Drop-in auth service with email/password, OAuth, MFA, and password reset.
Design users, sessions, refresh tokens schema
Implement signup/login/refresh/logout endpoints
Add OAuth providers
Implement TOTP-based MFA
Generate OpenAPI docs