shop/doc/core-apps/auth/features.md

• login user
• register user
• chnage password

- registration, login, refresh, logout, password change, own profile
- routes: POST /register, /login, /refresh, /logout, /change-password; GET/PUT /me
- events emit: user.registered, user.logged_in
- depends on: core
- seeds: admin@example.com + demo customer
- room for growth: OAuth/SSO, API-tokens for third-party apps, 2FA, refresh-token rotation, impersonation, B2B company accounts