Add connected apps permission center

[Jim8y]

Scope

• Add per-wallet connected dApp persistence backed by Settings.
• Record connected dApp domains after in-app and external authentication.
• Gate dAPI getAccounts on an active connected-dApp grant.
• Add a Security Center entry and a Connected Apps page for reviewing permissions, disconnecting one dApp, or clearing all connections.
• Localize the new UI in English and Simplified Chinese.

Verification

• git diff --check
• iOS simulator build: dotnet build OneGateApp/OneGateApp.csproj -f net10.0-ios -p:RuntimeIdentifier=iossimulator-arm64 -p:BuildIpa=false -p:EnableCodeSigning=false
• Android arm64 build: dotnet build OneGateApp/OneGateApp.csproj -f net10.0-android -p:RuntimeIdentifier=android-arm64 -p:EmbedAssembliesIntoApk=true
• Installed and verified on iPhone 17 Pro / iOS 26.5 simulator.
• Installed and verified on Android emulator-5554 / Android 16 arm64.
• Seeded simulator-only N3 Governance connection data to verify the populated state on both platforms.
• Verified Android disconnect flow: swipe menu, confirmation popup, immediate empty state, disabled Clear action.

Screenshots

• Android: https://tmpfiles.org/dl/wrw9dpGF0GpH/onegate-connected-apps-android-final.png
• iOS: https://tmpfiles.org/dl/w1wrdQGC7LwE/onegate-connected-apps-ios-final.png

Known limitations

• This PR tracks the connected wallet-account read grant. Transaction and signature requests still require per-request approval. More granular per-method permission scopes can be added later.
• Existing NU1903 warnings for SQLitePCLRaw remain unrelated to this change.

[Jim8y]

Review update: NEP-21 getAccounts consent + refreshed screenshots

Addressed Erik review by moving connected-app account-read authorization to getAccounts instead of authenticate:

• authenticate no longer stores or refreshes a connected dApp grant; it remains only a sign-in/authentication flow.
• getAccounts now asks for account-read consent when no grant exists.
• successful getAccounts calls now call ConnectAsync, which records a new grant or refreshes LastUsedAt for the existing grant.
• Connected Apps copy now consistently describes getAccounts account access instead of generic connect/authenticate access.
• all declared app languages now include the Connected Apps resource keys, so these new strings do not fall back to English in other supported locales.

Screenshots are GitHub Release assets from the fork and are not committed to this repository.

Platform	Screenshot
iOS Simulator - iPhone 17 Pro, iOS 26.5
Android Emulator - Android 16 arm64, emulator-5554

Validation:

• iOS build passed: dotnet build OneGateApp/OneGateApp.csproj -f net10.0-ios -p:RuntimeIdentifier=iossimulator-arm64 -p:BuildIpa=false -p:EnableCodeSigning=false
• Android build passed: dotnet build OneGateApp/OneGateApp.csproj -f net10.0-android -p:RuntimeIdentifier=android-arm64 -p:EmbedAssembliesIntoApk=true
• iOS Simulator verified: Settings → Security Center → Connected Apps shows getAccounts/account-access wording.
• Android Emulator verified: Settings → Security Center → Connected Apps shows getAccounts/account-access wording; crash buffer was empty.

Known existing build warning: SQLitePCLRaw NU1903 remains unrelated to this PR.

[Copilot]

Pull request overview

This PR introduces a “Connected Apps” permission center that persists per-wallet connected dApp grants in Settings, records connections after authentication, gates dAPI getAccounts behind an active grant, and adds UI + localization for reviewing and revoking those connections.

Changes:

• Add ConnectedDAppService + ConnectedDApp model to persist connected dApps per wallet.
• Record connected domains after in-app and external authentication; gate dAPI GetAccounts.
• Add Security Center entry + Connected Apps management page, with EN / zh-Hans strings.

Reviewed changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
OneGateApp/Services/ConnectedDAppService.cs	New persistence service for per-wallet connected dApp grants (load/connect/disconnect).
OneGateApp/Models/ConnectedDApp.cs	Model for connected dApp data plus display/format helpers for UI.
OneGateApp/Pages/ConnectedAppsPage.xaml	New UI page for listing connected dApps and showing permission summary/empty state.
OneGateApp/Pages/ConnectedAppsPage.xaml.cs	Page logic for refresh, single disconnect, disconnect-all with confirmation + toast.
OneGateApp/Pages/SecurityCenterPage.xaml	Adds a tappable “dApp authorization” row that surfaces connected dApp status/text and navigates to the new page.
OneGateApp/Pages/SecurityCenterPage.xaml.cs	Loads connected dApp count during refresh; adds navigation handler; injects service.
OneGateApp/Pages/LaunchDAppPage.xaml.dAPI.cs	Records connected dApp on Authenticate; gates GetAccounts on an existing grant.
OneGateApp/Pages/LaunchDAppPage.xaml.cs	Injects ConnectedDAppService into dApp launch page.
OneGateApp/Pages/AuthenticatePage.xaml.cs	Records connected dApp after external authentication; injects service.
OneGateApp/MauiProgram.cs	Registers ConnectedDAppService in DI.
OneGateApp/AppShell.xaml.cs	Registers route for the Connected Apps page.
OneGateApp/Properties/Strings.resx	Adds EN strings for Connected Apps UI and actions.
OneGateApp/Properties/Strings.zh-Hans.resx	Adds zh-Hans strings for Connected Apps UI and actions.
OneGateApp/Properties/Strings.Designer.cs	Resource designer updates for newly added strings.

Files not reviewed (1)

• OneGateApp/Properties/Strings.Designer.cs: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[erikzhang]

This is not in line with NEP-21 specifications. The purpose of authenticate is for the website to authenticate the user, not for the user to authorize the website. If user authorization is required to allow the website to obtain the address, then we should ask for the user's consent when the website calls getAccounts.

[Jim8y]

Latest review follow-up after merging current master (bb40f15): this PR still respects Erik review feedback and NEP-21 semantics. authenticate remains a website sign-in/authentication flow only; account-read consent is requested from getAccounts, and successful getAccounts calls refresh the connected-app grant/LastUsedAt via ConnectAsync. Copilot stale LastUsedAt thread is now resolved. Validation on the current branch: conflict-marker scan passed; git diff --check origin/master...HEAD passed; resource parity passed across all 15 Strings*.resx files (307 keys); iOS simulator build/install/launch verified; Android emulator build/install/launch verified with empty crash log. Refreshed screenshots (release assets, not committed): iOS Connected Apps, Android Connected Apps. Ready for re-review.