You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is the core privacy guarantee: only people with IIITL credentials can enter the platform. All alumni and students have @iiitl.ac.in emails issued during their time at IIITL; related #10).
Acceptance criteria
Use Auth.js (NextAuth v5) — or propose alternative in the issue
Sign-up accepts only emails matching /@iiitl\.ac\.in$/ (case-insensitive). All other emails are rejected with a clear message.
Google OAuth is allowed only if hd === "iiitl.ac.in" (Google Workspace hosted-domain check); other Google accounts are rejected
Sessions stored in the DB with a 30-day rolling expiry
/login and /register UIs wired to real flow
Failed / rejected sign-up attempts logged (for abuse monitoring) but not shown to user
Rate-limit magic link requests to 5 per email per hour
If user has signed up with google then complete he should be prompted to create a new password. Make sure this is atomic and save the user only when password is created
Context
This is the core privacy guarantee: only people with IIITL credentials can enter the platform. All alumni and students have
@iiitl.ac.inemails issued during their time at IIITL; related #10).Acceptance criteria
/@iiitl\.ac\.in$/(case-insensitive). All other emails are rejected with a clear message.hd === "iiitl.ac.in"(Google Workspace hosted-domain check); other Google accounts are rejected/loginand/registerUIs wired to real flowDepends on #1.