Users and Auth API

NextAuth flow and user profile endpoint contracts.

Auth routing

/api/auth/[...nextauth] is managed by NextAuth v5 (Auth.js) using Google OAuth and JWT session strategy.

Endpoint details

Purpose

Handles login, logout, and session callbacks via NextAuth route conventions.

Notes

Session values are consumed by protected API routes.
Provider credentials and callback URL are environment-driven.

Returns profile and dashboard summary data for caller.

Success

Status: 200
Typical fields:
- id, email, name, image
- Group/membership summary
- Payment summary metadata

Failure cases

401 UNAUTHORIZED

Optional update route for profile adjustments where implemented.

Expected behavior

Validate editable profile fields
Persist safe subset only
Return updated profile payload

Failure cases

401 UNAUTHORIZED
400 VALIDATION_ERROR

Authorization baseline

Authentication answers who the caller is. Authorization checks whether the caller can act on a specific group or billing resource.