描述
Design or refactor product authentication setup for web apps and APIs. Use when the user needs to choose hosted, framework-native, platform-native, enterprise- add-on, or self-hosted auth; define sessions vs JWTs; wire OAuth/social login, passkeys, org/member models, callback/cookie environment setup, or SSO/SCIM rollout boundaries before implementation. Not for deeper authorization policy, general security hardening, API contract design, backend test planning, or pure database modeling.