Ponder

Auth

Authentication methods and security configuration declared in appwrite.json and used by Flutter.

Enabled Methods

| Method | Enabled | | — | — | | JWT | true | | Phone | true | | Invites | true | | Anonymous | true | | Email OTP | true | | Magic URL | true | | Email/password | true |

Security Configuration

| Setting | Value | | — | — | | Session duration | 31536000 seconds | | Limit | 0 | | Sessions limit | 10 | | Password history | 0 | | Password dictionary | false | | Personal data check | false | | Session alerts | false | | Mock numbers | [] |

Flutter Auth Flow

AuthService wraps Appwrite Account calls:

• getCurrentUser() calls account.get() and returns null on AppwriteException.
• signIn() calls createEmailPasswordSession.
• signUp() creates an account, creates an email/password session, and returns the current account.
• signOut() deletes the current session.

AuthNotifier initializes auth state on startup. If an Appwrite account exists, it ensures a profile document exists in users; otherwise it sets the user tier to guest.

The login/register bottom sheets validate email format locally. Registration also requires username length from 3 to 30 characters, no spaces, password length of at least 8 characters, and matching password confirmation.

User Tiers

UserTier has guest, free, and premium. A signed-in user resolves to premium only when the loaded UserProfile.isPremium is true; otherwise the user is free.

Profile Creation

On sign-up, AuthNotifier.signUp creates an Appwrite user, creates an email/password session, then writes a profile row with:

• username
• email
• accountStatus: active
• notificationsEnabled: true
• isPremium: false
• isVerified from Appwrite email verification state

Not Declared In Repository Configuration

OAuth providers, MFA settings, email template settings, and password length rules are not declared in the repository snapshot.