WIP

APP/src/app/shared/services/auth.service.ts

@@ -46,6 +46,8 @@ export interface TokenVerificationResult {
     isValid: boolean;
     /** Constructed from JWT claims when using secret-link login. */
     user?: UserInfo;
+    /** The raw JWT from the URL — use as the access token for this session. */
+    accessToken?: string;
     message?: string;
     expiresAt?: Date;
     requiresMfa?: boolean;
@@ -56,7 +58,11 @@ export interface TokenVerificationResult {
 @Injectable({ providedIn: 'root' })
 export class AuthService {
 
-    /** In-memory only — never written to localStorage. */
+    /**
+     * In-memory only — never written to localStorage.
+     * Non-private intentionally: unit tests seed state via these subjects directly.
+     * Production code must use getToken(), getCurrentUser(), and setCurrentUser().
+     */
     accessToken$ = new BehaviorSubject<string | null>(null);
     currentUser$ = new BehaviorSubject<UserInfo | null>(null);