Understanding custom auth flow and its implementation..

Recently I was trying to really understand custom auth flow and how its implementation actually works. .
So I started rebuilding auth system again. This time more seriously. I focused on proper flow, proper structure, and proper error handling. Used zod for validation. Used Resend for email verification. Added forgot password and reset password flow.
Honestly this part took me lot of time. Not because syntax was hard, but because business workflow was hard. Thinking about every step. Where security can break. How password should store. How jwt should use. Since jwt is stateless, what happens when access token expire. How refresh token comes from database. All this forced me to think deeper....all edge cases to look upon..
After completing this auth flow, I feel my thinking changed. Now I don’t just write endpoints. I think about user flow, edge cases, and security.
In real world, using ready auth services makes sense. But building a complete custom auth flow once really took me to different level.
Still learning. Still fixing. But this auth project taught me a lot...