Logo

Login

Authentication in this project uses email and password only. The frontend uses NextAuth.js with the Credentials provider; credentials are validated against your backend API, and a JWT (or session token) is stored for subsequent requests.

Login Flow

  1. User enters email and password on the login form (src/features/auth/components/login-form.tsx).
  2. Client-side validation runs with Zod (loginSchema) before submission.
  3. On submit, the app calls signIn("credentials", ...) with email, password, and locale.
  4. NextAuth invokes the Credentials provider in src/core/lib/auth.ts, which calls your backend (loginWithEmailApi) to verify the user and obtain an access token.
  5. The backend returns an access token; the frontend fetches the user profile (getProfileApi) and passes the token and user data into the session.
  6. On success, the user is redirected to /social; the session (including accessToken) is used for API requests via the API client.

The auth feature also provides:

  • Register — New user registration (email, password, name).
  • Forgot Password — Request a password reset link.
  • Reset Password — Set a new password using a token.
  • OTP Verification — One-time code verification when required by your backend.

All of these use the same API client and session pattern; only the Credentials provider is used for login — no third-party identity providers are documented here.

Session and API Calls

The API client (src/core/lib/api-client.ts) attaches the session accessToken as a Bearer token and sends x-custom-lang for the current locale. Protected routes (e.g. social layout) use getServerSession(authOptions) and redirect unauthenticated users to the login page.