Auth Flow

Authentication Flow

Phase 1 goal

Google OAuth enrollment and login is the primary account entry path.

Intended flow

1. Visitor clicks sign in with Google
2. App redirects to Google OAuth consent
3. Callback returns verified Google identity
4. App finds or creates local users record
5. App stores seller profile data and login timestamp
6. App issues local session
7. If email verification or additional trust checks are required, app sends Postmark mail after server-side approval

Security requirements

• Do not trust client-provided role or profile fields
• Restrict admin elevation to server-side policy only
• Rotate session on login
• Enforce captcha on any auxiliary signup/help/recovery forms
• Log OAuth failure states and moderation-sensitive account changes

Local auth later

The schema is intentionally compatible with adding local email/password later, but that path should stay behind a feature flag until the verification and recovery flows are complete.