---
# nuzlocke-tracker-l9xh
title: Frontend auth flow (login, signup, session management)
status: todo
type: feature
priority: normal
created_at: 2026-03-20T15:28:24Z
updated_at: 2026-03-20T15:28:35Z
parent: nuzlocke-tracker-d98o
blocked_by:
    - nuzlocke-tracker-2561
---

Add Supabase JS client to the frontend. Build login and signup pages with email/password and social login buttons (Google, Discord). Implement auth context/provider for session management, protected route wrapper, and auth-aware API client that attaches Bearer tokens.

## Checklist
- [ ] Install @supabase/supabase-js
- [ ] Create Supabase client singleton with env vars
- [ ] Create AuthContext/AuthProvider with session state, login, logout, signup methods
- [ ] Build login page (email/password form + Google/Discord buttons)
- [ ] Build signup page (email/password form + Google/Discord buttons)
- [ ] Add auth callback route for OAuth redirects
- [ ] Create ProtectedRoute wrapper component
- [ ] Update API client to attach Authorization header when user is logged in
- [ ] Add user menu (avatar/email, logout) to header when authenticated
- [ ] Handle token refresh automatically via Supabase client