Authentication System Design

Design an authentication system for [MY APPLICATION].

App type: [WEB APP / MOBILE / API / ALL]
Users: [CONSUMERS / BUSINESS / BOTH]

Auth methods needed: [EMAIL+PASSWORD / SOCIAL LOGIN / SSO / MFA / ALL]
Tech stack: [DESCRIBE]

Provide:
1. **Auth Flow Design**: Registration, login, logout, password reset flows
2. **Token Strategy**: JWT vs session-based authentication
3. **Password Security**: Hashing, salting, and password policy
4. **Social Login**: OAuth integration for Google, GitHub, etc.
5. **Authorisation**: Role-based access control (RBAC) design
6. **MFA Implementation**: Two-factor authentication setup
7. **Session Management**: Token refresh, expiry, and revocation
8. **Security Hardening**: Rate limiting, CSRF, XSS, and injection prevention
9. **Database Schema**: User and session tables design
10. **Third-Party Options**: Auth0, Firebase Auth, Supabase Auth — when to use vs build

Design an authentication system for [MY APPLICATION].

App type: [WEB APP / MOBILE / API / ALL]
Users: [CONSUMERS / BUSINESS / BOTH]
Auth methods needed: [EMAIL+PASSWORD / SOCIAL LOGIN / SSO / MFA / ALL]
Tech stack: [DESCRIBE]

Provide:
1. **Auth Flow Design**: Registration, login, logout, password reset flows
2. **Token Strategy**: JWT vs session-based authentication
3. **Password Security**: Hashing, salting, and password policy
4. **Social Login**: OAuth integration for Google, GitHub, etc.
5. **Authorisation**: Role-based access control (RBAC) design
6. **MFA Implementation**: Two-factor authentication setup
7. **Session Management**: Token refresh, expiry, and revocation
8. **Security Hardening**: Rate limiting, CSRF, XSS, and injection prevention
9. **Database Schema**: User and session tables design
10. **Third-Party Options**: Auth0, Firebase Auth, Supabase Auth — when to use vs build