Concepts
Authentication Flow
Understand how Ezz-Auth handles your data from the moment a user clicks sign-in to the final server-side validation.
1.Initiate Sign-in
User initiates the sign-in process through the SDK client components.
2.Secure Session Creation
The Core Auth System generates a cryptographically secure session.
3.Cookie Storage
The session is stored in HTTP-only, Secure, and SameSite=Lax cookies.
4.Client Hydration
The AuthProvider loads the user state into the client-side context.
5.Server Validation
Every request is validated on the server via middleware or server actions.
Immutability Note
This flow is abstracted for security and developer experience. The core logic is handled by the SDK and cannot be modified by clients to ensure session integrity and prevent common attack vectors like XSS or CSRF.