Auth API User Behavior

Start: Clicking "Log in" in the header

Desktop

1. User will scan the QR code or enter the secure code in the game
2. The users existing shop session on desktop will be authenticated. They will not be redirected to checkout since there was no offer selected
3. The game may redirect the player to the shop on mobile with the token query parameter. They will be authenticated in that new shop session on their mobile device. They will not be redirected to checkout since there was no offer selected

Mobile

1. User will be redirected into the game via a deep link or enter the secure code in the game
2. The user's existing shop session (in the original tab) will be authenticated. They will not be redirected to checkout since there was no offer selected
3. The game may redirect the player to the shop on mobile with the token query parameter. They will be authenticated in that new shop session in a new tab. They will not be redirected to checkout since there was no offer selected

Start: Clicking an offer price or "Log in" in an offer modal

Desktop

1. User will scan the QR code or enter the secure code in the game
2. The users existing shop session on desktop will be authenticated and they will be automatically redirected to checkout
3. The game should not redirect the player to the shop on mobile. If they do redirect the player to the shop on mobile with the token query parameter they will be authenticated in a new shop session but not redirected to checkout.

Mobile

1. User will be redirected into the game via a deep link or enter the secure code in the game
2. The game should redirect the player to the shop with the token query parameter. This will open a new tab. The shop session in the new tab will be authenticated and they will be redirected to checkout automatically.
3. The users existing shop session (in the original tab) will be authenticated. They will not be redirected to checkout to avoid a duplicate checkout