From 98965274b8fcc1afb863c5edd816591c380615c9 Mon Sep 17 00:00:00 2001
From: Chris Chen <yuanson.ch@gmail.com>
Date: Tue, 26 May 2026 20:22:24 -0700
Subject: [PATCH] docs: fix TokenVerificationResult type in login integration
 spec

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../2026-05-26-login-api-integration-design.md     | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md b/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md
index b5f3aa7..db7467c 100644
--- a/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md
+++ b/APP/docs/superpowers/specs/2026-05-26-login-api-integration-design.md
@@ -106,7 +106,15 @@ export interface LoginResult {
   message?: string;
 }
 
-// TokenVerificationResult — kept as-is (used by secret-link flow)
+// TokenVerificationResult — updated: user field changes from User → UserInfo
+export interface TokenVerificationResult {
+  isValid: boolean;
+  user?: UserInfo;   // was User (old); now UserInfo — verifySecretLinkToken extracts
+                     // id, email, roles[], languagePreference from the JWT payload
+  message?: string;
+  expiresAt?: Date;
+  requiresMfa?: boolean;
+}
 ```
 
 ### `AuthService` — methods
@@ -142,10 +150,12 @@ getCurrentUser(): UserInfo | null
 setCurrentUser(user: UserInfo): void
   Update currentUser$ (used by MFA dialog success callback)
 
-// Kept unchanged:
+// Kept (logic unchanged, type updated):
 getRedirectUrl(): string
 setRedirectUrl(url: string): void
 verifySecretLinkToken(token: string): Observable<TokenVerificationResult>
+  // Constructs UserInfo from JWT payload: id, email, roles, languagePreference
+  // (username/firstName/lastName/branchIds are no longer extracted)
 isTokenExpired(token: string): boolean
 ```