The email+password login flow specifics built on auth-fundamentals: signup verification, login timing safety, and password-change session rules.
0 downloads · Used by 1 stacks
Link back to this module from your own README.
[](https://markdowners.com/m/markdowners/email-password-auth)No discussions about this module yet.
Start a discussionThis module assumes Auth Fundamentals@markdowners/auth-fundamentals — the hashing, session, and rate-limiting rules there apply in full here. What follows is specific to the email+password flow itself.
+tag addressing considered) to avoid accidental duplicate accounts, but never reveal in the signup response whether an email is already registered — respond identically either way and let the "confirm your email" vs. "you already have an account" distinction happen only inside the (already-authenticated) email itself.===/==, which can leak timing information about where the mismatch occurs.Name@Example.com must be able to log in with name@example.com.
Comments (0)
Sign in to comment. Sign in
No comments yet. Be the first to add one.