Security boundary
This service never tries to share one cookie across unrelated root domains. It keeps its own session at `auth.fluentreact.com`, then hands the relying site a short-lived code so that site can create its own session.
FluentReact Auth Center
Own-site Portfolio Only
One secure third-party login center for your whole site portfolio.
Each site redirects here, the user chooses a provider, and the auth center returns a short-lived authorization code back to the original site. Each site still creates and owns its own local session after the server-side exchange.
Identity policy
Different providers are treated as different identities by default. The auth center does not auto-merge users just because two providers expose the same email address.
Provider roadmap
Google is the only enabled provider in v1. The route and adapter layer already reserve expansion space for GitHub and Apple later.