diff --git a/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md b/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md
index b5f3aa7..db7467c 100644
--- a/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md
+++ b/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md
@@ -106,7 +106,15 @@ export interface LoginResult {
   message?: string;
 }
 
-// TokenVerificationResult — kept as-is (used by secret-link flow)
+// TokenVerificationResult — updated: user field changes from User → UserInfo
+export interface TokenVerificationResult {
+  isValid: boolean;
+  user?: UserInfo;   // was User (old); now UserInfo — verifySecretLinkToken extracts
+                     // id, email, roles[], languagePreference from the JWT payload
+  message?: string;
+  expiresAt?: Date;
+  requiresMfa?: boolean;
+}
 ```
 
 ### `AuthService` — methods
@@ -142,10 +150,12 @@ getCurrentUser(): UserInfo | null
 setCurrentUser(user: UserInfo): void
   Update currentUser$ (used by MFA dialog success callback)
 
-// Kept unchanged:
+// Kept (logic unchanged, type updated):
 getRedirectUrl(): string
 setRedirectUrl(url: string): void
 verifySecretLinkToken(token: string): Observable<TokenVerificationResult>
+  // Constructs UserInfo from JWT payload: id, email, roles, languagePreference
+  // (username/firstName/lastName/branchIds are no longer extracted)
 isTokenExpired(token: string): boolean
 ```