Skip to content

PharmaNet Technical Docs

Authentication

Authentication¶

Source: pharmanet/lib/features/auth/

Pages¶

Page	File	Description
`AuthPage`	`features/auth/presentation/pages/auth_page.dart`	Login with email/password, OTP, or OAuth
`RootPage`	`features/auth/presentation/pages/root_page.dart`	Role-based routing (customer vs seller view)
`AuthForm`	`features/auth/presentation/widgets/auth_form.dart`	Reusable auth form widget

Providers¶

Provider	Type	File
`authStateProvider`	`StreamProvider<AuthState>`	`core/providers/auth_provider.dart`
`currentUserProvider`	`Provider<User?>`	`core/providers/auth_provider.dart`
`userRoleProvider`	`NotifierProvider<UserRole>`	`core/providers/user_provider.dart`

API Methods¶

Source: pharmanet/lib/core/api/auth_api.dart

Method	Description
`sendOtp(email)`	Send OTP verification email
`verifyOtp(email, otp)`	Verify OTP code
`signInWithGoogle()`	Google OAuth sign-in
`signInWithApple()`	Apple OAuth sign-in (iOS)
`registerUser(email, name, role)`	Create user profile
`signInWithEmailPassword(email, password)`	Email/password sign-in
`signUpWithEmailPassword(email, password)`	Email/password sign-up
`signOut()`	Sign out
`currentUser`	Getter for current Supabase user
`getUserRole()`	Get role from user metadata
`hasProfile()`	Check if user has a profile record

Auth Flow¶

sequenceDiagram
    participant U as User
    participant A as AuthPage
    participant P as AuthProvider
    participant S as Supabase Auth
    participant DB as Profiles Table

    U->>A: Enter email/password
    A->>P: signIn()
    P->>S: supabase.auth.signIn()
    S-->>P: Session + User
    P->>DB: Fetch profile (role)
    DB-->>P: Profile data
    P-->>A: Success + Role
    A->>U: Navigate to home/dashboard

Role Routing¶

On login, RootPage determines the view:

Role	View
`customer`	Customer home (PublicHomePage)
`seller`	Pharmacist dashboard (PharmacistDashboard)
`admin`	(Web only — mobile blocks admin login)

Security¶

OTP-based email verification for new accounts
Google OAuth available for quick sign-in
Session persistence via SecureStorageService
FCM token saved to profile on every login
Profile verification (hasProfile check) before granting access

Profile & Security — Account settings, password change
DB: Profiles — Profiles table schema