⚡ Quick OAuth + JWT Architecture (For Fast Revision) When handling social logins while maintaining a stateless JWT ecosystem, follow this flow: [User] --- 1. GET /auth/google ---> [Passport Engine] ---> (Redirects to Google Sign-In) [User] <--- 2. Grants Permission -- [Google Server] [Backend Callback] <-- 3. Code/Profile Handshake <-- [Google Server] (Verifies & Upserts User Profile) [User] <--- 4. Sets Secure Access & Refresh Cookies --- [Backend Controller] (Generates Custom JWTs) Enter fullscreen mode Exit fullscreen mode Core Strategy Rules No Server-Side Sessions: We explicitly disable passport session serialization ( session: false ) because our app uses stateless JWT tokens. User Accounts Linking: If a user registers normally with an email address and later hits the "Sign In with Google" button, we automatically link the identity by pinning the googleId onto the pre-existing document profile.…