Authentication & In-App Purchases

Authentication Flow

Auto-Login

On app start, UserProvider.initialize() triggers auto-login:

1. Check for a cached Supabase session locally
2. If found, restore session and navigate to HomeScreen
3. If no network, enter offline mode with cached session
4. If no session at all, show LoginScreen

Supported Auth Methods

Offline Mode

• App checks for network on startup
• If offline but a local session exists, the user goes straight to HomeScreen
• Controlled by AppConfig.enableOfflineMode flag
• Sessions are cached using Supabase’s built-in local storage

Deep Links

• Mobile: lucidflow://app scheme
• Web: Uri.base.origin (browser origin URL)
• Password reset links are browser-specific (Supabase limitation)

In-App Purchases

Product ID Format

Course codes come from shop.json (e.g., H01ENB).

Purchase Flow

1. User selects course and voice (M/F) in the shop
2. Platform-specific product ID is generated from the course code
3. InAppPurchaseService.purchaseCourse() initiates native purchase
4. Purchase token/receipt sent to /functions/v1/validate_purchase
5. Backend validates with Apple (verifyReceipt API) or Google Play
6. On success, course added to user account
7. Sync triggered to download the purchased course content

iOS-Specific Details

• Receipt retrieved via method channel (app_receipt) from Bundle.main.appStoreReceiptURL
• Binary receipt, base64-encoded for validation
• Backend uses production + sandbox fallback for Apple validation
• Non-consumable products may show as PurchaseStatus.restored after first purchase — this is expected

Sandbox Mode

AppConfig.useSandboxIAP is automatically true in debug builds, false in release. In sandbox mode the backend skips store API validation.

Backend Endpoints