auth/index.html
@@ -3,29 +3,33 @@
 <head>
   <meta charset="UTF-8"/>
   <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-  <link rel="stylesheet" href="/fe/style.css"/>
+  <link rel="stylesheet" href="../style.css"/>
   <title>Quorra</title>
 </head>
 <body>
 
-  <h1>Quorra</h1>
-  <div id="qr_div">
-    <h2>Scan this QR code on your device</h2>
+  <div id="qr_div" class="step_div">
+    <h2>You're signing into</h2>
+    <h1><span class="clientName"></span></h1>
+    <small class="redirectURI"></small>
+    <p>Scan the below code using your device to proceed</p>
     <img alt="AQR Code" id="qr"></img>
     <div class="hr-text"><span>OR</span></div>
-    <a id="local_link">Use a local install</a>
+    <a id="local_link">Use a local application</a>
   </div>
 
-  <div id="identified_div" class="hidden">
+  <div id="identified_div" class="hidden step_div">
     <h2>Waiting for confirmation on your device...</h2>
   </div>
 
-  <div id="finished_div" class="hidden">
-    <h2>And you're logged in!</h2>
-    <h3>We're redirecting you back to the application</h3>
+  <div id="finished_div" class="hidden step_div">
+    <h2>✨ And you're logged in! ✨</h2>
+    <p>We're redirecting you back to <span class="clientName">the application</span>...</p>
+    <small>If the redirect doesn't work, click <a id="manual_redirect">here</a></small>
   </div>
 
   <script src="auth.js"></script>
+  <script src="../transitions.js"></script>
 </body>
 </html>
 
diff --git a/quorra/fe/onboard/index.html b/quorra/fe/onboard/index.html
index e423d11..bee6994 100644
--- a/quorra/fe/onboard/index.html
+++ b/quorra/fe/onboard/index.html
@@ -3,24 +3,30 @@
 <head>
   <meta charset="UTF-8"/>
   <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-  <link rel="stylesheet" href="/fe/style.css"/>
+  <link rel="stylesheet" href="../style.css"/>
   <title>Quorra Onboarding</title>
 </head>
 <body>
-  <h1 id="welcome_h1">Welcome to Quorra!</h1>
-  <div id="status_container"></div>
-  <div id="initial">
-    <h2>Quorra uses a mobile token to sign you in</h2>
-    <h3>Download one of our apps to get started</h3>
+  <div id="initial" class="step_div">
+    <h1>Welcome to Quorra!</h1>
+    <h3>Quorra allows you to sign in using QR codes</h3>
+    <p>Download one of our apps to get started:</p>
     <p><a href="https://github.com/k8ieone/voucher">Voucher</a> for Linux</p>
     <p><a href="https://github.com/Quorra-Auth/flare">Flare</a> for Android</p>
-    <button id="start_b" onclick="startOnboarding()">Proceed</button>
+    <div class="hr-text"><span>OR</span></div>
+    <p>
+      You can use your Lightning wallet, <br>
+      Quorra is powered by <a href=https://lightninglogin.live/learn>Lightning</a> ⚡
+    </p>
+    <button id="start_b" onclick="startOnboarding()">Let's get started!</button>
   </div>
 
-  <div id="details_form_div" class="hidden">
-    <h2>Please fill in your details</h2>
+  <div id="details_form_div" class="hidden step_div">
+    <h1>First, tell us a bit about you</h1>
+    <h3>Some services like to display a name and email</h3>
+    <p>Providing this information allows Quorra to pass this information along to your applications.</p>
     <form id="details_form">
-      <label for="username">Name:</label>
+      <label for="username">Username:</label>
       <input id="username_input" name="username" type="text" required />
 
       <label for="email">Email:</label>
@@ -30,20 +36,23 @@ <h2>Please fill in your details</h2>
     </form>
   </div>
 
-  <div id="qr_div" class="hidden">
-    <h2>Almost there!</h2>
-    <h3>Finish your registration by scanning this code with your mobile token</h3>
+  <div id="qr_div" class="hidden step_div">
+    <h1>Almost there!</h1>
+    <h3>Finish your registration by adding your first device</h3>
+    <p>Scan the below code using your chosen application</p>
     <img id="qr"/>
     <div class="hr-text"><span>OR</span></div>
-    <a id="local_link">Use a local install</a>
+    <a id="local_link">Use a local application</a>
   </div>
 
-  <div id="finished_div" class="hidden">
-    <h1>And you're done!</h1>
-    <h2>You can now start using your newly registered device to sign in with Quorra!</h2>
+  <div id="finished_div" class="hidden step_div">
+    <h1>Amazing!</h1>
+    <h3>✨ You're good to go ✨</h3>
+    <p>You can now start using your newly registered device to sign in with Quorra!</p>
   </div>
 
   <script src="onboarding.js"></script>
+  <script src="../transitions.js"></script>
 </body>
 </html>
 
diff --git a/quorra/fe/onboard/onboarding.js b/quorra/fe/onboard/onboarding.js
index eb0c663..2f1fbe4 100644
--- a/quorra/fe/onboard/onboarding.js
+++ b/quorra/fe/onboard/onboarding.js
@@ -6,7 +6,7 @@ async function getLink() {
 }
 
 async function createOnboardingLink() {
-  const response = await fetch("/onboarding/create", {
+  const response = await fetch("../../processes/onboarding/create", {
     method: "GET",
     headers: {
       "Content-Type": "application/json"
@@ -22,7 +22,7 @@ async function createOnboardingLink() {
 async function startOnboardingTransaction(onboardingLink) {
   const payload = { "link_id": onboardingLink };
 
-  const response = await fetch("/onboarding/init", {
+  const response = await fetch("../../processes/onboarding/init", {
     method: "POST",
     headers: {
       "Content-Type": "application/json"
@@ -39,7 +39,7 @@ async function startOnboardingTransaction(onboardingLink) {
 async function getOnboardingData() {
   const payload = { "tx_type": "onboarding", "tx_id": txId };
 
-  const response = await fetch("/onboarding/qr", {
+  const response = await fetch("../../lnurl-auth/qr", {
     method: "POST",
     headers: {
       "Content-Type": "application/json"
@@ -57,8 +57,7 @@ function startOnboarding() {
   const params = new Proxy(new URLSearchParams(window.location.search), {
     get: (searchParams, prop) => searchParams.get(prop),
   });
-  document.getElementById("initial").classList.add("hidden");
-  document.getElementById("details_form_div").classList.remove("hidden");
+  showStep("details_form_div");
 
   document.getElementById("details_form").addEventListener("submit", async function(e) {
     e.preventDefault();
@@ -69,7 +68,7 @@ function startOnboarding() {
     const payload = { "tx_id": txId, "data": { "username": name, "email": email }, "tx_type": "onboarding" };
 
     try {
-      const response = await fetch("/onboarding/entry", {
+      const response = await fetch("../../processes/onboarding/entry", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify(payload),
@@ -80,10 +79,9 @@ function startOnboarding() {
       const result = await response.json();
       const onboardingData = await getOnboardingData();
 
-      document.getElementById("details_form_div").classList.add("hidden");
-      document.getElementById("qr_div").classList.remove("hidden");
       document.getElementById("qr").src = onboardingData.qr_image;
       document.getElementById("local_link").href = onboardingData.link;
+      showStep("qr_div");
 
     } catch (error) {
       console.error(error);
@@ -94,7 +92,7 @@ function startOnboarding() {
 }
 
 function startPolling() {
-  const pollingUrl = `/tx/transaction`;
+  const pollingUrl = `../../tx/transaction`;
   const payload = { "tx_id": txId, "tx_type": "onboarding" }
 
   const intervalId = setInterval(() => {
@@ -112,9 +110,7 @@ function startPolling() {
         if (data.state == "finished") {
           // Hide qr_code_div and show identified_div
           clearInterval(intervalId);
-          document.getElementById("qr_div").classList.add("hidden");
-          document.getElementById("welcome_h1").classList.add("hidden");
-          document.getElementById("finished_div").classList.remove("hidden");
+          showStep("finished_div");
         }
       })
       .catch(error => {
diff --git a/quorra/fe/style.css b/quorra/fe/style.css
index c2ba4cd..3bebc64 100644
--- a/quorra/fe/style.css
+++ b/quorra/fe/style.css
@@ -1,28 +1,52 @@
+:root {
+  color-scheme: light dark;
+  accent-color: var(--accent);
+
+  --bg: #f5f5f5;
+  --text: #111;
+  --card: #ffffff;
+  --muted: #666;
+  --border: #ccc;
+  --shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
+  --button: #007BFF;
+  --button-hover: #0056b3;
+  --accent: #007BFF;
+  --accent-text: #ffffff;
+  --accent-hover: #0056b3;
+}
+
 body {
   font-family: Arial, sans-serif;
-  padding: 40px;
-  background-color: #f5f5f5;
+  margin: 0;
+  min-height: 100dvh;
+
+  /* center the page content */
+  display: grid;
+  place-content: center;
+  justify-items: center;
+  gap: 1.25rem;
+
+  background-color: var(--bg);
+  color: var(--text);
   text-align: center;
 }
 button {
   font-size: 18px;
   padding: 10px 20px;
-  background-color: #007BFF;
-  color: white;
+  background-color: var(--accent);
+  color: var(--accent-text);
   border: none;
   border-radius: 8px;
   cursor: pointer;
+  margin: 1rem auto;
 }
 button:hover {
-  background-color: #0056b3;
+  background-color: var(--accent-hover);
+}
+a {
+  color: var(--accent);
 }
 form {
-  max-width: 400px;
-  margin: auto;
-  padding: 2rem;
-  background: white;
-  border-radius: 12px;
-  box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
   display: flex;
   flex-direction: column;
 }
@@ -33,14 +57,39 @@ label {
 input {
   padding: 0.75rem;
   font-size: 1rem;
+  background: var(--card);
+  color: var(--text);
   border-radius: 8px;
-  border: 1px solid #ccc;
+  border: 1px solid var(--border);
   margin-bottom: 1rem;
 }
+.step_div {
+  max-width: 400px;
+  min-width: 320px;
+  margin: 10%;
+  padding: 1.25rem;
+  background: var(--card);
+  box-shadow: var(--shadow);
+  border-radius: 12px;
+  transition: opacity 220ms ease, transform 220ms ease;
+  will-change: opacity, transform;
+}
+/* Exit animation */
+.step_div.is-exiting {
+  opacity: 0;
+  transform: translateY(-10px);
+}
+
+/* Enter animation (starts hidden-looking, then animates to normal) */
+.step_div.is-entering {
+  opacity: 0;
+  transform: translateY(10px);
+}
 #qr {
-  max-width: 100%;
+  width: 90%;
   height: auto;
-  margin: 1rem 0;
+  display: block;
+  margin: 1rem auto;
   border-radius: 8px;
 }
 .hr-text {
@@ -48,20 +97,64 @@ input {
   align-items: center;
   text-align: center;
   width: 30%;
-  margin: 2rem auto;
-  color: #666;
+  margin: 1rem auto;
+  color: var(--muted);
 }
 .hr-text::before,
 .hr-text::after {
   content: "";
   flex: 1;
-  border-top: 1px solid #ccc;
+  border-top: 1px solid var(--border);
 }
 .hr-text span {
   padding: 0 0.5em;
-  background: #f5f5f5;
+  background: var(--card);
   font-size: 0.9rem;
 }
 .hidden {
   display: none;
 }
+
+/* Dark mode overrides based on OS preference */
+@media (prefers-color-scheme: dark) {
+  :root {
+    --bg: #0f1115;
+    --text: #e8eaf0;
+    --card: #171a21;
+    --muted: #a7adbb;
+    --border: #2a2f3a;
+    --shadow: 0 2px 14px rgba(0, 0, 0, 0.55);
+    --button: #3b82f6;
+    --button-hover: #2563eb;
+  }
+}
+
+/* Prefer the OS accent color when supported */
+@supports (color: AccentColor) {
+  :root {
+    --accent: AccentColor;
+    --accent-text: AccentColorText;
+  }
+}
+
+/* Nice automatic hover color derived from the accent (when supported) */
+@supports (background: color-mix(in srgb, black, white)) {
+  :root {
+    --accent-hover: color-mix(in srgb, var(--accent), black 18%);
+  }
+}
+
+/* Optional: focus ring that also follows the accent */
+button:focus-visible,
+a:focus-visible,
+input:focus-visible {
+  outline: 3px solid color-mix(in srgb, var(--accent), transparent 55%);
+  outline-offset: 3px;
+}
+
+/* Respect users who prefer reduced motion */
+@media (prefers-reduced-motion: reduce) {
+  .step_div {
+    transition: none;
+  }
+}
diff --git a/quorra/fe/transitions.js b/quorra/fe/transitions.js
new file mode 100644
index 0000000..b5af51f
--- /dev/null
+++ b/quorra/fe/transitions.js
@@ -0,0 +1,60 @@
+function forceReflow(el) {
+  // Forces the browser to apply the current styles immediately
+  el.getBoundingClientRect();
+}
+
+async function waitForTransition(el) {
+  const { transitionDuration, transitionDelay } = getComputedStyle(el);
+
+  const toMs = (s) =>
+    s.split(",")
+      .map(v => v.trim())
+      .map(v => v.endsWith("ms") ? parseFloat(v) : parseFloat(v) * 1000);
+
+  const durations = toMs(transitionDuration);
+  const delays = toMs(transitionDelay);
+
+  const totalMs = Math.max(
+    ...durations.map((d, i) => d + (delays[i] ?? delays[0] ?? 0)),
+    0
+  );
+
+  if (totalMs === 0) return Promise.resolve();
+
+  return new Promise((resolve) => {
+    const done = () => resolve();
+    el.addEventListener("transitionend", done, { once: true });
+    setTimeout(done, totalMs + 50);
+  });
+}
+
+async function showStep(nextId) {
+  const next = document.getElementById(nextId);
+  if (!next) return;
+
+  const current = document.querySelector(".step_div:not(.hidden)");
+  if (current === next) return;
+
+  // Exit current
+  if (current) {
+    current.classList.add("is-exiting");
+    await waitForTransition(current);
+
+    current.classList.add("hidden");
+    current.classList.remove("is-exiting");
+    current.setAttribute("aria-hidden", "true");
+  }
+
+  // Enter next (important order)
+  next.classList.add("is-entering");   // 1) set start state (opacity 0, translated)
+  next.classList.remove("hidden");     // 2) make it participate in layout/paint
+  next.setAttribute("aria-hidden", "false");
+
+  forceReflow(next);                  // 3) ensure start state is committed
+
+  requestAnimationFrame(() => {       // 4) transition to final state
+    next.classList.remove("is-entering");
+  });
+}
+
+window.showStep = showStep;
diff --git a/quorra/main.py b/quorra/main.py
index a542f7f..66681e6 100644
--- a/quorra/main.py
+++ b/quorra/main.py
@@ -9,15 +9,12 @@
 
 from . import __version__
 
-from .routers import onboarding
-from .routers import mobile
-from .routers import login
-from .routers import oidc
-from .routers import tx
+from .routers import (
+    onboarding, login,
+    lnurlauth, oidc, tx
+)
 
-from .database import engine
-from .database import SessionDep
-from .database import vk
+from .database import engine, SessionDep, vk
 
 from valkey.exceptions import ResponseError
 from valkey.commands.search.field import TagField
@@ -35,15 +32,15 @@ async def prep_valkey():
     await create_oidc_at_index()
 
 async def create_drt_index():
-    idx = vk.ft("idx:device_registration_token")
-    schema = (TagField("$.data.device_registration.token", as_name="device_registration_token"))
+    idx = vk.ft("idx:ln_k1")
+    schema = (TagField("$.data.ln.k1", as_name="ln_k1"))
     try:
         idx.info()
     except ResponseError:
         idx.create_index(
             schema,
             definition=IndexDefinition(
-                prefix=["onboarding:"],
+                prefix=["ln-oidc-login:", "onboarding:"],
                 index_type=IndexType.JSON
             )
         )
@@ -59,7 +56,7 @@ async def create_oidc_code_index():
         idx.create_index(
             schema,
             definition=IndexDefinition(
-                prefix=["aqr-oidc-login:"],
+                prefix=["ln-oidc-login:"],
                 index_type=IndexType.JSON
             )
         )
@@ -75,7 +72,7 @@ async def create_oidc_at_index():
         idx.create_index(
             schema,
             definition=IndexDefinition(
-                prefix=["aqr-oidc-login:"],
+                prefix=["ln-oidc-login:"],
                 index_type=IndexType.JSON
             )
         )
@@ -103,15 +100,15 @@ async def healthcheck(session: SessionDep):
     return {"health": "ok"}
 
 
-app.include_router(onboarding.router, prefix="/onboarding", tags=["New user onboarding"])
-app.include_router(login.router, prefix="/login", tags=["Login session management"])
-app.include_router(mobile.router, prefix="/mobile", tags=["Mobile endpoints"])
+app.include_router(onboarding.router, prefix="/processes/onboarding", tags=["Onboarding process endpoints"])
+app.include_router(login.router, prefix="/processes/login", tags=["Login process endpoints"])
+app.include_router(lnurlauth.router, prefix="/lnurl-auth", tags=["Lightning login endpoints"])
 app.include_router(oidc.router, prefix="/oidc", tags=["OIDC"])
 app.include_router(tx.router, prefix="/tx", tags=["Transaction management"])
 
 fe_dir = importlib.resources.files("quorra") / "fe"
-app.mount("/fe", StaticFiles(directory=fe_dir), name="static")
+app.mount("/fe", StaticFiles(directory=fe_dir, html=True), name="static")
 
 @app.get("/", include_in_schema=False)
 async def root_redirect():
-    return RedirectResponse(url="/fe/onboard/index.html")
+    return RedirectResponse(url="/fe/onboard/")
diff --git a/quorra/routers/lnurlauth.py b/quorra/routers/lnurlauth.py
new file mode 100644
index 0000000..0acd5be
--- /dev/null
+++ b/quorra/routers/lnurlauth.py
@@ -0,0 +1,143 @@
+from typing import Annotated
+
+from fastapi import APIRouter, Header
+from sqlmodel import select
+
+from fastapi import HTTPException
+
+from uuid import uuid4
+import json
+import base64
+import bech32
+import random
+
+from sqlalchemy.exc import IntegrityError
+
+from ..classes import (
+    User, Device,
+    Transaction, TransactionTypes,
+    ErrorResponse, QRDataResponse, LNStatusResponse, LNStatusEnum
+)
+
+from cryptography.hazmat.primitives.asymmetric.ec import (
+    ECDSA,
+    SECP256K1,
+    EllipticCurvePublicKey,
+)
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature, Prehashed
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
+from cryptography.exceptions import InvalidSignature
+
+from valkey.commands.search.query import Query
+
+from .oidc import store_oidc_code
+
+from ..database import SessionDep
+from ..database import vk
+
+from ..utils import generate_qr
+from ..utils import escape_valkey_tag
+from ..utils import generate_qr
+from ..config import server_url
+
+router = APIRouter()
+
+async def verify_signature(k1: str, sig: str, key: str) -> bool:
+    pubkey_bytes = bytes.fromhex(key)
+    pubkey = EllipticCurvePublicKey.from_encoded_point(SECP256K1(), pubkey_bytes)
+    k1_bytes = bytes.fromhex(k1)
+    signature_bytes = bytes.fromhex(sig)
+    try:
+        pubkey.verify(signature_bytes, k1_bytes, ECDSA(Prehashed(hashes.SHA256())))
+    except InvalidSignature:
+        return False
+    return True
+
+
+# TODO: Correct error response
+@router.get("/register", response_model=None, responses={403: {"model": ErrorResponse}})
+async def ln_register(session: SessionDep, k1: str, tag: str, sig: str, key: str, action: str | None = None) -> LNStatusResponse:
+    """Finishes device registration."""
+    if not await verify_signature(k1, sig, key):
+        raise HTTPException(status_code=403, detail="Invalid signature")
+    safe_k1 = escape_valkey_tag(k1)
+    q = Query(f"@ln_k1:{{{safe_k1}}}")
+    res = vk.ft("idx:ln_k1").search(q)
+    if res.total == 1:
+        tx_id = res.docs[0]["id"].split(":")[-1]
+        tx = Transaction.load(TransactionTypes.onboarding.value, tx_id)
+        # OPTION 1 - new user registration - transaction data contains the entry object
+        if "entry" in tx._private_data:
+            user_details = tx._private_data["entry"]
+            u: User = User(id=str(uuid4()), username=user_details["username"], email=user_details["email"])
+            session.add(u)
+            session.commit()
+            session.refresh(u)
+            uid: int = u.id
+    # TODO: OPTION 2 - user exists, only register device - the transaction should contain an existing user ID
+    else:
+        raise HTTPException(status_code=403, detail="Token invalid")
+    d: Device = Device(pubkey=key, user_id=uid, id=str(uuid4()))
+    session.add(d)
+    try:
+        session.commit()
+    except IntegrityError:
+        # TODO: Proper status code
+        raise HTTPException(status_code=403, detail="This public key already exists in a different device")
+    session.refresh(d)
+    # TODO: Pass the error back into the transaction if anything fails
+    tx.set_state("finished")
+    return LNStatusResponse(status=LNStatusEnum.ok)
+
+
+# TODO: Implement for LN
+# @router.post("/aqr/identify", response_model=None, responses={403: {"model": ErrorResponse}})
+# async def aqr_identify(db_session: SessionDep):
+#     return None
+
+
+# TODO: Correct error response
+@router.get("/authenticate", response_model=None, responses={404: {"model": ErrorResponse}})
+async def ln_authenticate(session: SessionDep, k1: str, tag: str, sig: str, key: str, action: str | None = None) -> LNStatusResponse:
+    if not await verify_signature(k1, sig, key):
+        raise HTTPException(status_code=403, detail="Invalid signature")
+    safe_k1 = escape_valkey_tag(k1)
+    q = Query(f"@ln_k1:{{{safe_k1}}}")
+    res = vk.ft("idx:ln_k1").search(q)
+    if res.total == 1:
+        tx_id = res.docs[0]["id"].split(":")[-1]
+        tx = Transaction.load(TransactionTypes.ln_oidc_login.value, tx_id)
+        # TODO: Exception handling here
+        # could be that a valid signature is presented but the device doesn't exist
+        device = session.exec(select(Device).where(Device.pubkey == key)).one()
+        user = session.exec(select(User).where(User.id == device.user_id)).one()
+        tx.add_private_data(".user", {"uid": user.id, "device-id": device.id})
+        await store_oidc_code(tx)
+        tx.set_state("confirmed")
+    return LNStatusResponse(status=LNStatusEnum.ok)
+
+
+@router.post("/qr", responses={404: {"model": ErrorResponse}})
+def qr_gen(rq: Transaction) -> QRDataResponse:
+    """Generates a QR code for the frontend"""
+    tx = Transaction.load(rq.tx_type.value, rq.tx_id)
+    if tx.tx_type is TransactionTypes.ln_oidc_login:
+        endpoint = "authenticate"
+        action = "login"
+    elif tx.tx_type is TransactionTypes.onboarding:
+        endpoint = "register"
+        action = "register"
+    else:
+        # TODO: Proper status code
+        raise HTTPException(status_code=404, detail="Invalid transaction type")
+    if tx is None:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    elif "ln" not in tx.data or "k1" not in tx.data["ln"]:
+        # TODO: Choose a more suitable status code
+        raise HTTPException(status_code=404, detail="k1 not present in transaction")
+    link = "{}/lnurl-auth/{}?k1={}&tag={}&action={}&server=quorra".format(server_url, endpoint, tx.data["ln"]["k1"], "login", action)
+    qr_content = "lightning:{}".format(bech32.encode_bytes("lnurl", link.encode()))
+    qr_image = generate_qr(qr_content)
+    return QRDataResponse(link=qr_content, qr_image=qr_image)
diff --git a/quorra/routers/login.py b/quorra/routers/login.py
index e1a53af..c3d705b 100644
--- a/quorra/routers/login.py
+++ b/quorra/routers/login.py
@@ -6,16 +6,17 @@
 from fastapi import HTTPException
 
 import json
+import random
 
-from ..classes import Device
-from ..classes import ErrorResponse
-from ..classes import QRDataResponse, Transaction, AqrOIDCLoginTransaction
-from ..classes import TransactionTypes
+from ..classes import (
+    Device,
+    Transaction, TransactionTypes,
+    ErrorResponse, QRDataResponse
+)
 
 from ..database import SessionDep
 from ..database import vk
 
-from ..utils import generate_qr
 from ..config import server_url
 
 
@@ -25,25 +26,13 @@
 @router.get("/start", status_code=201)
 async def login_start(client_id: str, scope: str, nonce: str | None = None) -> Transaction:
     """Starts a new login session."""
-    tx = Transaction.new("aqr-oidc-login")
+    tx = Transaction.new("ln-oidc-login")
     tx_id = tx.tx_id
-    qr_content = "quorra+{}/mobile/login?s={}".format(server_url, tx_id)
-    qr_image = generate_qr(qr_content)
+    k1 = random.randbytes(32).hex()
+    tx.add_data(".ln", {"k1": k1})
     oidc_context = {"client-id": client_id, "scope": scope}
     if nonce is not None:
         oidc_context["nonce"] = nonce
     tx.add_data(".oidc_data", oidc_context)
     return tx
 
-# TODO: Rotating login codes
-@router.post("/qr", responses={404: {"model": ErrorResponse}})
-def qr_gen(rq: Transaction) -> QRDataResponse:
-    """Generates an AQR for the frontend"""
-    tx = Transaction.load(TransactionTypes.aqr_oidc_login.value, rq.tx_id)
-    if tx is None:
-        raise HTTPException(status_code=404, detail="Transaction not found")
-    if "oidc_data" not in tx.data:
-        raise HTTPException(status_code=404, detail="OIDC data is missing in transaction data")
-    link = "quorra+{}/mobile/login?s={}".format(server_url, tx.tx_id)
-    qr_image = generate_qr(link)
-    return QRDataResponse(link=link, qr_image=qr_image)
diff --git a/quorra/routers/mobile.py b/quorra/routers/mobile.py
deleted file mode 100644
index 6b5f3b4..0000000
--- a/quorra/routers/mobile.py
+++ /dev/null
@@ -1,117 +0,0 @@
-from typing import Annotated
-
-from fastapi import APIRouter, Header
-from sqlmodel import select
-
-from fastapi import HTTPException
-
-from uuid import uuid4
-import json
-import base64
-
-from ..classes import DeviceRegistrationRequest, User, Device, Transaction
-from ..classes import AQRMobileIdentifyRequest, AQRMobileAuthenticateRequest
-from ..classes import ErrorResponse, AqrOIDCLoginTransactionStates
-
-from cryptography.hazmat.primitives.asymmetric import ed25519
-from cryptography.hazmat.primitives import serialization
-from cryptography.exceptions import InvalidSignature
-
-from valkey.commands.search.query import Query
-
-from .oidc import store_oidc_code
-
-from ..database import SessionDep
-from ..database import vk
-
-from ..utils import generate_qr
-from ..utils import escape_valkey_tag
-from ..config import server_url
-
-router = APIRouter()
-
-# TODO: Return the device ID for future use as a hint for the server
-@router.post("/register", status_code=201, response_model=None, responses={403: {"model": ErrorResponse}})
-async def register_device(rq: DeviceRegistrationRequest, session: SessionDep, x_registration_token: Annotated[str, Header()]):
-    """Finishes device registration.
-
-    Can either use a user or a device registration token.
-
-    If a device registration token is used, a user ID is also required.
-    The device will be added to the matched user.
-
-    If a user registration token is used, a new user is created.
-    """
-    # OPTION 1 - new user registration
-    safe_token = escape_valkey_tag(x_registration_token)
-    q = Query(f"@device_registration_token:{{{safe_token}}}")
-    res = vk.ft("idx:device_registration_token").search(q)
-    if res.total == 1:
-        # Finds the matching transaction
-        tx_id = res.docs[0]["id"].split(":")[-1]
-        tx = Transaction.load("onboarding", tx_id)
-        user_details = tx._private_data["entry"]
-        u: User = User(id=str(uuid4()), username=user_details["username"], email=user_details["email"])
-        session.add(u)
-        session.commit()
-        session.refresh(u)
-        tx.set_state("finished")
-        uid: int = u.id
-    # TODO: Adding a new device to an existing user
-    # TODO: OPTION 2 - user exists, only register device
-    # TODO: Fill with logic to find the user ID
-    else:
-        raise HTTPException(status_code=403, detail="Token invalid")
-    d: Device = Device(**rq.dict(), user_id=uid, id=str(uuid4()))
-    session.add(d)
-    session.commit()
-    session.refresh(d)
-    return None
-
-
-# TODO: Use UUID hints from the device
-@router.post("/aqr/identify", response_model=None, responses={403: {"model": ErrorResponse}})
-async def aqr_identify(rq: AQRMobileIdentifyRequest, db_session: SessionDep, session: str):
-    tx = Transaction.load("aqr-oidc-login", session)
-    if tx.state != AqrOIDCLoginTransactionStates.created.value:
-        raise HTTPException(status_code=403, detail="Session already identified")
-    devices = db_session.exec(select(Device)).all()
-    device_found = False
-    for device in devices:
-        key = ed25519.Ed25519PublicKey.from_public_bytes(base64.b64decode(device.pubkey))
-        try:
-            key.verify(base64.b64decode(rq.signature), rq.message.encode('utf-8'))
-        except InvalidSignature:
-            pass
-        else:
-            device_found = True
-            matched_device = device
-            break
-    if device_found:
-        tx.add_private_data(".user", {"device-id": matched_device.id})
-        tx.set_state("identified")
-    else:
-        raise HTTPException(status_code=403, detail="No matching device")
-    return None
-
-
-@router.post("/aqr/authenticate", response_model=None, responses={404: {"model": ErrorResponse}})
-async def aqr_authenticate(rq: AQRMobileAuthenticateRequest, db_session: SessionDep, session: str):
-    tx = Transaction.load("aqr-oidc-login", session)
-    device_id = tx._private_data["user"]["device-id"]
-    device = db_session.exec(select(Device).where(Device.id == device_id)).one()
-    key = ed25519.Ed25519PublicKey.from_public_bytes(base64.b64decode(device.pubkey))
-    try:
-        key.verify(base64.b64decode(rq.signature), rq.message.encode('utf-8'))
-    except InvalidSignature:
-        raise HTTPException(status_code=403, detail="Signature invalid")
-    else:
-        if rq.state == "accepted":
-            user = db_session.exec(select(User).where(User.id == device.user_id)).one()
-            tx.add_private_data(".user", {"uid": user.id})
-            await store_oidc_code(tx)
-            tx.set_state("confirmed")
-        elif rq.state == "rejected":
-            pass
-            # TODO: Figure out what to do here
-    return None
diff --git a/quorra/routers/oidc.py b/quorra/routers/oidc.py
index 318cd88..e607cc3 100644
--- a/quorra/routers/oidc.py
+++ b/quorra/routers/oidc.py
@@ -10,9 +10,10 @@
 
 from ..config import server_url, oidc_clients
 
-from ..classes import ErrorResponse
-from ..classes import TokenResponse
-from ..classes import User, Transaction
+from ..classes import (
+    User, Transaction,
+    TokenResponse, ErrorResponse
+)
 
 from valkey.commands.search.query import Query
 
@@ -60,10 +61,10 @@ async def authorize(client_id: str, redirect_uri: str, state: str, scope: str, n
         raise HTTPException(status_code=400, detail="Invalid client")
     if redirect_uri not in client["redirect_uris"]:
         raise HTTPException(status_code=400, detail="Invalid client")
-    args = {"client_id": client_id, "redirect_uri": redirect_uri, "state": state, "scope": scope}
+    args = {"client_id": client_id, "redirect_uri": redirect_uri, "state": state, "scope": scope, "client_name": client["friendly_name"]}
     if nonce is not None:
         args["nonce"] = nonce
-    redirect_url = url_encoder("/fe/auth/index.html", **args)
+    redirect_url = url_encoder("/fe/auth/", **args)
     return RedirectResponse(url=redirect_url)
 
 
@@ -98,7 +99,7 @@ async def token(db_session: SessionDep, request: Request, grant_type: str = Form
     res = vk.ft("idx:oidc_code").search(q)
     if res.total == 1:
         tx_id = res.docs[0]["id"].split(":")[-1]
-        tx = Transaction.load("aqr-oidc-login", tx_id)
+        tx = Transaction.load("ln-oidc-login", tx_id)
     else:
         raise HTTPException(status_code=400, detail="invalid_grant")
     # Final checks before issuing the ID token
@@ -107,6 +108,8 @@ async def token(db_session: SessionDep, request: Request, grant_type: str = Form
         raise HTTPException(status_code=400, detail="invalid_client")
     elif client_secret != client["client_secret"]:
         raise HTTPException(status_code=401, detail="unauthorized_client")
+    if tx.state != "confirmed":
+        raise HTTPException(status_code=401, detail="Transaction state invalid")
     user: str = tx._private_data["user"]["uid"]
     token_claims = {"sub": user, "aud": client_id, "iss": issuer}
     if "nonce" in tx.data["oidc_data"]:
@@ -120,15 +123,15 @@ async def token(db_session: SessionDep, request: Request, grant_type: str = Form
     id_token = generate_token(token_claims)
     access_token = str(uuid4())
     tx.add_private_data(".oidc_data", {"access_token": access_token})
-    tx.set_state("token-issued")
-    # TODO: Real access-tokens
+    tx.set_state("finished")
+    # TODO: Configurable AT expiry
+    tx.prolong(1800)
     return TokenResponse(id_token=id_token, access_token=access_token)
 
 
 # TODO: Implement checking scopes
 @router.get("/userinfo", responses={401: {"model": ErrorResponse}})
 def userinfo(authorization: Annotated[str | None, Header(alias="Authorization")] = None):
-    print(authorization)
     if not authorization.startswith("Bearer "):
         raise HTTPException(status_code=401, detail="unauthorized")
     access_token = authorization.removeprefix("Bearer ")
@@ -137,7 +140,7 @@ def userinfo(authorization: Annotated[str | None, Header(alias="Authorization")]
     res = vk.ft("idx:oidc_at").search(q)
     if res.total == 1:
         tx_id = res.docs[0]["id"].split(":")[-1]
-        tx = Transaction.load("aqr-oidc-login", tx_id)
+        tx = Transaction.load("ln-oidc-login", tx_id)
     else:
         raise HTTPException(status_code=401, detail="unauthorized")
     user = tx._private_data["user"]["uid"]
diff --git a/quorra/routers/onboarding.py b/quorra/routers/onboarding.py
index ff355af..53d136e 100644
--- a/quorra/routers/onboarding.py
+++ b/quorra/routers/onboarding.py
@@ -7,18 +7,18 @@
 
 from uuid import uuid4
 import json
+import random
 
-from ..classes import OnboardingLink, User
-from ..classes import OnboardingTransaction, OnboardingTransactionStates
-from ..classes import RegistrationRequest, QRDataResponse
-from ..classes import TransactionTypes, Transaction, TransactionUpdateRequest
-from ..classes import ErrorResponse
+from ..classes import (
+    OnboardingLink, User,
+    OnboardingTransaction, OnboardingTransactionStates,
+    RegistrationRequest,
+    TransactionTypes, Transaction, TransactionUpdateRequest,
+    ErrorResponse
+)
 
-from ..database import SessionDep
-from ..database import vk
+from ..database import SessionDep, vk
 
-from ..utils import generate_qr
-from ..config import server_url
 from ..config import config
 
 router = APIRouter()
@@ -42,8 +42,6 @@ async def create(session: SessionDep, x_self_service_token: Annotated[str | None
     session.add(link)
     session.commit()
     session.refresh(link)
-    print("Debug only!!!")
-    print("http://localhost:8080/fe/onboard/index.html?link={}".format(link.link_id))
     return link
 
 @router.post("/init", responses={404: {"model": ErrorResponse}})
@@ -60,7 +58,7 @@ async def init(req: RegistrationRequest, session: SessionDep) -> OnboardingTrans
 @router.post("/entry", responses={404: {"model": ErrorResponse}})
 def entry(rq: TransactionUpdateRequest) -> Transaction:
     """Adds the user context to the onboarding transaction"""
-    token: str = str(uuid4())
+    k1: str = str(random.randbytes(32).hex())
     tx = Transaction.load(TransactionTypes.onboarding.value, rq.tx_id)
     if tx is None:
         raise HTTPException(status_code=404, detail="Transaction not found")
@@ -68,28 +66,8 @@ def entry(rq: TransactionUpdateRequest) -> Transaction:
         raise HTTPException(status_code=403, detail="Transaction has already been filled")
     if "username" in rq.data and "email" in rq.data:
         entry_data = {"username": rq.data["username"], "email": rq.data["email"]}
-        tx.add_data(".device_registration", {"token": token})
+        tx.add_data(".ln", {"k1": k1})
         tx.add_private_data(".entry", entry_data)
         tx.set_state(OnboardingTransactionStates.filled.value)
     return tx
 
-# TODO: Rotating device registration tokens
-@router.post("/qr", responses={404: {"model": ErrorResponse}})
-def qr_gen(rq: Transaction) -> QRDataResponse:
-    """Generates an onboarding QR code for the frontend"""
-    tx = Transaction.load(TransactionTypes.onboarding.value, rq.tx_id)
-    if tx is None:
-        raise HTTPException(status_code=404, detail="Transaction not found")
-    if "device_registration" not in tx.data or "token" not in tx.data["device_registration"]:
-        raise HTTPException(status_code=404, detail="Mobile token is missing in transaction data")
-    token = tx.data["device_registration"]["token"]
-    link = "quorra+{}/mobile/register?t={}".format(server_url, token)
-    qr_image = generate_qr(link)
-    return QRDataResponse(link=link, qr_image=qr_image)
-
-@router.post("/finish", responses={404: {"model": ErrorResponse}})
-def finish(rq: TransactionUpdateRequest) -> Transaction:
-    """Debug only - finish a transaction"""
-    tx = Transaction.load(TransactionTypes.onboarding.value, rq.tx_id)
-    tx.set_state(OnboardingTransactionStates.finished.value)
-    return tx
diff --git a/quorra/routers/tx.py b/quorra/routers/tx.py
index 331caf9..678c723 100644
--- a/quorra/routers/tx.py
+++ b/quorra/routers/tx.py
@@ -34,12 +34,7 @@ async def get_transaction(rq: TransactionGetRequest) -> Transaction:
     tx = Transaction.load(rq.tx_type.value, rq.tx_id)
     if tx is None:
         raise HTTPException(status_code=404, detail="Transaction not found")
-    if tx.state != "finished":
-        tx.prolong()
-    return tx
-
-@router.post("/create_transaction", status_code=201, response_model=Transaction, responses={401: {"model": ErrorResponse}, 403: {"model": ErrorResponse}, 404: {"model": ErrorResponse}})
-async def create_transaction(rq: TransactionCreateRequest, session: SessionDep):
-    """Start a new transaction."""
-    tx = Transaction.new(rq.tx_type.value)
+    if tx.tx_type == "ln-oidc-login" and tx.state == "finished":
+        raise HTTPException(status_code=403, detail="Transaction private")
+    tx.prolong()
     return tx