G.2: Login

Summary

Guests log in from /login using a Supabase magic link or OAuth provider. After authentication, the app resolves the current user profile and routes the user to onboarding or dashboard.

Role

• Primary: Guest
• Secondary: Client, Counselor, Admin, Supabase Auth

Entry Point

• URL: /login

Preconditions

• Guest is not authenticated.
• Supabase Auth is available.

Steps

1. Guest opens /login.
2. Guest enters an email or selects an OAuth provider.
3. Frontend requests a Supabase magic link or OAuth redirect.
4. Guest completes authentication with Supabase.
5. App initializes the Supabase session.
6. Frontend requests the current Compath user profile.
7. User is routed to /onboarding if required, otherwise /dashboard.

Diagram

Edge Cases

• Already authenticated: Public-only routing redirects away from /login.
• Profile load failure: App shows retry state before routing.
• Return URL: Magic links can return users to the originally requested protected route.

Current Implementation Notes

• Frontend: frontend/src/features/auth/components/login-form.tsx, frontend/src/app/providers/auth-provider.tsx
• Route guard: frontend/src/shared/components/layout/public-only-route.tsx

Screenshot Status

• Not captured.

Related Flows

• G.1 Sign Up
• IE.4 Supabase Auth Emails