# Development Mode Authentication

When running `npm run dev` without a backend, the app uses **mock authentication** so you can test the full UI flow.

## What Works (Without Backend)

### Nostr Login (Mock)
- Click "Remote Signer" or "Extension" or "Private Key"
- Extension: requires a Nostr browser extension (Alby, nos2x)
- Remote Signer: shows QR/link; mock flow completes without real signer
- Private Key: paste nsec; creates mock session
- Sovereign Identity: generates keypair and mocks login

### Email/Password (Legacy Form)
- The auth form triggers the "Sovereign Identity" flow by default
- After dismissing, any email/password creates a mock user
- Stored in sessionStorage

## With Real Backend

1. Start backend: `cd backend && npm run start:dev` (or use `bash scripts/dev.sh`)
2. Set `VITE_USE_MOCK_DATA=false` and `VITE_INDEEHUB_API_URL=/api` in `.env`
3. Restart frontend: `npm run dev`

Real auth uses Nostr (NIP-98) and issues JWTs from the backend. No Cognito.

## Session Storage

Mock sessions use `sessionStorage`:
- `nostr_token` — Nostr session JWT (mock or real)
- `indeehub_api_refresh` — refresh token for API

Refresh keeps you logged in until the tab is closed.