# 🔐 Login System Overview

The platform includes a built-in authentication system that supports both **email/password** login and a selection of **custom providers**.

You can enable or disable each method in the `config`, giving you full control over how users log in.

***

## ⚙️ Enabling Providers

In the `config`, you’ll find toggles for each provider.

To use a custom provider (like Google, GitHub, etc.), you'll need to provide:

* `CLIENT_ID`
* `CLIENT_SECRET`

When a provider is enabled, the login form will automatically update to include it. ✅

***

## 🧠 Session Data

Once a user logs in, some default values are added to their **session**:

* `token`: A string used to look up the session in server storage.
* `location`: An object containing:
  * `pathName`: The current route as a string (e.g. `/dashboard`)
  * `searchParams`: The query string from the URL converted into an object.

***

## 👤 User Data Defaults

You can customize what user data is stored in the session by editing the `userdata` section in your config.\
By default, this includes:

* `id --string`
* `name -- string`
* `email -- string`
* `provider --string`
* `admin -- boolean @default(false)`
* `avatar -- string`
* `language -- string @default('en')`
* `createdAt -- Date`
* `updatedAt -- Date`
* `Token -- string`
* `location: { pathName: string; serachParams: Record<string, any> }`

🧩 We allow multiple accounts to exist under the **same email** as long as they use a **different provider**.\
To support this, the **email + provider** combination is used as a unique identifier.

❗ If you remove `email` or `provider` from the `sessionLayout` you’ll need to update the server logic to reflect that. Removing them without doing so may break the system.