From 7c4b4d97dcc7ffa02973aab0e68661a7cd0bd802 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Wed, 25 Mar 2026 09:40:05 -0600
Subject: [PATCH 01/11] update auth with new designs

---
 apps/frontend/src/locales/en-US/index.json |   4 +-
 apps/frontend/src/pages/auth.vue           |  24 +--
 apps/frontend/src/pages/auth/sign-in.vue   | 207 ++++++++++++---------
 apps/frontend/src/pages/auth/sign-up.vue   | 125 ++++++++-----
 4 files changed, 206 insertions(+), 154 deletions(-)

diff --git a/apps/frontend/src/locales/en-US/index.json b/apps/frontend/src/locales/en-US/index.json
index 3c66ea3398..cc8c142aaa 100644
--- a/apps/frontend/src/locales/en-US/index.json
+++ b/apps/frontend/src/locales/en-US/index.json
@@ -267,10 +267,10 @@
     "message": "Enter code..."
   },
   "auth.sign-in.additional-options": {
-    "message": "<forgot-password-link>Forgot password?</forgot-password-link> • <create-account-link>Create an account</create-account-link>"
+    "message": "<forgot-password-link>Forgot password</forgot-password-link> • Don't have an account? <create-account-link>Sign up</create-account-link>"
   },
   "auth.sign-in.sign-in-with": {
-    "message": "Sign in with"
+    "message": "Sign into Modrinth"
   },
   "auth.sign-in.title": {
     "message": "Sign In"
diff --git a/apps/frontend/src/pages/auth.vue b/apps/frontend/src/pages/auth.vue
index 205866bcee..20f3587ed4 100644
--- a/apps/frontend/src/pages/auth.vue
+++ b/apps/frontend/src/pages/auth.vue
@@ -8,12 +8,12 @@ useSeoMeta({
 })
 </script>
 <template>
-	<NuxtPage class="auth-container universal-card" />
+	<NuxtPage class="auth-container universal-card border border-solid border-surface-5" />
 </template>
 
 <style>
 .auth-container {
-	width: 26rem;
+	width: 28rem;
 	max-width: calc(100% - 2rem);
 	margin: 1rem auto;
 	display: flex;
@@ -45,24 +45,6 @@ useSeoMeta({
 	margin: 0 0 0 0.5rem;
 }
 
-.third-party {
-	display: grid;
-	gap: var(--gap-md);
-	grid-template-columns: repeat(2, 1fr);
-	width: 100%;
-}
-
-.third-party .btn {
-	width: 100%;
-	vertical-align: middle;
-}
-
-.third-party .btn svg {
-	margin-right: var(--gap-sm);
-	width: 1.25rem;
-	height: 1.25rem;
-}
-
 @media screen and (max-width: 25.5rem) {
 	.third-party .btn {
 		grid-column: 1 / 3;
@@ -84,7 +66,7 @@ useSeoMeta({
 	align-items: center;
 	display: flex;
 	justify-content: center;
-	gap: var(--gap-md);
+	gap: var(--gap-xs);
 	flex-wrap: wrap;
 }
 
diff --git a/apps/frontend/src/pages/auth/sign-in.vue b/apps/frontend/src/pages/auth/sign-in.vue
index 352bf041f9..dbf4fb8878 100644
--- a/apps/frontend/src/pages/auth/sign-in.vue
+++ b/apps/frontend/src/pages/auth/sign-in.vue
@@ -5,7 +5,7 @@
 			class="fixed left-0 top-0 z-[9999] m-0 h-full w-full border-0 p-0"
 		></iframe>
 	</div>
-	<div v-else>
+	<div v-else c>
 		<template v-if="flow && !subtleLauncherRedirectUri">
 			<label for="two-factor-code">
 				<span class="label__title">{{ formatMessage(messages.twoFactorCodeLabel) }}</span>
@@ -28,98 +28,120 @@
 			</button>
 		</template>
 		<template v-else>
-			<h1>{{ formatMessage(messages.signInWithLabel) }}</h1>
+			<div class="flex flex-col gap-6">
+				<div class="text-center text-2xl font-semibold text-contrast">
+					{{ formatMessage(messages.signInWithLabel) }}
+				</div>
 
-			<section class="third-party">
-				<a class="btn" :href="getAuthUrl('discord', redirectTarget)">
-					<DiscordColorIcon />
-					<span>Discord</span>
-				</a>
-				<a class="btn" :href="getAuthUrl('github', redirectTarget)">
-					<GitHubColorIcon />
-					<span>GitHub</span>
-				</a>
-				<a class="btn" :href="getAuthUrl('microsoft', redirectTarget)">
-					<MicrosoftColorIcon />
-					<span>Microsoft</span>
-				</a>
-				<a class="btn" :href="getAuthUrl('google', redirectTarget)">
-					<GoogleColorIcon />
-					<span>Google</span>
-				</a>
-				<a class="btn" :href="getAuthUrl('steam', redirectTarget)">
-					<SteamColorIcon />
-					<span>Steam</span>
-				</a>
-				<a class="btn" :href="getAuthUrl('gitlab', redirectTarget)">
-					<GitLabColorIcon />
-					<span>GitLab</span>
-				</a>
-			</section>
+				<section class="flex flex-col gap-2.5">
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('google', redirectTarget)">
+							<GoogleColorIcon />
+							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Google' }) }}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('microsoft', redirectTarget)">
+							<MicrosoftColorIcon />
+							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Microsoft' }) }}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('discord', redirectTarget)">
+							<DiscordColorIcon />
+							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Discord' }) }}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('github', redirectTarget)">
+							<GitHubColorIcon />
+							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'GitHub' }) }}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('gitlab', redirectTarget)">
+							<GitLabColorIcon />
+							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'GitLab' }) }}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('steam', redirectTarget)">
+							<SteamColorIcon />
+							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Steam' }) }}</span>
+						</a>
+					</ButtonStyled>
+				</section>
 
-			<h1>{{ formatMessage(messages.usePasswordLabel) }}</h1>
+				<div class="h-px w-full bg-surface-5"></div>
 
-			<section class="auth-form">
-				<label for="email" hidden>{{ formatMessage(commonMessages.emailUsernameLabel) }}</label>
-				<StyledInput
-					id="email"
-					v-model="email"
-					:icon="MailIcon"
-					type="text"
-					inputmode="email"
-					autocomplete="username"
-					:placeholder="formatMessage(commonMessages.emailUsernameLabel)"
-					wrapper-class="w-full"
-				/>
+				<section class="auth-form">
+					<label for="email" hidden>{{ formatMessage(commonMessages.emailUsernameLabel) }}</label>
+					<StyledInput
+						id="email"
+						v-model="email"
+						:icon="MailIcon"
+						type="text"
+						inputmode="email"
+						autocomplete="username"
+						:placeholder="formatMessage(commonMessages.emailUsernameLabel)"
+						wrapper-class="w-full"
+					/>
 
-				<label for="password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
-				<StyledInput
-					id="password"
-					v-model="password"
-					:icon="KeyIcon"
-					type="password"
-					autocomplete="current-password"
-					:placeholder="formatMessage(commonMessages.passwordLabel)"
-					wrapper-class="w-full"
-				/>
+					<label for="password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
+					<StyledInput
+						id="password"
+						v-model="password"
+						:icon="KeyIcon"
+						type="password"
+						autocomplete="current-password"
+						:placeholder="formatMessage(commonMessages.passwordLabel)"
+						wrapper-class="w-full"
+					/>
 
-				<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />
+					<HCaptcha
+						v-if="globals?.captcha_enabled && email && password"
+						ref="captcha"
+						v-model="token"
+					/>
 
-				<button
-					class="btn btn-primary continue-btn centered-btn"
-					:disabled="globals?.captcha_enabled ? !token : false"
-					@click="beginPasswordSignIn()"
-				>
-					{{ formatMessage(commonMessages.signInButton) }} <RightArrowIcon />
-				</button>
+					<ButtonStyled color="brand">
+						<button
+							class="!w-full"
+							:disabled="globals?.captcha_enabled ? !token : false"
+							@click="beginPasswordSignIn()"
+						>
+							{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
+						</button>
+					</ButtonStyled>
 
-				<div class="auth-form__additional-options">
-					<IntlFormatted :message-id="messages.additionalOptionsLabel">
-						<template #forgot-password-link="{ children }">
-							<NuxtLink
-								class="text-link"
-								:to="{
-									path: '/auth/reset-password',
-									query: route.query,
-								}"
-							>
-								<component :is="() => children" />
-							</NuxtLink>
-						</template>
-						<template #create-account-link="{ children }">
-							<NuxtLink
-								class="text-link"
-								:to="{
-									path: '/auth/sign-up',
-									query: route.query,
-								}"
-							>
-								<component :is="() => children" />
-							</NuxtLink>
-						</template>
-					</IntlFormatted>
-				</div>
-			</section>
+					<div class="auth-form__additional-options !text-base">
+						<IntlFormatted :message-id="messages.additionalOptionsLabel">
+							<template #forgot-password-link="{ children }">
+								<NuxtLink
+									class="text-link"
+									:to="{
+										path: '/auth/reset-password',
+										query: route.query,
+									}"
+								>
+									<component :is="() => children" />
+								</NuxtLink>
+							</template>
+							<template #create-account-link="{ children }">
+								<NuxtLink
+									class="inline text-link"
+									:to="{
+										path: '/auth/sign-up',
+										query: route.query,
+									}"
+								>
+									<component :is="() => children" />
+								</NuxtLink>
+							</template>
+						</IntlFormatted>
+					</div>
+				</section>
+			</div>
 		</template>
 	</div>
 </template>
@@ -137,6 +159,7 @@ import {
 	SteamColorIcon,
 } from '@modrinth/assets'
 import {
+	ButtonStyled,
 	commonMessages,
 	defineMessages,
 	injectModrinthClient,
@@ -159,11 +182,11 @@ const messages = defineMessages({
 	additionalOptionsLabel: {
 		id: 'auth.sign-in.additional-options',
 		defaultMessage:
-			'<forgot-password-link>Forgot password?</forgot-password-link> • <create-account-link>Create an account</create-account-link>',
+			"<forgot-password-link>Forgot password</forgot-password-link> • Don't have an account? <create-account-link>Sign up</create-account-link>",
 	},
 	signInWithLabel: {
 		id: 'auth.sign-in.sign-in-with',
-		defaultMessage: 'Sign in with',
+		defaultMessage: 'Sign into Modrinth',
 	},
 	signInTitle: {
 		id: 'auth.sign-in.title',
@@ -185,6 +208,14 @@ const messages = defineMessages({
 		id: 'auth.sign-in.use-password',
 		defaultMessage: 'Or use a password',
 	},
+	continueWithProvider: {
+		id: 'auth.continue-with-provider',
+		defaultMessage: 'Continue with {provider}',
+	},
+	continueWithEmail: {
+		id: 'auth.sign-in.continue-with-email',
+		defaultMessage: 'Continue with Email',
+	},
 })
 
 useHead({
diff --git a/apps/frontend/src/pages/auth/sign-up.vue b/apps/frontend/src/pages/auth/sign-up.vue
index c36e55f9bf..8cff268728 100644
--- a/apps/frontend/src/pages/auth/sign-up.vue
+++ b/apps/frontend/src/pages/auth/sign-up.vue
@@ -1,37 +1,56 @@
 <template>
-	<div>
-		<h1>{{ formatMessage(messages.signUpWithTitle) }}</h1>
-
-		<section class="third-party">
-			<a class="btn discord-btn" :href="getAuthUrl('discord', redirectTarget)">
-				<DiscordColorIcon />
-				<span>Discord</span>
-			</a>
-			<a class="btn" :href="getAuthUrl('github', redirectTarget)">
-				<GitHubColorIcon />
-				<span>GitHub</span>
-			</a>
-			<a class="btn" :href="getAuthUrl('microsoft', redirectTarget)">
-				<MicrosoftColorIcon />
-				<span>Microsoft</span>
-			</a>
-			<a class="btn" :href="getAuthUrl('google', redirectTarget)">
-				<GoogleColorIcon />
-				<span>Google</span>
-			</a>
-			<a class="btn" :href="getAuthUrl('steam', redirectTarget)">
-				<SteamColorIcon />
-				<span>Steam</span>
-			</a>
-			<a class="btn" :href="getAuthUrl('gitlab', redirectTarget)">
-				<GitLabColorIcon />
-				<span>GitLab</span>
-			</a>
+	<div class="flex flex-col gap-6">
+		<div class="text-center text-2xl font-semibold text-contrast">{{ formatMessage(messages.signUpWithTitle) }}</div>
+		<section class="flex flex-col gap-2.5">
+			<ButtonStyled>
+				<a class="!shadow-none" :href="getAuthUrl('google', redirectTarget)">
+					<GoogleColorIcon />
+					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Google' }) }}</span>
+				</a>
+			</ButtonStyled>
+			<ButtonStyled>
+				<a class="!shadow-none" :href="getAuthUrl('microsoft', redirectTarget)">
+					<MicrosoftColorIcon />
+					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Microsoft' }) }}</span>
+				</a>
+			</ButtonStyled>
+			<ButtonStyled>
+				<a class="!shadow-none" :href="getAuthUrl('discord', redirectTarget)">
+					<DiscordColorIcon />
+					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Discord' }) }}</span>
+				</a>
+			</ButtonStyled>
+			<template v-if="showOtherOptions">
+				<ButtonStyled>
+					<a class="!shadow-none" :href="getAuthUrl('github', redirectTarget)">
+						<GitHubColorIcon />
+						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'GitHub' }) }}</span>
+					</a>
+				</ButtonStyled>
+				<ButtonStyled>
+					<a class="!shadow-none" :href="getAuthUrl('gitlab', redirectTarget)">
+						<GitLabColorIcon />
+						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'GitLab' }) }}</span>
+					</a>
+				</ButtonStyled>
+				<ButtonStyled>
+					<a class="!shadow-none" :href="getAuthUrl('steam', redirectTarget)">
+						<SteamColorIcon />
+						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Steam' }) }}</span>
+					</a>
+				</ButtonStyled>
+			</template>
+			<button
+				class="mx-auto -mb-3 bg-transparent pt-1 text-center text-base font-semibold text-secondary transition-all hover:text-primary"
+				@click="showOtherOptions = !showOtherOptions"
+			>
+				{{ showOtherOptions ? formatMessage(messages.showFewerOptions) : formatMessage(messages.showOtherOptions) }}
+			</button>
 		</section>
 
-		<h1>{{ formatMessage(messages.createAccountTitle) }}</h1>
+		<div class="h-px w-full bg-surface-5"></div>
 
-		<section class="auth-form">
+		<section class="flex flex-col gap-2.5">
 			<label for="email" hidden>{{ formatMessage(commonMessages.emailLabel) }}</label>
 			<StyledInput
 				id="email"
@@ -98,15 +117,21 @@
 				</IntlFormatted>
 			</p>
 
-			<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />
+			<HCaptcha
+				v-if="globals?.captcha_enabled && email && password && confirmPassword && username"
+				ref="captcha"
+				v-model="token"
+			/>
 
-			<button
-				class="btn btn-primary continue-btn centered-btn"
-				:disabled="globals?.captcha_enabled ? !token : false"
-				@click="createAccount"
-			>
-				{{ formatMessage(messages.createAccountButton) }} <RightArrowIcon />
-			</button>
+			<ButtonStyled color="brand">
+				<button
+					class="!w-full"
+					:disabled="globals?.captcha_enabled ? !token : false"
+					@click="createAccount"
+				>
+					{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
+				</button>
+			</ButtonStyled>
 
 			<div class="auth-form__additional-options">
 				{{ formatMessage(messages.alreadyHaveAccountLabel) }}
@@ -138,6 +163,7 @@ import {
 	UserIcon,
 } from '@modrinth/assets'
 import {
+	ButtonStyled,
 	Checkbox,
 	commonMessages,
 	defineMessages,
@@ -163,11 +189,7 @@ const messages = defineMessages({
 	},
 	signUpWithTitle: {
 		id: 'auth.sign-up.title.sign-up-with',
-		defaultMessage: 'Sign up with',
-	},
-	createAccountTitle: {
-		id: 'auth.sign-up.title.create-account',
-		defaultMessage: 'Or create an account yourself',
+		defaultMessage: 'Create an Account',
 	},
 	subscribeLabel: {
 		id: 'auth.sign-up.subscribe.label',
@@ -186,6 +208,22 @@ const messages = defineMessages({
 		id: 'auth.sign-up.sign-in-option.title',
 		defaultMessage: 'Already have an account?',
 	},
+	continueWithProvider: {
+		id: 'auth.continue-with-provider',
+		defaultMessage: 'Continue with {provider}',
+	},
+	continueWithEmail: {
+		id: 'auth.sign-up.continue-with-email',
+		defaultMessage: 'Continue with Email',
+	},
+	showFewerOptions: {
+		id: 'auth.sign-up.show-fewer-options',
+		defaultMessage: 'Show fewer options',
+	},
+	showOtherOptions: {
+		id: 'auth.sign-up.show-other-options',
+		defaultMessage: 'Show other options',
+	},
 })
 
 useHead({
@@ -196,6 +234,7 @@ const auth = await useAuth()
 const route = useNativeRoute()
 
 const redirectTarget = route.query.redirect
+const showOtherOptions = ref(false)
 
 if (auth.value.user) {
 	await navigateTo('/dashboard')

From 6b73118cfce5c43c53650a3528c33ff20a7402fa Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Mon, 13 Apr 2026 13:37:20 -0600
Subject: [PATCH 02/11] refactor: auth.js to auth.ts

---
 apps/frontend/src/app.vue                     |   2 +
 .../ui/create/ProjectCreateModal.vue          |   4 +-
 .../LegacyPaypalDetailsStage.vue              |   3 +-
 .../TremendousDetailsStage.vue                |   2 +-
 .../ui/moderation/ModerationReportCard.vue    |   3 +-
 .../ui/moderation/ModerationTechRevCard.vue   |   2 +-
 .../stages/SelectPublishedModpack.vue         |   2 +-
 apps/frontend/src/composables/auth.js         | 157 ---------------
 apps/frontend/src/composables/auth.ts         | 182 ++++++++++++++++++
 apps/frontend/src/layouts/default.vue         |   2 +-
 apps/frontend/src/locales/en-US/index.json    |  25 +--
 apps/frontend/src/pages/[type]/[id].vue       |   2 +-
 .../pages/[type]/[id]/settings/versions.vue   |   2 +-
 .../pages/[type]/[id]/version/[version].vue   |   2 +-
 .../src/pages/[type]/[id]/versions.vue        |   2 +-
 apps/frontend/src/pages/auth/authorize.vue    |   1 -
 .../src/pages/dashboard/organizations.vue     |   1 -
 apps/frontend/src/pages/settings/account.vue  |   2 +-
 apps/frontend/src/pages/user/[id].vue         |   2 +-
 apps/frontend/src/providers/setup/auth.ts     |   2 +-
 20 files changed, 213 insertions(+), 187 deletions(-)
 delete mode 100644 apps/frontend/src/composables/auth.js
 create mode 100644 apps/frontend/src/composables/auth.ts

diff --git a/apps/frontend/src/app.vue b/apps/frontend/src/app.vue
index ebac15cd62..901314b7f1 100644
--- a/apps/frontend/src/app.vue
+++ b/apps/frontend/src/app.vue
@@ -13,6 +13,8 @@ import { I18nDebugPanel, NotificationPanel } from '@modrinth/ui'
 import ModrinthLoadingIndicator from '~/components/ui/modrinth-loading-indicator.ts'
 import { setupProviders } from '~/providers/setup.ts'
 
+import { useAuth } from './composables/auth'
+
 const auth = await useAuth()
 setupProviders(auth)
 </script>
diff --git a/apps/frontend/src/components/ui/create/ProjectCreateModal.vue b/apps/frontend/src/components/ui/create/ProjectCreateModal.vue
index 77f51ac7b2..3f3aef438a 100644
--- a/apps/frontend/src/components/ui/create/ProjectCreateModal.vue
+++ b/apps/frontend/src/components/ui/create/ProjectCreateModal.vue
@@ -164,9 +164,7 @@ defineExpose({
 	show,
 })
 
-const auth = (await useAuth()) as Ref<{
-	user: { id: string; username: string; avatar_url: string } | null
-}>
+const auth = await useAuth()
 
 const messages = defineMessages({
 	title: {
diff --git a/apps/frontend/src/components/ui/dashboard/withdraw-stages/LegacyPaypalDetailsStage.vue b/apps/frontend/src/components/ui/dashboard/withdraw-stages/LegacyPaypalDetailsStage.vue
index 6278f19a2f..24974b3bba 100644
--- a/apps/frontend/src/components/ui/dashboard/withdraw-stages/LegacyPaypalDetailsStage.vue
+++ b/apps/frontend/src/components/ui/dashboard/withdraw-stages/LegacyPaypalDetailsStage.vue
@@ -120,7 +120,7 @@ import { computed, onMounted, ref, watch } from 'vue'
 
 import RevenueInputField from '@/components/ui/dashboard/RevenueInputField.vue'
 import WithdrawFeeBreakdown from '@/components/ui/dashboard/WithdrawFeeBreakdown.vue'
-import { getAuthUrl, removeAuthProvider, useAuth } from '@/composables/auth.js'
+import { getAuthUrl, removeAuthProvider, useAuth } from '@/composables/auth.ts'
 import { useWithdrawContext } from '@/providers/creator-withdraw.ts'
 
 const { withdrawData, maxWithdrawAmount, availableMethods, calculateFees, saveStateToStorage } =
@@ -193,7 +193,6 @@ async function saveVenmoHandle() {
 			},
 		})
 
-		// @ts-expect-error auth.js is not typed
 		await useAuth(auth.value.token)
 
 		initialVenmoHandle.value = venmoHandle.value.trim()
diff --git a/apps/frontend/src/components/ui/dashboard/withdraw-stages/TremendousDetailsStage.vue b/apps/frontend/src/components/ui/dashboard/withdraw-stages/TremendousDetailsStage.vue
index f9e6d66223..3d2f1eda5f 100644
--- a/apps/frontend/src/components/ui/dashboard/withdraw-stages/TremendousDetailsStage.vue
+++ b/apps/frontend/src/components/ui/dashboard/withdraw-stages/TremendousDetailsStage.vue
@@ -358,8 +358,8 @@ import { computed, onMounted, ref, watch } from 'vue'
 
 import RevenueInputField from '@/components/ui/dashboard/RevenueInputField.vue'
 import WithdrawFeeBreakdown from '@/components/ui/dashboard/WithdrawFeeBreakdown.vue'
-import { useAuth } from '@/composables/auth.js'
 import { useWithdrawContext } from '@/providers/creator-withdraw.ts'
+import { useAuth } from '~/composables/auth.ts'
 
 const debug = useDebugLogger('TremendousDetailsStage')
 const { withdrawData, maxWithdrawAmount, availableMethods, paymentOptions, calculateFees } =
diff --git a/apps/frontend/src/components/ui/moderation/ModerationReportCard.vue b/apps/frontend/src/components/ui/moderation/ModerationReportCard.vue
index ef77f3146f..e1a23d1c5b 100644
--- a/apps/frontend/src/components/ui/moderation/ModerationReportCard.vue
+++ b/apps/frontend/src/components/ui/moderation/ModerationReportCard.vue
@@ -190,7 +190,6 @@ import {
 	LinkIcon,
 } from '@modrinth/assets'
 import { type ExtendedReport, reportQuickReplies } from '@modrinth/moderation'
-import { type OverflowMenuOption, useFormatDateTime } from '@modrinth/ui'
 import {
 	Avatar,
 	ButtonStyled,
@@ -198,6 +197,8 @@ import {
 	getProjectTypeIcon,
 	injectNotificationManager,
 	OverflowMenu,
+	type OverflowMenuOption,
+	useFormatDateTime,
 	useRelativeTime,
 } from '@modrinth/ui'
 import { formatProjectType } from '@modrinth/utils'
diff --git a/apps/frontend/src/components/ui/moderation/ModerationTechRevCard.vue b/apps/frontend/src/components/ui/moderation/ModerationTechRevCard.vue
index 97e83c06ff..bb309d7c07 100644
--- a/apps/frontend/src/components/ui/moderation/ModerationTechRevCard.vue
+++ b/apps/frontend/src/components/ui/moderation/ModerationTechRevCard.vue
@@ -26,11 +26,11 @@ import {
 	getProjectTypeIcon,
 	injectModrinthClient,
 	injectNotificationManager,
+	NavTabs,
 	OverflowMenu,
 	type OverflowMenuOption,
 	useFormatDateTime,
 } from '@modrinth/ui'
-import { NavTabs } from '@modrinth/ui'
 import {
 	capitalizeString,
 	formatProjectType,
diff --git a/apps/frontend/src/components/ui/project-settings/ServerCompatibilityModal/stages/SelectPublishedModpack.vue b/apps/frontend/src/components/ui/project-settings/ServerCompatibilityModal/stages/SelectPublishedModpack.vue
index 16fd0fa9b6..1346fe17dd 100644
--- a/apps/frontend/src/components/ui/project-settings/ServerCompatibilityModal/stages/SelectPublishedModpack.vue
+++ b/apps/frontend/src/components/ui/project-settings/ServerCompatibilityModal/stages/SelectPublishedModpack.vue
@@ -87,7 +87,7 @@ const currentProjectId = computed(() => projectV3.value?.id)
 const { selectedProjectId, selectedVersionId } = injectServerCompatibilityContext()
 const { labrinth } = injectModrinthClient()
 const { addNotification } = injectNotificationManager()
-const auth = (await useAuth()) as { user?: { id: string } }
+const auth = await useAuth()
 
 interface VersionInfo {
 	id: string
diff --git a/apps/frontend/src/composables/auth.js b/apps/frontend/src/composables/auth.js
deleted file mode 100644
index e69d6a4d52..0000000000
--- a/apps/frontend/src/composables/auth.js
+++ /dev/null
@@ -1,157 +0,0 @@
-export const useAuth = async (oldToken = null) => {
-	const auth = useState('auth', () => ({
-		user: null,
-		token: '',
-		headers: {},
-	}))
-
-	if (!auth.value.user || oldToken) {
-		auth.value = await initAuth(oldToken)
-	}
-
-	return auth
-}
-
-export const initAuth = async (oldToken = null) => {
-	const auth = {
-		user: null,
-		token: '',
-	}
-
-	if (oldToken === 'none') {
-		return auth
-	}
-
-	const route = useRoute()
-	const authCookie = useCookie('auth-token', {
-		maxAge: 60 * 60 * 24 * 365 * 10,
-		sameSite: 'lax',
-		secure: true,
-		httpOnly: false,
-		path: '/',
-	})
-
-	if (oldToken) {
-		authCookie.value = oldToken
-	}
-
-	if (route.query.code && !route.fullPath.includes('new_account=true')) {
-		authCookie.value = route.query.code
-	}
-
-	if (route.fullPath.includes('new_account=true') && route.path !== '/auth/welcome') {
-		const redirect = route.path.startsWith('/auth/') ? null : route.fullPath
-
-		await navigateTo(
-			`/auth/welcome?authToken=${route.query.code}${
-				redirect ? `&redirect=${encodeURIComponent(redirect)}` : ''
-			}`,
-		)
-	}
-
-	if (authCookie.value) {
-		auth.token = authCookie.value
-
-		if (!auth.token || !auth.token.startsWith('mra_')) {
-			return auth
-		}
-
-		try {
-			auth.user = await useBaseFetch(
-				'user',
-				{
-					headers: {
-						Authorization: auth.token,
-					},
-				},
-				true,
-			)
-		} catch {
-			/* empty */
-		}
-	}
-
-	if (!auth.user && auth.token) {
-		try {
-			const session = await useBaseFetch(
-				'session/refresh',
-				{
-					method: 'POST',
-					headers: {
-						Authorization: auth.token,
-					},
-				},
-				true,
-			)
-
-			auth.token = session.session
-			authCookie.value = auth.token
-
-			auth.user = await useBaseFetch(
-				'user',
-				{
-					headers: {
-						Authorization: auth.token,
-					},
-				},
-				true,
-			)
-		} catch {
-			authCookie.value = null
-		}
-	}
-
-	return auth
-}
-
-export const getSignInRedirectPath = (route) => {
-	const fullPath = route.fullPath
-	if (fullPath === '/auth' || fullPath.startsWith('/auth/')) {
-		return '/dashboard'
-	}
-	return fullPath
-}
-
-export const getSignInRouteObj = (route, redirectOverride) => ({
-	path: '/auth/sign-in',
-	query: {
-		redirect: redirectOverride ?? getSignInRedirectPath(route),
-	},
-})
-
-export const getAuthUrl = (provider, redirect = '/dashboard') => {
-	const config = useRuntimeConfig()
-	const route = useNativeRoute()
-
-	const fullURL = route.query.launcher
-		? getLauncherRedirectUrl(route)
-		: `${config.public.siteUrl}/auth/sign-in?redirect=${encodeURIComponent(redirect)}`
-
-	return `${config.public.apiBaseUrl}auth/init?provider=${provider}&url=${encodeURIComponent(fullURL)}`
-}
-
-export const removeAuthProvider = async (provider) => {
-	startLoading()
-
-	const auth = await useAuth()
-
-	await useBaseFetch('auth/provider', {
-		method: 'DELETE',
-		body: {
-			provider,
-		},
-	})
-
-	await useAuth(auth.value.token)
-
-	stopLoading()
-}
-
-export const getLauncherRedirectUrl = (route) => {
-	const usesLocalhostRedirectionScheme =
-		['4', '6'].includes(route.query.ipver) && Number(route.query.port) < 65536
-
-	return usesLocalhostRedirectionScheme
-		? `http://${route.query.ipver === '4' ? '127.0.0.1' : '[::1]'}:${route.query.port}`
-		: `https://launcher-files.modrinth.com`
-}
diff --git a/apps/frontend/src/composables/auth.ts b/apps/frontend/src/composables/auth.ts
new file mode 100644
index 0000000000..4608995779
--- /dev/null
+++ b/apps/frontend/src/composables/auth.ts
@@ -0,0 +1,182 @@
+import type { Labrinth } from '@modrinth/api-client'
+import type { LocationQueryValue, RouteLocationNormalizedLoaded } from 'vue-router'
+
+import type { CookieOptions } from '#app'
+
+type AuthState = {
+	user: Labrinth.Users.v2.User | null
+	token: string
+}
+
+type QueryValue = LocationQueryValue | LocationQueryValue[] | undefined
+type FullPathRoute = Pick<RouteLocationNormalizedLoaded, 'fullPath'>
+type LauncherRoute = Pick<RouteLocationNormalizedLoaded, 'query'>
+
+const AUTH_COOKIE_OPTIONS = {
+	maxAge: 60 * 60 * 24 * 365 * 10,
+	sameSite: 'lax',
+	secure: true,
+	httpOnly: false,
+	path: '/',
+} satisfies CookieOptions<string | null>
+
+const getQueryString = (value: QueryValue) => {
+	if (Array.isArray(value)) {
+		return value[0] ?? null
+	}
+	return value ?? null
+}
+
+export const useAuth = async (oldToken: string | null | undefined = null) => {
+	const auth = useState<AuthState>('auth', () => ({
+		user: null,
+		token: '',
+	}))
+
+	if (!auth.value.user || oldToken) {
+		auth.value = await initAuth(oldToken)
+	}
+
+	return auth
+}
+
+export const initAuth = async (oldToken: string | null | undefined = null) => {
+	const auth: AuthState = {
+		user: null,
+		token: '',
+	}
+
+	if (oldToken === 'none') {
+		return auth
+	}
+
+	const route = useRoute()
+	const authCookie = useCookie<string | null>('auth-token', AUTH_COOKIE_OPTIONS)
+	const authCode = getQueryString(route.query.code)
+
+	if (oldToken) {
+		authCookie.value = oldToken
+	}
+
+	if (authCode && !route.fullPath.includes('new_account=true')) {
+		authCookie.value = authCode
+	}
+
+	if (route.fullPath.includes('new_account=true') && route.path !== '/auth/welcome') {
+		const redirect = route.path.startsWith('/auth/') ? null : route.fullPath
+
+		await navigateTo(
+			`/auth/welcome?authToken=${authCode ?? ''}${
+				redirect ? `&redirect=${encodeURIComponent(redirect)}` : ''
+			}`,
+		)
+	}
+
+	if (authCookie.value) {
+		auth.token = authCookie.value
+
+		if (!auth.token || !auth.token.startsWith('mra_')) {
+			return auth
+		}
+
+		try {
+			auth.user = (await useBaseFetch(
+				'user',
+				{
+					headers: {
+						Authorization: auth.token,
+					},
+				},
+				true,
+			)) as Labrinth.Users.v2.User
+		} catch {
+			/* empty */
+		}
+	}
+
+	if (!auth.user && auth.token) {
+		try {
+			const session = (await useBaseFetch(
+				'session/refresh',
+				{
+					method: 'POST',
+					headers: {
+						Authorization: auth.token,
+					},
+				},
+				true,
+			)) as { session: string }
+
+			auth.token = session.session
+			authCookie.value = auth.token
+
+			auth.user = (await useBaseFetch(
+				'user',
+				{
+					headers: {
+						Authorization: auth.token,
+					},
+				},
+				true,
+			)) as Labrinth.Users.v2.User
+		} catch {
+			authCookie.value = null
+		}
+	}
+
+	return auth
+}
+
+export const getSignInRedirectPath = (route: FullPathRoute) => {
+	const fullPath = route.fullPath
+	if (fullPath === '/auth' || fullPath.startsWith('/auth/')) {
+		return '/dashboard'
+	}
+	return fullPath
+}
+
+export const getSignInRouteObj = (route: FullPathRoute, redirectOverride?: string | null) => ({
+	path: '/auth/sign-in',
+	query: {
+		redirect: redirectOverride ?? getSignInRedirectPath(route),
+	},
+})
+
+export const getAuthUrl = (provider: string, redirect = '/dashboard') => {
+	const config = useRuntimeConfig()
+	const route = useNativeRoute()
+	const launcher = getQueryString(route.query.launcher)
+
+	const fullURL = launcher
+		? getLauncherRedirectUrl(route)
+		: `${config.public.siteUrl}/auth/sign-in?redirect=${encodeURIComponent(redirect)}`
+
+	return `${config.public.apiBaseUrl}auth/init?provider=${provider}&url=${encodeURIComponent(fullURL)}`
+}
+
+export const removeAuthProvider = async (provider: string) => {
+	startLoading()
+
+	const auth = await useAuth()
+
+	await useBaseFetch('auth/provider', {
+		method: 'DELETE',
+		body: {
+			provider,
+		},
+	})
+
+	await useAuth(auth.value.token)
+
+	stopLoading()
+}
+
+export const getLauncherRedirectUrl = (route: LauncherRoute) => {
+	const ipver = getQueryString(route.query.ipver)
+	const port = Number(getQueryString(route.query.port))
+	const usesLocalhostRedirectionScheme = ['4', '6'].includes(ipver ?? '') && port < 65536
+
+	return usesLocalhostRedirectionScheme
+		? `http://${ipver === '4' ? '127.0.0.1' : '[::1]'}:${port}`
+		: 'https://launcher-files.modrinth.com'
+}
diff --git a/apps/frontend/src/layouts/default.vue b/apps/frontend/src/layouts/default.vue
index f0bf302991..ec03c4ab7c 100644
--- a/apps/frontend/src/layouts/default.vue
+++ b/apps/frontend/src/layouts/default.vue
@@ -762,7 +762,7 @@ import CollectionCreateModal from '~/components/ui/create/CollectionCreateModal.
 import OrganizationCreateModal from '~/components/ui/create/OrganizationCreateModal.vue'
 import ProjectCreateModal from '~/components/ui/create/ProjectCreateModal.vue'
 import ModrinthFooter from '~/components/ui/ModrinthFooter.vue'
-import { getSignInRouteObj } from '~/composables/auth.js'
+import { getSignInRouteObj } from '~/composables/auth.ts'
 import { errors as generatedStateErrors } from '~/generated/state.json'
 import { getProjectTypeMessage } from '~/utils/i18n-project-type.ts'
 
diff --git a/apps/frontend/src/locales/en-US/index.json b/apps/frontend/src/locales/en-US/index.json
index 3d012589f5..c3f3154b12 100644
--- a/apps/frontend/src/locales/en-US/index.json
+++ b/apps/frontend/src/locales/en-US/index.json
@@ -224,6 +224,9 @@
   "auth.authorize.redirect-url": {
     "message": "You will be redirected to <redirect-url>{url}</redirect-url>"
   },
+  "auth.continue-with-provider": {
+    "message": "Continue with {provider}"
+  },
   "auth.reset-password.method-choice.action": {
     "message": "Send recovery email"
   },
@@ -269,23 +272,26 @@
   "auth.sign-in.additional-options": {
     "message": "<forgot-password-link>Forgot password</forgot-password-link> • Don't have an account? <create-account-link>Sign up</create-account-link>"
   },
+  "auth.sign-in.continue-with-email": {
+    "message": "Continue with Email"
+  },
   "auth.sign-in.sign-in-with": {
     "message": "Sign into Modrinth"
   },
   "auth.sign-in.title": {
     "message": "Sign In"
   },
-  "auth.sign-in.use-password": {
-    "message": "Or use a password"
-  },
-  "auth.sign-up.action.create-account": {
-    "message": "Create account"
+  "auth.sign-up.continue-with-email": {
+    "message": "Continue with Email"
   },
   "auth.sign-up.legal-dislaimer": {
     "message": "By creating an account, you agree to Modrinth's <terms-link>Terms</terms-link> and <privacy-policy-link>Privacy Policy</privacy-policy-link>."
   },
-  "auth.sign-up.notification.password-mismatch.text": {
-    "message": "Passwords do not match!"
+  "auth.sign-up.show-fewer-options": {
+    "message": "Show fewer options"
+  },
+  "auth.sign-up.show-other-options": {
+    "message": "Show other options"
   },
   "auth.sign-up.sign-in-option.title": {
     "message": "Already have an account?"
@@ -296,11 +302,8 @@
   "auth.sign-up.title": {
     "message": "Sign Up"
   },
-  "auth.sign-up.title.create-account": {
-    "message": "Or create an account yourself"
-  },
   "auth.sign-up.title.sign-up-with": {
-    "message": "Sign up with"
+    "message": "Create an Account"
   },
   "auth.verify-email.action.account-settings": {
     "message": "Account settings"
diff --git a/apps/frontend/src/pages/[type]/[id].vue b/apps/frontend/src/pages/[type]/[id].vue
index 184c5d6722..725c240847 100644
--- a/apps/frontend/src/pages/[type]/[id].vue
+++ b/apps/frontend/src/pages/[type]/[id].vue
@@ -1121,7 +1121,7 @@ import CollectionCreateModal from '~/components/ui/create/CollectionCreateModal.
 import MessageBanner from '~/components/ui/MessageBanner.vue'
 import ModerationChecklist from '~/components/ui/moderation/checklist/ModerationChecklist.vue'
 import ProjectMemberHeader from '~/components/ui/ProjectMemberHeader.vue'
-import { getSignInRouteObj } from '~/composables/auth.js'
+import { getSignInRouteObj } from '~/composables/auth.ts'
 import { saveFeatureFlags } from '~/composables/featureFlags.ts'
 import { STALE_TIME, STALE_TIME_LONG } from '~/composables/queries/project'
 import { versionQueryOptions } from '~/composables/queries/version'
diff --git a/apps/frontend/src/pages/[type]/[id]/settings/versions.vue b/apps/frontend/src/pages/[type]/[id]/settings/versions.vue
index 40d57690c0..87e6c756fe 100644
--- a/apps/frontend/src/pages/[type]/[id]/settings/versions.vue
+++ b/apps/frontend/src/pages/[type]/[id]/settings/versions.vue
@@ -308,7 +308,7 @@ import {
 import { useTemplateRef } from 'vue'
 
 import CreateProjectVersionModal from '~/components/ui/create-project-version/CreateProjectVersionModal.vue'
-import { getSignInRouteObj } from '~/composables/auth.js'
+import { getSignInRouteObj } from '~/composables/auth.ts'
 import { reportVersion } from '~/utils/report-helpers.ts'
 
 const route = useRoute()
diff --git a/apps/frontend/src/pages/[type]/[id]/version/[version].vue b/apps/frontend/src/pages/[type]/[id]/version/[version].vue
index 07f5c06419..c68ded905c 100644
--- a/apps/frontend/src/pages/[type]/[id]/version/[version].vue
+++ b/apps/frontend/src/pages/[type]/[id]/version/[version].vue
@@ -443,7 +443,7 @@ import { formatBytes, renderHighlightedString } from '@modrinth/utils'
 import Breadcrumbs from '~/components/ui/Breadcrumbs.vue'
 import CreateProjectVersionModal from '~/components/ui/create-project-version/CreateProjectVersionModal.vue'
 import Modal from '~/components/ui/Modal.vue'
-import { getSignInRouteObj } from '~/composables/auth.js'
+import { getSignInRouteObj } from '~/composables/auth.ts'
 import { useImageUpload } from '~/composables/image-upload.ts'
 import { inferVersionInfo } from '~/helpers/infer'
 import { createDataPackVersion } from '~/helpers/package.js'
diff --git a/apps/frontend/src/pages/[type]/[id]/versions.vue b/apps/frontend/src/pages/[type]/[id]/versions.vue
index 19035627ae..dff9667708 100644
--- a/apps/frontend/src/pages/[type]/[id]/versions.vue
+++ b/apps/frontend/src/pages/[type]/[id]/versions.vue
@@ -269,7 +269,7 @@ import {
 import { onMounted, useTemplateRef } from 'vue'
 
 import CreateProjectVersionModal from '~/components/ui/create-project-version/CreateProjectVersionModal.vue'
-import { getSignInRouteObj } from '~/composables/auth.js'
+import { getSignInRouteObj } from '~/composables/auth.ts'
 import { reportVersion } from '~/utils/report-helpers.ts'
 
 const route = useRoute()
diff --git a/apps/frontend/src/pages/auth/authorize.vue b/apps/frontend/src/pages/auth/authorize.vue
index c411819eb7..8799b2b7be 100644
--- a/apps/frontend/src/pages/auth/authorize.vue
+++ b/apps/frontend/src/pages/auth/authorize.vue
@@ -95,7 +95,6 @@ import {
 import { useQuery } from '@tanstack/vue-query'
 import { computed } from 'vue'
 
-import { useAuth } from '@/composables/auth.js'
 import { useScopes } from '@/composables/auth/scopes.ts'
 
 const client = injectModrinthClient()
diff --git a/apps/frontend/src/pages/dashboard/organizations.vue b/apps/frontend/src/pages/dashboard/organizations.vue
index 9850aa75d0..4e7df01b86 100644
--- a/apps/frontend/src/pages/dashboard/organizations.vue
+++ b/apps/frontend/src/pages/dashboard/organizations.vue
@@ -54,7 +54,6 @@ import { Avatar, injectModrinthClient } from '@modrinth/ui'
 import { useQuery } from '@tanstack/vue-query'
 
 import OrganizationCreateModal from '~/components/ui/create/OrganizationCreateModal.vue'
-import { useAuth } from '~/composables/auth.js'
 
 const createOrgModal = ref(null)
 
diff --git a/apps/frontend/src/pages/settings/account.vue b/apps/frontend/src/pages/settings/account.vue
index 44c767bf70..239217cb4c 100644
--- a/apps/frontend/src/pages/settings/account.vue
+++ b/apps/frontend/src/pages/settings/account.vue
@@ -478,7 +478,7 @@ import SteamIcon from 'assets/icons/auth/sso-steam.svg'
 import QrcodeVue from 'qrcode.vue'
 
 import Modal from '~/components/ui/Modal.vue'
-import { getAuthUrl, removeAuthProvider } from '~/composables/auth.js'
+import { getAuthUrl, removeAuthProvider } from '~/composables/auth.ts'
 
 definePageMeta({
 	middleware: 'auth',
diff --git a/apps/frontend/src/pages/user/[id].vue b/apps/frontend/src/pages/user/[id].vue
index dd9d197860..27a2039c44 100644
--- a/apps/frontend/src/pages/user/[id].vue
+++ b/apps/frontend/src/pages/user/[id].vue
@@ -521,7 +521,7 @@ import UpToDate from '~/assets/images/illustrations/up_to_date.svg?component'
 import AdPlaceholder from '~/components/ui/AdPlaceholder.vue'
 import CollectionCreateModal from '~/components/ui/create/CollectionCreateModal.vue'
 import ModalCreation from '~/components/ui/create/ProjectCreateModal.vue'
-import { getSignInRouteObj } from '~/composables/auth.js'
+import { getSignInRouteObj } from '~/composables/auth.ts'
 import { reportUser } from '~/utils/report-helpers.ts'
 
 const data = useNuxtApp()
diff --git a/apps/frontend/src/providers/setup/auth.ts b/apps/frontend/src/providers/setup/auth.ts
index cb15021c44..ca81a818c6 100644
--- a/apps/frontend/src/providers/setup/auth.ts
+++ b/apps/frontend/src/providers/setup/auth.ts
@@ -2,7 +2,7 @@ import type { Labrinth } from '@modrinth/api-client'
 import { type AuthProvider, provideAuth } from '@modrinth/ui'
 import { ref, watchEffect } from 'vue'
 
-import { getSignInRedirectPath } from '~/composables/auth.js'
+import { getSignInRedirectPath } from '~/composables/auth.ts'
 
 export function setupAuthProvider(auth: Awaited<ReturnType<typeof useAuth>>) {
 	const router = useRouter()

From 813a62d89dfdf60e38a029b8ac516018815bcd96 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Mon, 13 Apr 2026 13:48:29 -0600
Subject: [PATCH 03/11] refactor: componentize auth pages

---
 .../src/components/ui/auth/CreateAccount.vue  | 302 ++++++++++++++++++
 .../src/components/ui/{ => auth}/HCaptcha.vue |   0
 .../src/components/ui/auth/SignIn.vue         | 295 +++++++++++++++++
 .../src/components/ui/auth/SignUp.vue         | 268 ++++++++++++++++
 .../src/pages/auth/reset-password.vue         |   2 +-
 apps/frontend/src/pages/auth/sign-in.vue      | 213 ++----------
 apps/frontend/src/pages/auth/sign-up.vue      | 249 ++-------------
 7 files changed, 916 insertions(+), 413 deletions(-)
 create mode 100644 apps/frontend/src/components/ui/auth/CreateAccount.vue
 rename apps/frontend/src/components/ui/{ => auth}/HCaptcha.vue (100%)
 create mode 100644 apps/frontend/src/components/ui/auth/SignIn.vue
 create mode 100644 apps/frontend/src/components/ui/auth/SignUp.vue

diff --git a/apps/frontend/src/components/ui/auth/CreateAccount.vue b/apps/frontend/src/components/ui/auth/CreateAccount.vue
new file mode 100644
index 0000000000..e88eae980f
--- /dev/null
+++ b/apps/frontend/src/components/ui/auth/CreateAccount.vue
@@ -0,0 +1,302 @@
+<template>
+	<div class="create-account-card">
+		<h1 class="create-account-title">{{ formatMessage(messages.title) }}</h1>
+
+		<section class="create-account-section">
+			<label class="create-account-label" for="create-account-dob">
+				{{ formatMessage(messages.dateOfBirthLabel) }}
+			</label>
+			<div class="date-input-wrap">
+				<input
+					id="create-account-dob"
+					v-model="dateOfBirthModel"
+					class="date-input"
+					type="date"
+					:max="maxBirthDate"
+				/>
+				<CalendarIcon class="date-input-icon" />
+			</div>
+			<p class="helper-text">{{ formatMessage(messages.over13HelperText) }}</p>
+		</section>
+
+		<section class="info-panel">
+			<div class="info-panel-icon">
+				<InfoIcon />
+			</div>
+			<div class="info-panel-content">
+				<p>{{ formatMessage(messages.infoPanelText) }}</p>
+				<a class="text-link" :href="sourceCodeUrl" target="_blank" rel="noopener noreferrer">
+					{{ formatMessage(messages.relevantSourceCodeText) }}
+				</a>
+			</div>
+		</section>
+
+		<section class="create-account-section">
+			<label class="create-account-label" for="create-account-username">
+				{{ formatMessage(messages.usernameOptionalLabel) }}
+			</label>
+			<StyledInput
+				id="create-account-username"
+				v-model="usernameModel"
+				type="text"
+				:placeholder="formatMessage(messages.usernamePlaceholder)"
+				wrapper-class="w-full"
+			/>
+		</section>
+
+		<section class="create-account-section">
+			<label class="create-account-label">{{ formatMessage(messages.securityCheckLabel) }}</label>
+			<div class="captcha-wrap">
+				<HCaptcha v-if="globals?.captcha_enabled" :ref="onSetCaptchaRef" v-model="tokenModel" />
+			</div>
+		</section>
+
+		<Checkbox
+			v-model="subscribeModel"
+			class="subscribe-checkbox"
+			:label="formatMessage(messages.subscribeLabel)"
+			:description="formatMessage(messages.subscribeLabel)"
+		/>
+
+		<ButtonStyled color="brand">
+			<button
+				class="!w-full complete-sign-up-btn"
+				:disabled="globals?.captcha_enabled ? !tokenModel : false"
+				@click="onCompleteSignUp()"
+			>
+				{{ formatMessage(messages.completeSignUpButton) }}
+			</button>
+		</ButtonStyled>
+	</div>
+</template>
+
+<script setup>
+import { CalendarIcon, InfoIcon } from '@modrinth/assets'
+import { ButtonStyled, Checkbox, defineMessages, StyledInput, useVIntl } from '@modrinth/ui'
+import { computed } from 'vue'
+
+import HCaptcha from '@/components/ui/auth/HCaptcha.vue'
+
+const props = defineProps({
+	dateOfBirth: {
+		type: String,
+		default: '',
+	},
+	username: {
+		type: String,
+		default: '',
+	},
+	token: {
+		type: String,
+		default: '',
+	},
+	subscribe: {
+		type: Boolean,
+		default: false,
+	},
+	globals: {
+		type: Object,
+		default: null,
+	},
+	sourceCodeUrl: {
+		type: String,
+		default: 'https://github.com/modrinth/labrinth/blob/main/apps/labrinth/src/routes/internal/flows.rs',
+	},
+	onCompleteSignUp: {
+		type: Function,
+		default: () => {},
+	},
+	onSetCaptchaRef: {
+		type: Function,
+		default: undefined,
+	},
+})
+
+const emit = defineEmits([
+	'update:dateOfBirth',
+	'update:username',
+	'update:token',
+	'update:subscribe',
+])
+
+const dateOfBirthModel = computed({
+	get: () => props.dateOfBirth,
+	set: (value) => emit('update:dateOfBirth', value),
+})
+
+const usernameModel = computed({
+	get: () => props.username,
+	set: (value) => emit('update:username', value),
+})
+
+const tokenModel = computed({
+	get: () => props.token,
+	set: (value) => emit('update:token', value),
+})
+
+const subscribeModel = computed({
+	get: () => props.subscribe,
+	set: (value) => emit('update:subscribe', value),
+})
+
+const maxBirthDate = computed(() => {
+	const date = new Date()
+	date.setFullYear(date.getFullYear() - 13)
+	return date.toISOString().slice(0, 10)
+})
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	title: {
+		id: 'auth.create-account.title',
+		defaultMessage: 'Create an Account',
+	},
+	dateOfBirthLabel: {
+		id: 'auth.create-account.date-of-birth.label',
+		defaultMessage: 'Date of birth',
+	},
+	over13HelperText: {
+		id: 'auth.create-account.date-of-birth.over13-helper',
+		defaultMessage: 'You must be over 13 years old to use Modrinth.',
+	},
+	infoPanelText: {
+		id: 'auth.create-account.info-panel.text',
+		defaultMessage: 'We do not store your date of birth, it is only used to confirm your age at sign up.',
+	},
+	relevantSourceCodeText: {
+		id: 'auth.create-account.info-panel.source-code-link',
+		defaultMessage: 'Relevant source code',
+	},
+	usernameOptionalLabel: {
+		id: 'auth.create-account.username.optional-label',
+		defaultMessage: 'Username (Optional)',
+	},
+	usernamePlaceholder: {
+		id: 'auth.create-account.username.placeholder',
+		defaultMessage: 'Enter username',
+	},
+	securityCheckLabel: {
+		id: 'auth.create-account.security-check.label',
+		defaultMessage: 'Security check',
+	},
+	subscribeLabel: {
+		id: 'auth.create-account.subscribe.label',
+		defaultMessage: 'Keep me updated on the cool things Modrinth is working on via email',
+	},
+	completeSignUpButton: {
+		id: 'auth.create-account.complete-sign-up',
+		defaultMessage: 'Complete sign up',
+	},
+})
+</script>
+
+<style scoped lang="scss">
+.create-account-card {
+	background: var(--color-raised-bg);
+	border: 1px solid var(--color-button-bg);
+	border-radius: var(--size-rounded-xl);
+	box-shadow: var(--shadow-card);
+	display: flex;
+	flex-direction: column;
+	gap: var(--gap-md);
+	margin-inline: auto;
+	max-width: 30rem;
+	padding: var(--gap-xl);
+}
+
+.create-account-title {
+	font-size: var(--text-4xl);
+	font-weight: var(--weight-bold);
+	line-height: 1.2;
+	margin: 0;
+	text-align: center;
+}
+
+.create-account-section {
+	display: flex;
+	flex-direction: column;
+	gap: var(--gap-sm);
+}
+
+.create-account-label {
+	color: var(--color-contrast);
+	font-size: var(--text-xl);
+	font-weight: var(--weight-bold);
+}
+
+.date-input-wrap {
+	align-items: center;
+	background: var(--color-button-bg);
+	border-radius: var(--size-rounded-lg);
+	display: flex;
+	gap: var(--gap-sm);
+	padding: 0.875rem 1rem;
+}
+
+.date-input {
+	background: transparent;
+	border: 0;
+	color: var(--color-contrast);
+	font-size: var(--text-lg);
+	outline: none;
+	width: 100%;
+}
+
+.date-input-icon {
+	color: var(--color-secondary);
+	flex-shrink: 0;
+	height: 1.2rem;
+	width: 1.2rem;
+}
+
+.helper-text {
+	color: var(--color-secondary);
+	font-size: var(--text-lg);
+	margin: 0;
+}
+
+.info-panel {
+	background: color-mix(in oklab, var(--color-brand) 20%, var(--color-bg));
+	border: 1px solid color-mix(in oklab, var(--color-brand) 80%, transparent);
+	border-radius: var(--size-rounded-xl);
+	display: flex;
+	gap: var(--gap-sm);
+	padding: var(--gap-md);
+}
+
+.info-panel-icon {
+	color: var(--color-brand);
+	display: flex;
+	flex-shrink: 0;
+}
+
+.info-panel-content {
+	display: flex;
+	flex-direction: column;
+	gap: var(--gap-xs);
+
+	p {
+		color: var(--color-contrast);
+		font-size: var(--text-lg);
+		margin: 0;
+	}
+}
+
+.captcha-wrap {
+	background: var(--color-button-bg);
+	border-radius: var(--size-rounded-lg);
+	min-height: 4.25rem;
+	padding: var(--gap-md);
+}
+
+.subscribe-checkbox {
+	border: 1px solid var(--color-button-bg);
+	border-radius: var(--size-rounded-xl);
+	padding: 0.75rem 1rem;
+}
+
+.complete-sign-up-btn {
+	font-weight: var(--weight-bold);
+}
+</style>
diff --git a/apps/frontend/src/components/ui/HCaptcha.vue b/apps/frontend/src/components/ui/auth/HCaptcha.vue
similarity index 100%
rename from apps/frontend/src/components/ui/HCaptcha.vue
rename to apps/frontend/src/components/ui/auth/HCaptcha.vue
diff --git a/apps/frontend/src/components/ui/auth/SignIn.vue b/apps/frontend/src/components/ui/auth/SignIn.vue
new file mode 100644
index 0000000000..09a969b89a
--- /dev/null
+++ b/apps/frontend/src/components/ui/auth/SignIn.vue
@@ -0,0 +1,295 @@
+<template>
+	<div v-if="subtleLauncherRedirectUri">
+		<iframe
+			:src="subtleLauncherRedirectUri"
+			class="fixed left-0 top-0 z-[9999] m-0 h-full w-full border-0 p-0"
+		></iframe>
+	</div>
+	<div v-else>
+		<template v-if="flow && !subtleLauncherRedirectUri">
+			<label for="two-factor-code">
+				<span class="label__title">{{ formatMessage(messages.twoFactorCodeLabel) }}</span>
+				<span class="label__description">
+					{{ formatMessage(messages.twoFactorCodeLabelDescription) }}
+				</span>
+			</label>
+			<StyledInput
+				id="two-factor-code"
+				v-model="twoFactorCodeModel"
+				:maxlength="11"
+				inputmode="numeric"
+				:placeholder="formatMessage(messages.twoFactorCodeInputPlaceholder)"
+				autocomplete="one-time-code"
+				@keyup.enter="onTwoFactorSignIn()"
+			/>
+
+			<button class="btn btn-primary continue-btn" @click="onTwoFactorSignIn()">
+				{{ formatMessage(commonMessages.signInButton) }} <RightArrowIcon />
+			</button>
+		</template>
+		<template v-else>
+			<div class="flex flex-col gap-6">
+				<div class="text-center text-2xl font-semibold text-contrast">
+					{{ formatMessage(messages.signInWithLabel) }}
+				</div>
+
+				<section class="flex flex-col gap-2.5">
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('google', redirectTarget)">
+							<GoogleColorIcon />
+							<span class="ml-1">{{
+								formatMessage(messages.continueWithProvider, { provider: 'Google' })
+							}}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('microsoft', redirectTarget)">
+							<MicrosoftColorIcon />
+							<span class="ml-1">{{
+								formatMessage(messages.continueWithProvider, { provider: 'Microsoft' })
+							}}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('discord', redirectTarget)">
+							<DiscordColorIcon />
+							<span class="ml-1">{{
+								formatMessage(messages.continueWithProvider, { provider: 'Discord' })
+							}}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('github', redirectTarget)">
+							<GitHubColorIcon />
+							<span class="ml-1">{{
+								formatMessage(messages.continueWithProvider, { provider: 'GitHub' })
+							}}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('gitlab', redirectTarget)">
+							<GitLabColorIcon />
+							<span class="ml-1">{{
+								formatMessage(messages.continueWithProvider, { provider: 'GitLab' })
+							}}</span>
+						</a>
+					</ButtonStyled>
+					<ButtonStyled>
+						<a class="!shadow-none" :href="getAuthUrl('steam', redirectTarget)">
+							<SteamColorIcon />
+							<span class="ml-1">{{
+								formatMessage(messages.continueWithProvider, { provider: 'Steam' })
+							}}</span>
+						</a>
+					</ButtonStyled>
+				</section>
+
+				<div class="h-px w-full bg-surface-5"></div>
+
+				<section class="auth-form">
+					<label for="email" hidden>{{ formatMessage(commonMessages.emailUsernameLabel) }}</label>
+					<StyledInput
+						id="email"
+						v-model="emailModel"
+						:icon="MailIcon"
+						type="text"
+						inputmode="email"
+						autocomplete="username"
+						:placeholder="formatMessage(commonMessages.emailUsernameLabel)"
+						wrapper-class="w-full"
+					/>
+
+					<label for="password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
+					<StyledInput
+						id="password"
+						v-model="passwordModel"
+						:icon="KeyIcon"
+						type="password"
+						autocomplete="current-password"
+						:placeholder="formatMessage(commonMessages.passwordLabel)"
+						wrapper-class="w-full"
+					/>
+
+					<HCaptcha
+						v-if="globals?.captcha_enabled && emailModel && passwordModel"
+						:ref="onSetCaptchaRef"
+						v-model="tokenModel"
+					/>
+
+					<ButtonStyled color="brand">
+						<button
+							class="!w-full"
+							:disabled="globals?.captcha_enabled ? !tokenModel : false"
+							@click="onPasswordSignIn()"
+						>
+							{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
+						</button>
+					</ButtonStyled>
+
+					<div class="auth-form__additional-options !text-base">
+						<IntlFormatted :message-id="messages.additionalOptionsLabel">
+							<template #forgot-password-link="{ children }">
+								<NuxtLink
+									class="text-link"
+									:to="{
+										path: '/auth/reset-password',
+										query: routeQuery,
+									}"
+								>
+									<component :is="() => children" />
+								</NuxtLink>
+							</template>
+							<template #create-account-link="{ children }">
+								<NuxtLink
+									class="inline text-link"
+									:to="{
+										path: '/auth/sign-up',
+										query: routeQuery,
+									}"
+								>
+									<component :is="() => children" />
+								</NuxtLink>
+							</template>
+						</IntlFormatted>
+					</div>
+				</section>
+			</div>
+		</template>
+	</div>
+</template>
+
+<script setup>
+import {
+	DiscordColorIcon,
+	GitHubColorIcon,
+	GitLabColorIcon,
+	GoogleColorIcon,
+	KeyIcon,
+	MailIcon,
+	MicrosoftColorIcon,
+	RightArrowIcon,
+	SteamColorIcon,
+} from '@modrinth/assets'
+import {
+	ButtonStyled,
+	commonMessages,
+	defineMessages,
+	IntlFormatted,
+	StyledInput,
+	useVIntl,
+} from '@modrinth/ui'
+import { computed } from 'vue'
+
+import HCaptcha from '@/components/ui/auth/HCaptcha.vue'
+import { getAuthUrl } from '@/composables/auth.ts'
+
+const props = defineProps({
+	subtleLauncherRedirectUri: {
+		type: String,
+		default: '',
+	},
+	flow: {
+		default: '',
+	},
+	redirectTarget: {
+		type: String,
+		default: '',
+	},
+	routeQuery: {
+		type: Object,
+		default: () => ({}),
+	},
+	globals: {
+		type: Object,
+		default: null,
+	},
+	email: {
+		type: String,
+		default: '',
+	},
+	password: {
+		type: String,
+		default: '',
+	},
+	token: {
+		type: String,
+		default: '',
+	},
+	twoFactorCode: {
+		default: null,
+	},
+	onPasswordSignIn: {
+		type: Function,
+		default: () => {},
+	},
+	onTwoFactorSignIn: {
+		type: Function,
+		default: () => {},
+	},
+	onSetCaptchaRef: {
+		type: Function,
+		default: undefined,
+	},
+})
+
+const emit = defineEmits([
+	'update:email',
+	'update:password',
+	'update:token',
+	'update:twoFactorCode',
+])
+
+const emailModel = computed({
+	get: () => props.email,
+	set: (value) => emit('update:email', value),
+})
+
+const passwordModel = computed({
+	get: () => props.password,
+	set: (value) => emit('update:password', value),
+})
+
+const tokenModel = computed({
+	get: () => props.token,
+	set: (value) => emit('update:token', value),
+})
+
+const twoFactorCodeModel = computed({
+	get: () => props.twoFactorCode,
+	set: (value) => emit('update:twoFactorCode', value),
+})
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	additionalOptionsLabel: {
+		id: 'auth.sign-in.additional-options',
+		defaultMessage:
+			"<forgot-password-link>Forgot password</forgot-password-link> • Don't have an account? <create-account-link>Sign up</create-account-link>",
+	},
+	signInWithLabel: {
+		id: 'auth.sign-in.sign-in-with',
+		defaultMessage: 'Sign into Modrinth',
+	},
+	twoFactorCodeInputPlaceholder: {
+		id: 'auth.sign-in.2fa.placeholder',
+		defaultMessage: 'Enter code...',
+	},
+	twoFactorCodeLabel: {
+		id: 'auth.sign-in.2fa.label',
+		defaultMessage: 'Enter two-factor code',
+	},
+	twoFactorCodeLabelDescription: {
+		id: 'auth.sign-in.2fa.description',
+		defaultMessage: 'Please enter a two-factor code to proceed.',
+	},
+	continueWithProvider: {
+		id: 'auth.continue-with-provider',
+		defaultMessage: 'Continue with {provider}',
+	},
+	continueWithEmail: {
+		id: 'auth.sign-in.continue-with-email',
+		defaultMessage: 'Continue with Email',
+	},
+})
+</script>
diff --git a/apps/frontend/src/components/ui/auth/SignUp.vue b/apps/frontend/src/components/ui/auth/SignUp.vue
new file mode 100644
index 0000000000..9b46aca712
--- /dev/null
+++ b/apps/frontend/src/components/ui/auth/SignUp.vue
@@ -0,0 +1,268 @@
+<template>
+	<div class="flex flex-col gap-6">
+		<div class="text-center text-2xl font-semibold text-contrast">
+			{{ formatMessage(messages.signUpWithTitle) }}
+		</div>
+		<section class="flex flex-col gap-2.5">
+			<ButtonStyled>
+				<a class="!shadow-none" :href="getAuthUrl('google', redirectTarget)">
+					<GoogleColorIcon />
+					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Google' }) }}</span>
+				</a>
+			</ButtonStyled>
+			<ButtonStyled>
+				<a class="!shadow-none" :href="getAuthUrl('microsoft', redirectTarget)">
+					<MicrosoftColorIcon />
+					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Microsoft' }) }}</span>
+				</a>
+			</ButtonStyled>
+			<ButtonStyled>
+				<a class="!shadow-none" :href="getAuthUrl('discord', redirectTarget)">
+					<DiscordColorIcon />
+					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Discord' }) }}</span>
+				</a>
+			</ButtonStyled>
+			<template v-if="showOtherOptions">
+				<ButtonStyled>
+					<a class="!shadow-none" :href="getAuthUrl('github', redirectTarget)">
+						<GitHubColorIcon />
+						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'GitHub' }) }}</span>
+					</a>
+				</ButtonStyled>
+				<ButtonStyled>
+					<a class="!shadow-none" :href="getAuthUrl('gitlab', redirectTarget)">
+						<GitLabColorIcon />
+						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'GitLab' }) }}</span>
+					</a>
+				</ButtonStyled>
+				<ButtonStyled>
+					<a class="!shadow-none" :href="getAuthUrl('steam', redirectTarget)">
+						<SteamColorIcon />
+						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Steam' }) }}</span>
+					</a>
+				</ButtonStyled>
+			</template>
+			<button
+				class="mx-auto -mb-3 bg-transparent pt-1 text-center text-base font-semibold text-secondary transition-all hover:text-primary"
+				@click="onToggleOtherOptions()"
+			>
+				{{
+					showOtherOptions
+						? formatMessage(messages.showFewerOptions)
+						: formatMessage(messages.showOtherOptions)
+				}}
+			</button>
+		</section>
+
+		<div class="h-px w-full bg-surface-5"></div>
+
+		<section class="flex flex-col gap-2.5">
+			<label for="email" hidden>{{ formatMessage(commonMessages.emailLabel) }}</label>
+			<StyledInput
+				id="email"
+				v-model="emailModel"
+				:icon="MailIcon"
+				type="email"
+				autocomplete="email"
+				:placeholder="formatMessage(commonMessages.emailLabel)"
+				wrapper-class="w-full"
+			/>
+
+			<label for="password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
+			<StyledInput
+				id="password"
+				v-model="passwordModel"
+				:icon="KeyIcon"
+				type="password"
+				autocomplete="new-password"
+				:placeholder="formatMessage(commonMessages.passwordLabel)"
+				wrapper-class="w-full"
+			/>
+
+			<Checkbox
+				v-model="subscribeModel"
+				class="subscribe-btn"
+				:label="formatMessage(messages.subscribeLabel)"
+				:description="formatMessage(messages.subscribeLabel)"
+			/>
+
+			<p v-if="!routeQuery.launcher">
+				<IntlFormatted :message-id="messages.legalDisclaimer">
+					<template #terms-link="{ children }">
+						<NuxtLink to="/legal/terms" class="text-link">
+							<component :is="() => children" />
+						</NuxtLink>
+					</template>
+					<template #privacy-policy-link="{ children }">
+						<NuxtLink to="/legal/privacy" class="text-link">
+							<component :is="() => children" />
+						</NuxtLink>
+					</template>
+				</IntlFormatted>
+			</p>
+
+			<HCaptcha
+				v-if="globals?.captcha_enabled && emailModel && passwordModel"
+				:ref="onSetCaptchaRef"
+				v-model="tokenModel"
+			/>
+
+			<ButtonStyled color="brand">
+				<button
+					class="!w-full"
+					:disabled="globals?.captcha_enabled ? !tokenModel : false"
+					@click="onCreateAccount()"
+				>
+					{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
+				</button>
+			</ButtonStyled>
+
+			<div class="auth-form__additional-options">
+				{{ formatMessage(messages.alreadyHaveAccountLabel) }}
+				<NuxtLink
+					class="text-link"
+					:to="{
+						path: '/auth/sign-in',
+						query: routeQuery,
+					}"
+				>
+					{{ formatMessage(commonMessages.signInButton) }}
+				</NuxtLink>
+			</div>
+		</section>
+	</div>
+</template>
+
+<script setup>
+import {
+	DiscordColorIcon,
+	GitHubColorIcon,
+	GitLabColorIcon,
+	GoogleColorIcon,
+	KeyIcon,
+	MailIcon,
+	MicrosoftColorIcon,
+	RightArrowIcon,
+	SteamColorIcon,
+} from '@modrinth/assets'
+import {
+	ButtonStyled,
+	Checkbox,
+	commonMessages,
+	defineMessages,
+	IntlFormatted,
+	StyledInput,
+	useVIntl,
+} from '@modrinth/ui'
+import { computed } from 'vue'
+
+import HCaptcha from '@/components/ui/auth/HCaptcha.vue'
+import { getAuthUrl } from '@/composables/auth.ts'
+
+const props = defineProps({
+	redirectTarget: {
+		type: String,
+		default: '',
+	},
+	showOtherOptions: {
+		type: Boolean,
+		default: false,
+	},
+	routeQuery: {
+		type: Object,
+		default: () => ({}),
+	},
+	globals: {
+		type: Object,
+		default: null,
+	},
+	email: {
+		type: String,
+		default: '',
+	},
+	password: {
+		type: String,
+		default: '',
+	},
+	token: {
+		type: String,
+		default: '',
+	},
+	subscribe: {
+		type: Boolean,
+		default: false,
+	},
+	onToggleOtherOptions: {
+		type: Function,
+		default: () => {},
+	},
+	onCreateAccount: {
+		type: Function,
+		default: () => {},
+	},
+	onSetCaptchaRef: {
+		type: Function,
+		default: undefined,
+	},
+})
+
+const emit = defineEmits(['update:email', 'update:password', 'update:token', 'update:subscribe'])
+
+const emailModel = computed({
+	get: () => props.email,
+	set: (value) => emit('update:email', value),
+})
+
+const passwordModel = computed({
+	get: () => props.password,
+	set: (value) => emit('update:password', value),
+})
+
+const tokenModel = computed({
+	get: () => props.token,
+	set: (value) => emit('update:token', value),
+})
+
+const subscribeModel = computed({
+	get: () => props.subscribe,
+	set: (value) => emit('update:subscribe', value),
+})
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	signUpWithTitle: {
+		id: 'auth.sign-up.title.sign-up-with',
+		defaultMessage: 'Create an Account',
+	},
+	continueWithProvider: {
+		id: 'auth.continue-with-provider',
+		defaultMessage: 'Continue with {provider}',
+	},
+	subscribeLabel: {
+		id: 'auth.sign-up.subscribe.label',
+		defaultMessage: 'Subscribe to updates about Modrinth',
+	},
+	legalDisclaimer: {
+		id: 'auth.sign-up.legal-dislaimer',
+		defaultMessage:
+			"By creating an account, you agree to Modrinth's <terms-link>Terms</terms-link> and <privacy-policy-link>Privacy Policy</privacy-policy-link>.",
+	},
+	alreadyHaveAccountLabel: {
+		id: 'auth.sign-up.sign-in-option.title',
+		defaultMessage: 'Already have an account?',
+	},
+	continueWithEmail: {
+		id: 'auth.sign-up.continue-with-email',
+		defaultMessage: 'Continue with Email',
+	},
+	showFewerOptions: {
+		id: 'auth.sign-up.show-fewer-options',
+		defaultMessage: 'Show fewer options',
+	},
+	showOtherOptions: {
+		id: 'auth.sign-up.show-other-options',
+		defaultMessage: 'Show other options',
+	},
+})
+</script>
diff --git a/apps/frontend/src/pages/auth/reset-password.vue b/apps/frontend/src/pages/auth/reset-password.vue
index 365a9063f5..594b08de89 100644
--- a/apps/frontend/src/pages/auth/reset-password.vue
+++ b/apps/frontend/src/pages/auth/reset-password.vue
@@ -76,7 +76,7 @@ import {
 } from '@modrinth/ui'
 import { useQuery } from '@tanstack/vue-query'
 
-import HCaptcha from '@/components/ui/HCaptcha.vue'
+import HCaptcha from '@/components/ui/auth/HCaptcha.vue'
 
 const client = injectModrinthClient()
 const { addNotification } = injectNotificationManager()
diff --git a/apps/frontend/src/pages/auth/sign-in.vue b/apps/frontend/src/pages/auth/sign-in.vue
index dbf4fb8878..7697c66ae8 100644
--- a/apps/frontend/src/pages/auth/sign-in.vue
+++ b/apps/frontend/src/pages/auth/sign-in.vue
@@ -1,177 +1,32 @@
 <template>
-	<div v-if="subtleLauncherRedirectUri">
-		<iframe
-			:src="subtleLauncherRedirectUri"
-			class="fixed left-0 top-0 z-[9999] m-0 h-full w-full border-0 p-0"
-		></iframe>
-	</div>
-	<div v-else c>
-		<template v-if="flow && !subtleLauncherRedirectUri">
-			<label for="two-factor-code">
-				<span class="label__title">{{ formatMessage(messages.twoFactorCodeLabel) }}</span>
-				<span class="label__description">
-					{{ formatMessage(messages.twoFactorCodeLabelDescription) }}
-				</span>
-			</label>
-			<StyledInput
-				id="two-factor-code"
-				v-model="twoFactorCode"
-				:maxlength="11"
-				inputmode="numeric"
-				:placeholder="formatMessage(messages.twoFactorCodeInputPlaceholder)"
-				autocomplete="one-time-code"
-				@keyup.enter="begin2FASignIn"
-			/>
-
-			<button class="btn btn-primary continue-btn" @click="begin2FASignIn">
-				{{ formatMessage(commonMessages.signInButton) }} <RightArrowIcon />
-			</button>
-		</template>
-		<template v-else>
-			<div class="flex flex-col gap-6">
-				<div class="text-center text-2xl font-semibold text-contrast">
-					{{ formatMessage(messages.signInWithLabel) }}
-				</div>
-
-				<section class="flex flex-col gap-2.5">
-					<ButtonStyled>
-						<a class="!shadow-none" :href="getAuthUrl('google', redirectTarget)">
-							<GoogleColorIcon />
-							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Google' }) }}</span>
-						</a>
-					</ButtonStyled>
-					<ButtonStyled>
-						<a class="!shadow-none" :href="getAuthUrl('microsoft', redirectTarget)">
-							<MicrosoftColorIcon />
-							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Microsoft' }) }}</span>
-						</a>
-					</ButtonStyled>
-					<ButtonStyled>
-						<a class="!shadow-none" :href="getAuthUrl('discord', redirectTarget)">
-							<DiscordColorIcon />
-							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Discord' }) }}</span>
-						</a>
-					</ButtonStyled>
-					<ButtonStyled>
-						<a class="!shadow-none" :href="getAuthUrl('github', redirectTarget)">
-							<GitHubColorIcon />
-							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'GitHub' }) }}</span>
-						</a>
-					</ButtonStyled>
-					<ButtonStyled>
-						<a class="!shadow-none" :href="getAuthUrl('gitlab', redirectTarget)">
-							<GitLabColorIcon />
-							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'GitLab' }) }}</span>
-						</a>
-					</ButtonStyled>
-					<ButtonStyled>
-						<a class="!shadow-none" :href="getAuthUrl('steam', redirectTarget)">
-							<SteamColorIcon />
-							<span class="ml-1">{{ formatMessage(messages.continueWithProvider, { provider: 'Steam' }) }}</span>
-						</a>
-					</ButtonStyled>
-				</section>
-
-				<div class="h-px w-full bg-surface-5"></div>
-
-				<section class="auth-form">
-					<label for="email" hidden>{{ formatMessage(commonMessages.emailUsernameLabel) }}</label>
-					<StyledInput
-						id="email"
-						v-model="email"
-						:icon="MailIcon"
-						type="text"
-						inputmode="email"
-						autocomplete="username"
-						:placeholder="formatMessage(commonMessages.emailUsernameLabel)"
-						wrapper-class="w-full"
-					/>
-
-					<label for="password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
-					<StyledInput
-						id="password"
-						v-model="password"
-						:icon="KeyIcon"
-						type="password"
-						autocomplete="current-password"
-						:placeholder="formatMessage(commonMessages.passwordLabel)"
-						wrapper-class="w-full"
-					/>
-
-					<HCaptcha
-						v-if="globals?.captcha_enabled && email && password"
-						ref="captcha"
-						v-model="token"
-					/>
-
-					<ButtonStyled color="brand">
-						<button
-							class="!w-full"
-							:disabled="globals?.captcha_enabled ? !token : false"
-							@click="beginPasswordSignIn()"
-						>
-							{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
-						</button>
-					</ButtonStyled>
-
-					<div class="auth-form__additional-options !text-base">
-						<IntlFormatted :message-id="messages.additionalOptionsLabel">
-							<template #forgot-password-link="{ children }">
-								<NuxtLink
-									class="text-link"
-									:to="{
-										path: '/auth/reset-password',
-										query: route.query,
-									}"
-								>
-									<component :is="() => children" />
-								</NuxtLink>
-							</template>
-							<template #create-account-link="{ children }">
-								<NuxtLink
-									class="inline text-link"
-									:to="{
-										path: '/auth/sign-up',
-										query: route.query,
-									}"
-								>
-									<component :is="() => children" />
-								</NuxtLink>
-							</template>
-						</IntlFormatted>
-					</div>
-				</section>
-			</div>
-		</template>
-	</div>
+	<SignInView
+		v-model:email="email"
+		v-model:password="password"
+		v-model:token="token"
+		v-model:two-factor-code="twoFactorCode"
+		:subtle-launcher-redirect-uri="subtleLauncherRedirectUri"
+		:flow="flow"
+		:redirect-target="redirectTarget"
+		:route-query="route.query"
+		:globals="globals"
+		:on-password-sign-in="beginPasswordSignIn"
+		:on-two-factor-sign-in="begin2FASignIn"
+		:on-set-captcha-ref="setCaptchaRef"
+	/>
 </template>
 
 <script setup>
 import {
-	DiscordColorIcon,
-	GitHubColorIcon,
-	GitLabColorIcon,
-	GoogleColorIcon,
-	KeyIcon,
-	MailIcon,
-	MicrosoftColorIcon,
-	RightArrowIcon,
-	SteamColorIcon,
-} from '@modrinth/assets'
-import {
-	ButtonStyled,
 	commonMessages,
 	defineMessages,
 	injectModrinthClient,
 	injectNotificationManager,
-	IntlFormatted,
-	StyledInput,
 	useVIntl,
 } from '@modrinth/ui'
 import { useQuery, useQueryClient } from '@tanstack/vue-query'
 
-import HCaptcha from '@/components/ui/HCaptcha.vue'
-import { getAuthUrl, getLauncherRedirectUrl } from '@/composables/auth.js'
+import SignInView from '@/components/ui/auth/SignIn.vue'
+import { getLauncherRedirectUrl } from '@/composables/auth.ts'
 
 const client = injectModrinthClient()
 const queryClient = useQueryClient()
@@ -179,43 +34,10 @@ const { addNotification } = injectNotificationManager()
 const { formatMessage } = useVIntl()
 
 const messages = defineMessages({
-	additionalOptionsLabel: {
-		id: 'auth.sign-in.additional-options',
-		defaultMessage:
-			"<forgot-password-link>Forgot password</forgot-password-link> • Don't have an account? <create-account-link>Sign up</create-account-link>",
-	},
-	signInWithLabel: {
-		id: 'auth.sign-in.sign-in-with',
-		defaultMessage: 'Sign into Modrinth',
-	},
 	signInTitle: {
 		id: 'auth.sign-in.title',
 		defaultMessage: 'Sign In',
 	},
-	twoFactorCodeInputPlaceholder: {
-		id: 'auth.sign-in.2fa.placeholder',
-		defaultMessage: 'Enter code...',
-	},
-	twoFactorCodeLabel: {
-		id: 'auth.sign-in.2fa.label',
-		defaultMessage: 'Enter two-factor code',
-	},
-	twoFactorCodeLabelDescription: {
-		id: 'auth.sign-in.2fa.description',
-		defaultMessage: 'Please enter a two-factor code to proceed.',
-	},
-	usePasswordLabel: {
-		id: 'auth.sign-in.use-password',
-		defaultMessage: 'Or use a password',
-	},
-	continueWithProvider: {
-		id: 'auth.continue-with-provider',
-		defaultMessage: 'Continue with {provider}',
-	},
-	continueWithEmail: {
-		id: 'auth.sign-in.continue-with-email',
-		defaultMessage: 'Continue with Email',
-	},
 })
 
 useHead({
@@ -239,6 +61,9 @@ if (auth.value.user) {
 }
 
 const captcha = ref()
+const setCaptchaRef = (captchaRef) => {
+	captcha.value = captchaRef
+}
 
 const { data: globals } = useQuery({
 	queryKey: ['auth-globals'],
diff --git a/apps/frontend/src/pages/auth/sign-up.vue b/apps/frontend/src/pages/auth/sign-up.vue
index 8cff268728..5e18477b15 100644
--- a/apps/frontend/src/pages/auth/sign-up.vue
+++ b/apps/frontend/src/pages/auth/sign-up.vue
@@ -1,182 +1,30 @@
 <template>
-	<div class="flex flex-col gap-6">
-		<div class="text-center text-2xl font-semibold text-contrast">{{ formatMessage(messages.signUpWithTitle) }}</div>
-		<section class="flex flex-col gap-2.5">
-			<ButtonStyled>
-				<a class="!shadow-none" :href="getAuthUrl('google', redirectTarget)">
-					<GoogleColorIcon />
-					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Google' }) }}</span>
-				</a>
-			</ButtonStyled>
-			<ButtonStyled>
-				<a class="!shadow-none" :href="getAuthUrl('microsoft', redirectTarget)">
-					<MicrosoftColorIcon />
-					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Microsoft' }) }}</span>
-				</a>
-			</ButtonStyled>
-			<ButtonStyled>
-				<a class="!shadow-none" :href="getAuthUrl('discord', redirectTarget)">
-					<DiscordColorIcon />
-					<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Discord' }) }}</span>
-				</a>
-			</ButtonStyled>
-			<template v-if="showOtherOptions">
-				<ButtonStyled>
-					<a class="!shadow-none" :href="getAuthUrl('github', redirectTarget)">
-						<GitHubColorIcon />
-						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'GitHub' }) }}</span>
-					</a>
-				</ButtonStyled>
-				<ButtonStyled>
-					<a class="!shadow-none" :href="getAuthUrl('gitlab', redirectTarget)">
-						<GitLabColorIcon />
-						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'GitLab' }) }}</span>
-					</a>
-				</ButtonStyled>
-				<ButtonStyled>
-					<a class="!shadow-none" :href="getAuthUrl('steam', redirectTarget)">
-						<SteamColorIcon />
-						<span>{{ formatMessage(messages.continueWithProvider, { provider: 'Steam' }) }}</span>
-					</a>
-				</ButtonStyled>
-			</template>
-			<button
-				class="mx-auto -mb-3 bg-transparent pt-1 text-center text-base font-semibold text-secondary transition-all hover:text-primary"
-				@click="showOtherOptions = !showOtherOptions"
-			>
-				{{ showOtherOptions ? formatMessage(messages.showFewerOptions) : formatMessage(messages.showOtherOptions) }}
-			</button>
-		</section>
-
-		<div class="h-px w-full bg-surface-5"></div>
-
-		<section class="flex flex-col gap-2.5">
-			<label for="email" hidden>{{ formatMessage(commonMessages.emailLabel) }}</label>
-			<StyledInput
-				id="email"
-				v-model="email"
-				:icon="MailIcon"
-				type="email"
-				autocomplete="username"
-				:placeholder="formatMessage(commonMessages.emailLabel)"
-				wrapper-class="w-full"
-			/>
-
-			<label for="username" hidden>{{ formatMessage(commonMessages.usernameLabel) }}</label>
-			<StyledInput
-				id="username"
-				v-model="username"
-				:icon="UserIcon"
-				type="text"
-				autocomplete="username"
-				:placeholder="formatMessage(commonMessages.usernameLabel)"
-				wrapper-class="w-full"
-			/>
-
-			<label for="password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
-			<StyledInput
-				id="password"
-				v-model="password"
-				:icon="KeyIcon"
-				type="password"
-				autocomplete="new-password"
-				:placeholder="formatMessage(commonMessages.passwordLabel)"
-				wrapper-class="w-full"
-			/>
-
-			<label for="confirm-password" hidden>{{ formatMessage(commonMessages.passwordLabel) }}</label>
-			<StyledInput
-				id="confirm-password"
-				v-model="confirmPassword"
-				:icon="KeyIcon"
-				type="password"
-				autocomplete="new-password"
-				:placeholder="formatMessage(commonMessages.confirmPasswordLabel)"
-				wrapper-class="w-full"
-			/>
-
-			<Checkbox
-				v-model="subscribe"
-				class="subscribe-btn"
-				:label="formatMessage(messages.subscribeLabel)"
-				:description="formatMessage(messages.subscribeLabel)"
-			/>
-
-			<p v-if="!route.query.launcher">
-				<IntlFormatted :message-id="messages.legalDisclaimer">
-					<template #terms-link="{ children }">
-						<NuxtLink to="/legal/terms" class="text-link">
-							<component :is="() => children" />
-						</NuxtLink>
-					</template>
-					<template #privacy-policy-link="{ children }">
-						<NuxtLink to="/legal/privacy" class="text-link">
-							<component :is="() => children" />
-						</NuxtLink>
-					</template>
-				</IntlFormatted>
-			</p>
-
-			<HCaptcha
-				v-if="globals?.captcha_enabled && email && password && confirmPassword && username"
-				ref="captcha"
-				v-model="token"
-			/>
-
-			<ButtonStyled color="brand">
-				<button
-					class="!w-full"
-					:disabled="globals?.captcha_enabled ? !token : false"
-					@click="createAccount"
-				>
-					{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
-				</button>
-			</ButtonStyled>
-
-			<div class="auth-form__additional-options">
-				{{ formatMessage(messages.alreadyHaveAccountLabel) }}
-				<NuxtLink
-					class="text-link"
-					:to="{
-						path: '/auth/sign-in',
-						query: route.query,
-					}"
-				>
-					{{ formatMessage(commonMessages.signInButton) }}
-				</NuxtLink>
-			</div>
-		</section>
-	</div>
+	<SignUpView
+		v-model:email="email"
+		v-model:password="password"
+		v-model:token="token"
+		v-model:subscribe="subscribe"
+		:redirect-target="redirectTarget"
+		:show-other-options="showOtherOptions"
+		:route-query="route.query"
+		:globals="globals"
+		:on-toggle-other-options="toggleOtherOptions"
+		:on-create-account="createAccount"
+		:on-set-captcha-ref="setCaptchaRef"
+	/>
 </template>
 
 <script setup>
 import {
-	DiscordColorIcon,
-	GitHubColorIcon,
-	GitLabColorIcon,
-	GoogleColorIcon,
-	KeyIcon,
-	MailIcon,
-	MicrosoftColorIcon,
-	RightArrowIcon,
-	SteamColorIcon,
-	UserIcon,
-} from '@modrinth/assets'
-import {
-	ButtonStyled,
-	Checkbox,
 	commonMessages,
 	defineMessages,
 	injectModrinthClient,
 	injectNotificationManager,
-	IntlFormatted,
-	StyledInput,
 	useVIntl,
 } from '@modrinth/ui'
 import { useQuery } from '@tanstack/vue-query'
 
-import HCaptcha from '@/components/ui/HCaptcha.vue'
-import { getAuthUrl } from '@/composables/auth.js'
+import SignUpView from '@/components/ui/auth/SignUp.vue'
 
 const client = injectModrinthClient()
 const { addNotification } = injectNotificationManager()
@@ -187,43 +35,6 @@ const messages = defineMessages({
 		id: 'auth.sign-up.title',
 		defaultMessage: 'Sign Up',
 	},
-	signUpWithTitle: {
-		id: 'auth.sign-up.title.sign-up-with',
-		defaultMessage: 'Create an Account',
-	},
-	subscribeLabel: {
-		id: 'auth.sign-up.subscribe.label',
-		defaultMessage: 'Subscribe to updates about Modrinth',
-	},
-	legalDisclaimer: {
-		id: 'auth.sign-up.legal-dislaimer',
-		defaultMessage:
-			"By creating an account, you agree to Modrinth's <terms-link>Terms</terms-link> and <privacy-policy-link>Privacy Policy</privacy-policy-link>.",
-	},
-	createAccountButton: {
-		id: 'auth.sign-up.action.create-account',
-		defaultMessage: 'Create account',
-	},
-	alreadyHaveAccountLabel: {
-		id: 'auth.sign-up.sign-in-option.title',
-		defaultMessage: 'Already have an account?',
-	},
-	continueWithProvider: {
-		id: 'auth.continue-with-provider',
-		defaultMessage: 'Continue with {provider}',
-	},
-	continueWithEmail: {
-		id: 'auth.sign-up.continue-with-email',
-		defaultMessage: 'Continue with Email',
-	},
-	showFewerOptions: {
-		id: 'auth.sign-up.show-fewer-options',
-		defaultMessage: 'Show fewer options',
-	},
-	showOtherOptions: {
-		id: 'auth.sign-up.show-other-options',
-		defaultMessage: 'Show other options',
-	},
 })
 
 useHead({
@@ -241,6 +52,12 @@ if (auth.value.user) {
 }
 
 const captcha = ref()
+const setCaptchaRef = (captchaRef) => {
+	captcha.value = captchaRef
+}
+const toggleOtherOptions = () => {
+	showOtherOptions.value = !showOtherOptions.value
+}
 
 const { data: globals } = useQuery({
 	queryKey: ['auth-globals'],
@@ -255,29 +72,25 @@ const { data: globals } = useQuery({
 })
 
 const email = ref('')
-const username = ref('')
 const password = ref('')
-const confirmPassword = ref('')
 const token = ref('')
 const subscribe = ref(false)
 
+function generateUsernameFromEmail(emailAddress) {
+	const [localPart = '', domainPart = ''] = emailAddress.trim().toLowerCase().split('@')
+	const sanitized = `${localPart}_${domainPart}`
+		.replace(/[^a-zA-Z0-9_-]/g, '_')
+		.replace(/_+/g, '_')
+		.replace(/^_+|_+$/g, '')
+
+	return (sanitized || 'user').slice(0, 39)
+}
+
 async function createAccount() {
 	startLoading()
 	try {
-		if (confirmPassword.value !== password.value) {
-			addNotification({
-				title: formatMessage(commonMessages.errorNotificationTitle),
-				text: formatMessage({
-					id: 'auth.sign-up.notification.password-mismatch.text',
-					defaultMessage: 'Passwords do not match!',
-				}),
-				type: 'error',
-			})
-			captcha.value?.reset()
-		}
-
 		const res = await client.labrinth.auth_v2.createAccount({
-			username: username.value,
+			username: generateUsernameFromEmail(email.value),
 			password: password.value,
 			email: email.value,
 			challenge: token.value,

From c0fd7bebbdbf4a17f3eefa13ff76b08ce2901080 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Mon, 13 Apr 2026 13:58:54 -0600
Subject: [PATCH 04/11] fix: auth pages height

---
 apps/frontend/src/pages/auth.vue         |  5 ++--
 apps/frontend/src/pages/auth/sign-in.vue | 30 +++++++++++++-----------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/apps/frontend/src/pages/auth.vue b/apps/frontend/src/pages/auth.vue
index 20f3587ed4..900b9f411f 100644
--- a/apps/frontend/src/pages/auth.vue
+++ b/apps/frontend/src/pages/auth.vue
@@ -8,14 +8,15 @@ useSeoMeta({
 })
 </script>
 <template>
-	<NuxtPage class="auth-container universal-card border border-solid border-surface-5" />
+	<div class="grid min-h-[calc(100vh-4.5rem)] place-items-center pb-20">
+		<NuxtPage class="auth-container universal-card border border-solid border-surface-5" />
+	</div>
 </template>
 
 <style>
 .auth-container {
 	width: 28rem;
 	max-width: calc(100% - 2rem);
-	margin: 1rem auto;
 	display: flex;
 	flex-direction: column;
 	gap: 2rem;
diff --git a/apps/frontend/src/pages/auth/sign-in.vue b/apps/frontend/src/pages/auth/sign-in.vue
index 7697c66ae8..2a34b5d065 100644
--- a/apps/frontend/src/pages/auth/sign-in.vue
+++ b/apps/frontend/src/pages/auth/sign-in.vue
@@ -1,18 +1,20 @@
 <template>
-	<SignInView
-		v-model:email="email"
-		v-model:password="password"
-		v-model:token="token"
-		v-model:two-factor-code="twoFactorCode"
-		:subtle-launcher-redirect-uri="subtleLauncherRedirectUri"
-		:flow="flow"
-		:redirect-target="redirectTarget"
-		:route-query="route.query"
-		:globals="globals"
-		:on-password-sign-in="beginPasswordSignIn"
-		:on-two-factor-sign-in="begin2FASignIn"
-		:on-set-captcha-ref="setCaptchaRef"
-	/>
+	<div>
+		<SignInView
+			v-model:email="email"
+			v-model:password="password"
+			v-model:token="token"
+			v-model:two-factor-code="twoFactorCode"
+			:subtle-launcher-redirect-uri="subtleLauncherRedirectUri"
+			:flow="flow"
+			:redirect-target="redirectTarget"
+			:route-query="route.query"
+			:globals="globals"
+			:on-password-sign-in="beginPasswordSignIn"
+			:on-two-factor-sign-in="begin2FASignIn"
+			:on-set-captcha-ref="setCaptchaRef"
+		/>
+	</div>
 </template>
 
 <script setup>

From c1696e0d9af162ce7ce69d31bcd9dc6e3592ac05 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Mon, 13 Apr 2026 15:05:30 -0600
Subject: [PATCH 05/11] feat: initial implementation of new sign-in oauth

---
 .../src/components/ui/auth/CreateAccount.vue  |   6 +-
 apps/frontend/src/composables/auth.ts         |  12 +-
 apps/frontend/src/pages/auth/create/oauth.vue | 156 ++++++++++++++++++
 apps/frontend/src/pages/auth/sign-in.vue      |  32 ++--
 .../src/modules/labrinth/auth/v2.ts           |  17 ++
 .../api-client/src/modules/labrinth/types.ts  |  11 ++
 6 files changed, 205 insertions(+), 29 deletions(-)
 create mode 100644 apps/frontend/src/pages/auth/create/oauth.vue

diff --git a/apps/frontend/src/components/ui/auth/CreateAccount.vue b/apps/frontend/src/components/ui/auth/CreateAccount.vue
index e88eae980f..55b8ab1948 100644
--- a/apps/frontend/src/components/ui/auth/CreateAccount.vue
+++ b/apps/frontend/src/components/ui/auth/CreateAccount.vue
@@ -2,7 +2,7 @@
 	<div class="create-account-card">
 		<h1 class="create-account-title">{{ formatMessage(messages.title) }}</h1>
 
-		<section class="create-account-section">
+		<section v-if="requiresDob" class="create-account-section">
 			<label class="create-account-label" for="create-account-dob">
 				{{ formatMessage(messages.dateOfBirthLabel) }}
 			</label>
@@ -98,6 +98,10 @@ const props = defineProps({
 		type: Object,
 		default: null,
 	},
+	requiresDob: {
+		type: Boolean,
+		default: true,
+	},
 	sourceCodeUrl: {
 		type: String,
 		default: 'https://github.com/modrinth/labrinth/blob/main/apps/labrinth/src/routes/internal/flows.rs',
diff --git a/apps/frontend/src/composables/auth.ts b/apps/frontend/src/composables/auth.ts
index 4608995779..1b8588cdae 100644
--- a/apps/frontend/src/composables/auth.ts
+++ b/apps/frontend/src/composables/auth.ts
@@ -58,20 +58,10 @@ export const initAuth = async (oldToken: string | null | undefined = null) => {
 		authCookie.value = oldToken
 	}
 
-	if (authCode && !route.fullPath.includes('new_account=true')) {
+	if (authCode) {
 		authCookie.value = authCode
 	}
 
-	if (route.fullPath.includes('new_account=true') && route.path !== '/auth/welcome') {
-		const redirect = route.path.startsWith('/auth/') ? null : route.fullPath
-
-		await navigateTo(
-			`/auth/welcome?authToken=${authCode ?? ''}${
-				redirect ? `&redirect=${encodeURIComponent(redirect)}` : ''
-			}`,
-		)
-	}
-
 	if (authCookie.value) {
 		auth.token = authCookie.value
 
diff --git a/apps/frontend/src/pages/auth/create/oauth.vue b/apps/frontend/src/pages/auth/create/oauth.vue
new file mode 100644
index 0000000000..da0b1ef373
--- /dev/null
+++ b/apps/frontend/src/pages/auth/create/oauth.vue
@@ -0,0 +1,156 @@
+<template>
+	<div v-if="subtleLauncherRedirectUri">
+		<iframe
+			:src="subtleLauncherRedirectUri"
+			class="fixed left-0 top-0 z-[9999] m-0 h-full w-full border-0 p-0"
+		></iframe>
+	</div>
+	<CreateAccountView
+		v-else
+		v-model:date-of-birth="dateOfBirth"
+		v-model:username="username"
+		v-model:token="token"
+		v-model:subscribe="subscribe"
+		:globals="globals"
+		:requires-dob="requiresDob"
+		:on-complete-sign-up="completeOAuthSignUp"
+		:on-set-captcha-ref="setCaptchaRef"
+	/>
+</template>
+
+<script setup>
+import { commonMessages, defineMessages, injectModrinthClient, injectNotificationManager, useVIntl } from '@modrinth/ui'
+import { useQuery, useQueryClient } from '@tanstack/vue-query'
+
+import CreateAccountView from '@/components/ui/auth/CreateAccount.vue'
+import { getLauncherRedirectUrl } from '@/composables/auth.ts'
+
+const client = injectModrinthClient()
+const queryClient = useQueryClient()
+const { addNotification } = injectNotificationManager()
+const { formatMessage } = useVIntl()
+
+const route = useNativeRoute()
+const auth = await useAuth()
+
+const messages = defineMessages({
+	createAccountTitle: {
+		id: 'auth.create-account.page-title',
+		defaultMessage: 'Create Account',
+	},
+})
+
+useHead({
+	title() {
+		return `${formatMessage(messages.createAccountTitle)} - Modrinth`
+	},
+})
+
+const requiresDob = computed(() => {
+	const raw = route.query.requires_dob
+	const value = Array.isArray(raw) ? raw[0] : raw
+
+	if (!value) {
+		return false
+	}
+
+	return value === 'true' || value === '1'
+})
+
+const oauthFlowState = computed(() => {
+	const state = route.query.state
+	const value = Array.isArray(state) ? state[0] : state
+	return typeof value === 'string' ? value : ''
+})
+
+const defaultUsername = computed(() => {
+	const queryUsername = route.query.username
+	const value = Array.isArray(queryUsername) ? queryUsername[0] : queryUsername
+	return typeof value === 'string' && value.length > 0 ? value : 'user'
+})
+
+const dateOfBirth = ref('')
+const username = ref(defaultUsername.value)
+const token = ref('')
+const subscribe = ref(false)
+const subtleLauncherRedirectUri = ref()
+
+const captcha = ref()
+const setCaptchaRef = (captchaRef) => {
+	captcha.value = captchaRef
+}
+
+const { data: globals } = useQuery({
+	queryKey: ['auth-globals'],
+	queryFn: async () => {
+		try {
+			return await client.labrinth.globals_internal.get()
+		} catch (err) {
+			console.error('Error fetching globals:', err)
+			return { captcha_enabled: true, tax_compliance_thresholds: {} }
+		}
+	},
+})
+
+async function completeOAuthSignUp() {
+	startLoading()
+	try {
+		if (!oauthFlowState.value) {
+			throw new Error('Missing OAuth flow state')
+		}
+
+		const res = await client.labrinth.auth_v2.createOAuthAccount({
+			username: username.value.trim() || defaultUsername.value,
+			state: oauthFlowState.value,
+			challenge: token.value,
+			sign_up_newsletter: subscribe.value,
+		})
+
+		await finishSignIn(res.session)
+	} catch (err) {
+		addNotification({
+			title: formatMessage(commonMessages.errorNotificationTitle),
+			text: err.data ? err.data.description : err,
+			type: 'error',
+		})
+		captcha.value?.reset()
+	}
+	stopLoading()
+}
+
+async function finishSignIn(sessionToken) {
+	if (route.query.launcher) {
+		let token = sessionToken
+		if (!token) {
+			token = auth.value.token
+		}
+
+		const redirectUrl = `${getLauncherRedirectUrl(route)}/?code=${token}`
+
+		if (redirectUrl.startsWith('https://launcher-files.modrinth.com/')) {
+			await navigateTo(redirectUrl, {
+				external: true,
+			})
+		} else {
+			subtleLauncherRedirectUri.value = redirectUrl
+		}
+
+		return
+	}
+
+	if (sessionToken) {
+		await useAuth(sessionToken)
+		await useUser()
+		queryClient.clear()
+	}
+
+	if (route.query.redirect) {
+		const redirect = decodeURIComponent(route.query.redirect)
+		await navigateTo(redirect, {
+			replace: true,
+		})
+	} else {
+		await navigateTo('/dashboard')
+	}
+}
+</script>
diff --git a/apps/frontend/src/pages/auth/sign-in.vue b/apps/frontend/src/pages/auth/sign-in.vue
index 2a34b5d065..30ec6a0d13 100644
--- a/apps/frontend/src/pages/auth/sign-in.vue
+++ b/apps/frontend/src/pages/auth/sign-in.vue
@@ -1,20 +1,18 @@
 <template>
-	<div>
-		<SignInView
-			v-model:email="email"
-			v-model:password="password"
-			v-model:token="token"
-			v-model:two-factor-code="twoFactorCode"
-			:subtle-launcher-redirect-uri="subtleLauncherRedirectUri"
-			:flow="flow"
-			:redirect-target="redirectTarget"
-			:route-query="route.query"
-			:globals="globals"
-			:on-password-sign-in="beginPasswordSignIn"
-			:on-two-factor-sign-in="begin2FASignIn"
-			:on-set-captcha-ref="setCaptchaRef"
-		/>
-	</div>
+	<SignInView
+		v-model:email="email"
+		v-model:password="password"
+		v-model:token="token"
+		v-model:two-factor-code="twoFactorCode"
+		:subtle-launcher-redirect-uri="subtleLauncherRedirectUri"
+		:flow="flow"
+		:redirect-target="redirectTarget"
+		:route-query="route.query"
+		:globals="globals"
+		:on-password-sign-in="beginPasswordSignIn"
+		:on-two-factor-sign-in="begin2FASignIn"
+		:on-set-captcha-ref="setCaptchaRef"
+	/>
 </template>
 
 <script setup>
@@ -54,7 +52,7 @@ const route = useNativeRoute()
 const redirectTarget = route.query.redirect || ''
 const subtleLauncherRedirectUri = ref()
 
-if (route.query.code && !route.fullPath.includes('new_account=true')) {
+if (route.query.code) {
 	await finishSignIn()
 }
 
diff --git a/packages/api-client/src/modules/labrinth/auth/v2.ts b/packages/api-client/src/modules/labrinth/auth/v2.ts
index da5aa7b771..53c9b2669e 100644
--- a/packages/api-client/src/modules/labrinth/auth/v2.ts
+++ b/packages/api-client/src/modules/labrinth/auth/v2.ts
@@ -57,6 +57,23 @@ export class LabrinthAuthV2Module extends AbstractModule {
 		})
 	}
 
+	/**
+	 * Create a new account from an OAuth callback flow state
+	 *
+	 * @param data - OAuth account creation data
+	 * @returns Promise resolving to a session response
+	 */
+	public async createOAuthAccount(
+		data: Labrinth.Auth.v2.CreateOAuthAccountRequest,
+	): Promise<Labrinth.Auth.v2.CreateOAuthAccountResponse> {
+		return this.client.request<Labrinth.Auth.v2.CreateOAuthAccountResponse>(`/auth/create/oauth`, {
+			api: 'labrinth',
+			version: 2,
+			method: 'POST',
+			body: data,
+		})
+	}
+
 	/**
 	 * Begin a password reset flow by sending a recovery email
 	 *
diff --git a/packages/api-client/src/modules/labrinth/types.ts b/packages/api-client/src/modules/labrinth/types.ts
index 2426d700d9..1e03777162 100644
--- a/packages/api-client/src/modules/labrinth/types.ts
+++ b/packages/api-client/src/modules/labrinth/types.ts
@@ -278,6 +278,17 @@ export namespace Labrinth {
 				session: string
 			}
 
+			export type CreateOAuthAccountRequest = {
+				username: string
+				state: string
+				challenge: string
+				sign_up_newsletter: boolean
+			}
+
+			export type CreateOAuthAccountResponse = {
+				session: string
+			}
+
 			export type ResetPasswordRequest = {
 				username: string
 				challenge: string

From 71f7cf7f40081c2de2118ccfc0999368e8ee53d5 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Fri, 17 Apr 2026 09:25:47 -0600
Subject: [PATCH 06/11] fix create account flow

---
 .../src/components/ui/auth/CreateAccount.vue  | 217 +++++-------------
 apps/frontend/src/pages/auth/sign-in.vue      |  12 +
 packages/ui/src/components/base/Checkbox.vue  |   2 +-
 3 files changed, 73 insertions(+), 158 deletions(-)

diff --git a/apps/frontend/src/components/ui/auth/CreateAccount.vue b/apps/frontend/src/components/ui/auth/CreateAccount.vue
index 55b8ab1948..6c55bed3e2 100644
--- a/apps/frontend/src/components/ui/auth/CreateAccount.vue
+++ b/apps/frontend/src/components/ui/auth/CreateAccount.vue
@@ -1,39 +1,46 @@
 <template>
-	<div class="create-account-card">
-		<h1 class="create-account-title">{{ formatMessage(messages.title) }}</h1>
-
-		<section v-if="requiresDob" class="create-account-section">
-			<label class="create-account-label" for="create-account-dob">
+	<div
+		class="shadow-card mx-auto flex w-full max-w-[30rem] flex-col gap-6 rounded-2xl border border-button-bg bg-surface-3 p-6"
+	>
+		<h1
+			class="mx-auto my-0 flex w-full justify-center text-center text-2xl font-semibold text-contrast"
+		>
+			{{ formatMessage(messages.title) }}
+		</h1>
+
+		<section v-if="requiresDob" class="flex flex-col gap-2.5">
+			<label class="text-md font-semibold text-contrast" for="create-account-dob">
 				{{ formatMessage(messages.dateOfBirthLabel) }}
 			</label>
-			<div class="date-input-wrap">
-				<input
-					id="create-account-dob"
-					v-model="dateOfBirthModel"
-					class="date-input"
-					type="date"
-					:max="maxBirthDate"
-				/>
-				<CalendarIcon class="date-input-icon" />
-			</div>
-			<p class="helper-text">{{ formatMessage(messages.over13HelperText) }}</p>
-		</section>
-
-		<section class="info-panel">
-			<div class="info-panel-icon">
-				<InfoIcon />
-			</div>
-			<div class="info-panel-content">
-				<p>{{ formatMessage(messages.infoPanelText) }}</p>
-				<a class="text-link" :href="sourceCodeUrl" target="_blank" rel="noopener noreferrer">
-					{{ formatMessage(messages.relevantSourceCodeText) }}
-				</a>
-			</div>
+			<input
+				id="create-account-dob"
+				v-model="dateOfBirthModel"
+				class="scheme-dark w-full border-0 bg-surface-4 text-lg text-contrast outline-none [color-scheme:dark]"
+				type="date"
+				:max="maxBirthDate"
+			/>
+			<div>You must be over 13 years old to use Modrinth.</div>
+			<Admonition type="info">
+				<div class="flex flex-col gap-1.5 leading-normal">
+					<div>
+						{{ formatMessage(messages.infoPanelText) }}
+					</div>
+					<a
+						class="w-fit text-link"
+						:href="sourceCodeUrl"
+						target="_blank"
+						rel="noopener noreferrer"
+					>
+						{{ formatMessage(messages.relevantSourceCodeText) }}
+					</a>
+				</div>
+			</Admonition>
 		</section>
 
-		<section class="create-account-section">
-			<label class="create-account-label" for="create-account-username">
+		<section class="flex flex-col gap-2.5">
+			<label class="text-md font-semibold text-contrast" for="create-account-username">
 				{{ formatMessage(messages.usernameOptionalLabel) }}
+				<span class="font-normal text-primary">(optional)</span>
 			</label>
 			<StyledInput
 				id="create-account-username"
@@ -44,23 +51,21 @@
 			/>
 		</section>
 
-		<section class="create-account-section">
-			<label class="create-account-label">{{ formatMessage(messages.securityCheckLabel) }}</label>
-			<div class="captcha-wrap">
-				<HCaptcha v-if="globals?.captcha_enabled" :ref="onSetCaptchaRef" v-model="tokenModel" />
-			</div>
+		<section class="flex flex-col gap-2.5" v-if="globals?.captcha_enabled">
+			<label class="text-md font-semibold text-contrast">{{
+				formatMessage(messages.securityCheckLabel)
+			}}</label>
+			<HCaptcha v-if="globals?.captcha_enabled" :ref="onSetCaptchaRef" v-model="tokenModel" />
 		</section>
 
-		<Checkbox
-			v-model="subscribeModel"
-			class="subscribe-checkbox"
-			:label="formatMessage(messages.subscribeLabel)"
-			:description="formatMessage(messages.subscribeLabel)"
-		/>
+		<div class="flex gap-2.5 rounded-2xl border border-solid border-surface-5 p-3 leading-normal">
+			<Checkbox v-model="subscribeModel" class="text-left" />
+			<div>{{ formatMessage(messages.subscribeLabel) }}</div>
+		</div>
 
 		<ButtonStyled color="brand">
 			<button
-				class="!w-full complete-sign-up-btn"
+				class="!w-full font-bold"
 				:disabled="globals?.captcha_enabled ? !tokenModel : false"
 				@click="onCompleteSignUp()"
 			>
@@ -71,8 +76,14 @@
 </template>
 
 <script setup>
-import { CalendarIcon, InfoIcon } from '@modrinth/assets'
-import { ButtonStyled, Checkbox, defineMessages, StyledInput, useVIntl } from '@modrinth/ui'
+import {
+	Admonition,
+	ButtonStyled,
+	Checkbox,
+	defineMessages,
+	StyledInput,
+	useVIntl,
+} from '@modrinth/ui'
 import { computed } from 'vue'
 
 import HCaptcha from '@/components/ui/auth/HCaptcha.vue'
@@ -104,7 +115,8 @@ const props = defineProps({
 	},
 	sourceCodeUrl: {
 		type: String,
-		default: 'https://github.com/modrinth/labrinth/blob/main/apps/labrinth/src/routes/internal/flows.rs',
+		default:
+			'https://github.com/modrinth/labrinth/blob/main/apps/labrinth/src/routes/internal/flows.rs',
 	},
 	onCompleteSignUp: {
 		type: Function,
@@ -166,7 +178,8 @@ const messages = defineMessages({
 	},
 	infoPanelText: {
 		id: 'auth.create-account.info-panel.text',
-		defaultMessage: 'We do not store your date of birth, it is only used to confirm your age at sign up.',
+		defaultMessage:
+			'We do not store your date of birth, it is only used to confirm your age at sign up.',
 	},
 	relevantSourceCodeText: {
 		id: 'auth.create-account.info-panel.source-code-link',
@@ -174,7 +187,7 @@ const messages = defineMessages({
 	},
 	usernameOptionalLabel: {
 		id: 'auth.create-account.username.optional-label',
-		defaultMessage: 'Username (Optional)',
+		defaultMessage: 'Username',
 	},
 	usernamePlaceholder: {
 		id: 'auth.create-account.username.placeholder',
@@ -194,113 +207,3 @@ const messages = defineMessages({
 	},
 })
 </script>
-
-<style scoped lang="scss">
-.create-account-card {
-	background: var(--color-raised-bg);
-	border: 1px solid var(--color-button-bg);
-	border-radius: var(--size-rounded-xl);
-	box-shadow: var(--shadow-card);
-	display: flex;
-	flex-direction: column;
-	gap: var(--gap-md);
-	margin-inline: auto;
-	max-width: 30rem;
-	padding: var(--gap-xl);
-}
-
-.create-account-title {
-	font-size: var(--text-4xl);
-	font-weight: var(--weight-bold);
-	line-height: 1.2;
-	margin: 0;
-	text-align: center;
-}
-
-.create-account-section {
-	display: flex;
-	flex-direction: column;
-	gap: var(--gap-sm);
-}
-
-.create-account-label {
-	color: var(--color-contrast);
-	font-size: var(--text-xl);
-	font-weight: var(--weight-bold);
-}
-
-.date-input-wrap {
-	align-items: center;
-	background: var(--color-button-bg);
-	border-radius: var(--size-rounded-lg);
-	display: flex;
-	gap: var(--gap-sm);
-	padding: 0.875rem 1rem;
-}
-
-.date-input {
-	background: transparent;
-	border: 0;
-	color: var(--color-contrast);
-	font-size: var(--text-lg);
-	outline: none;
-	width: 100%;
-}
-
-.date-input-icon {
-	color: var(--color-secondary);
-	flex-shrink: 0;
-	height: 1.2rem;
-	width: 1.2rem;
-}
-
-.helper-text {
-	color: var(--color-secondary);
-	font-size: var(--text-lg);
-	margin: 0;
-}
-
-.info-panel {
-	background: color-mix(in oklab, var(--color-brand) 20%, var(--color-bg));
-	border: 1px solid color-mix(in oklab, var(--color-brand) 80%, transparent);
-	border-radius: var(--size-rounded-xl);
-	display: flex;
-	gap: var(--gap-sm);
-	padding: var(--gap-md);
-}
-
-.info-panel-icon {
-	color: var(--color-brand);
-	display: flex;
-	flex-shrink: 0;
-}
-
-.info-panel-content {
-	display: flex;
-	flex-direction: column;
-	gap: var(--gap-xs);
-
-	p {
-		color: var(--color-contrast);
-		font-size: var(--text-lg);
-		margin: 0;
-	}
-}
-
-.captcha-wrap {
-	background: var(--color-button-bg);
-	border-radius: var(--size-rounded-lg);
-	min-height: 4.25rem;
-	padding: var(--gap-md);
-}
-
-.subscribe-checkbox {
-	border: 1px solid var(--color-button-bg);
-	border-radius: var(--size-rounded-xl);
-	padding: 0.75rem 1rem;
-}
-
-.complete-sign-up-btn {
-	font-weight: var(--weight-bold);
-}
-</style>
diff --git a/apps/frontend/src/pages/auth/sign-in.vue b/apps/frontend/src/pages/auth/sign-in.vue
index 30ec6a0d13..da602e810b 100644
--- a/apps/frontend/src/pages/auth/sign-in.vue
+++ b/apps/frontend/src/pages/auth/sign-in.vue
@@ -49,6 +49,18 @@ useHead({
 const auth = await useAuth()
 const route = useNativeRoute()
 
+if (route.query.state !== undefined) {
+	await navigateTo(
+		{
+			path: '/auth/create/oauth',
+			query: route.query,
+		},
+		{
+			replace: true,
+		},
+	)
+}
+
 const redirectTarget = route.query.redirect || ''
 const subtleLauncherRedirectUri = ref()
 
diff --git a/packages/ui/src/components/base/Checkbox.vue b/packages/ui/src/components/base/Checkbox.vue
index 02a935e3ab..5837be1a7a 100644
--- a/packages/ui/src/components/base/Checkbox.vue
+++ b/packages/ui/src/components/base/Checkbox.vue
@@ -13,7 +13,7 @@
 		@click="toggle"
 	>
 		<span
-			class="w-5 h-5 rounded-md flex items-center justify-center border-[1px] border-solid"
+			class="w-5 h-5 aspect-square rounded-md flex items-center justify-center border-[1px] border-solid"
 			:class="
 				(modelValue
 					? 'bg-brand border-button-border text-brand-inverted'

From 695817d61ddac41404a083f1d67d31918bcf75e6 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Fri, 17 Apr 2026 09:30:27 -0600
Subject: [PATCH 07/11] fix checkbox

---
 apps/frontend/src/components/ui/auth/CreateAccount.vue | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/apps/frontend/src/components/ui/auth/CreateAccount.vue b/apps/frontend/src/components/ui/auth/CreateAccount.vue
index 6c55bed3e2..288d1ab5c0 100644
--- a/apps/frontend/src/components/ui/auth/CreateAccount.vue
+++ b/apps/frontend/src/components/ui/auth/CreateAccount.vue
@@ -58,9 +58,13 @@
 			<HCaptcha v-if="globals?.captcha_enabled" :ref="onSetCaptchaRef" v-model="tokenModel" />
 		</section>
 
-		<div class="flex gap-2.5 rounded-2xl border border-solid border-surface-5 p-3 leading-normal">
-			<Checkbox v-model="subscribeModel" class="text-left" />
-			<div>{{ formatMessage(messages.subscribeLabel) }}</div>
+		<div class="flex gap-2.5 rounded-2xl border border-solid border-surface-5 p-3">
+			<Checkbox
+				v-model="subscribeModel"
+				class="text-left leading-snug text-primary transition-all hover:brightness-100"
+				:label="formatMessage(messages.subscribeLabel)"
+				:description="formatMessage(messages.subscribeLabel)"
+			/>
 		</div>
 
 		<ButtonStyled color="brand">

From ddceea90461511e33e11d416727d6ee6639c4a46 Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Fri, 17 Apr 2026 09:41:53 -0600
Subject: [PATCH 08/11] remove hard coded username

---
 apps/frontend/src/pages/auth/create/oauth.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/frontend/src/pages/auth/create/oauth.vue b/apps/frontend/src/pages/auth/create/oauth.vue
index da0b1ef373..0053ece482 100644
--- a/apps/frontend/src/pages/auth/create/oauth.vue
+++ b/apps/frontend/src/pages/auth/create/oauth.vue
@@ -66,7 +66,7 @@ const oauthFlowState = computed(() => {
 const defaultUsername = computed(() => {
 	const queryUsername = route.query.username
 	const value = Array.isArray(queryUsername) ? queryUsername[0] : queryUsername
-	return typeof value === 'string' && value.length > 0 ? value : 'user'
+	return typeof value === 'string' && value.length > 0 ? value : ''
 })
 
 const dateOfBirth = ref('')

From a5ccfab01f7ac9375930230fb2584ce43d78221d Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Fri, 17 Apr 2026 16:52:02 -0600
Subject: [PATCH 09/11] implement create user validation endpoint and add more
 specific error responses

---
 apps/labrinth/src/auth/mod.rs              |  20 +-
 apps/labrinth/src/routes/internal/flows.rs | 360 ++++++++++++++-------
 2 files changed, 262 insertions(+), 118 deletions(-)

diff --git a/apps/labrinth/src/auth/mod.rs b/apps/labrinth/src/auth/mod.rs
index d996afb1d5..24c31d03ed 100644
--- a/apps/labrinth/src/auth/mod.rs
+++ b/apps/labrinth/src/auth/mod.rs
@@ -43,7 +43,13 @@ pub enum AuthenticationError {
     #[error(
         "User email is already registered on Modrinth. Try 'Forgot password' to access your account."
     )]
-    DuplicateUser,
+    DuplicateEmail,
+    #[error("Username is already taken on Modrinth.")]
+    UsernameTaken,
+    #[error(
+        "This authentication provider is already linked to another Modrinth account."
+    )]
+    ProviderAlreadyLinked,
     #[error("Invalid state sent, you probably need to get a new websocket")]
     SocketError,
     #[error("Invalid callback URL specified")]
@@ -73,7 +79,11 @@ impl actix_web::ResponseError for AuthenticationError {
             AuthenticationError::FileHosting(..) => {
                 StatusCode::INTERNAL_SERVER_ERROR
             }
-            AuthenticationError::DuplicateUser => StatusCode::BAD_REQUEST,
+            AuthenticationError::DuplicateEmail => StatusCode::BAD_REQUEST,
+            AuthenticationError::UsernameTaken => StatusCode::BAD_REQUEST,
+            AuthenticationError::ProviderAlreadyLinked => {
+                StatusCode::BAD_REQUEST
+            }
             AuthenticationError::SocketError => StatusCode::BAD_REQUEST,
         }
     }
@@ -102,7 +112,11 @@ impl AuthenticationError {
             AuthenticationError::InvalidClientId => "invalid_client_id",
             AuthenticationError::Url => "url_error",
             AuthenticationError::FileHosting(..) => "file_hosting",
-            AuthenticationError::DuplicateUser => "duplicate_user",
+            AuthenticationError::DuplicateEmail => "duplicate_email",
+            AuthenticationError::UsernameTaken => "username_taken",
+            AuthenticationError::ProviderAlreadyLinked => {
+                "provider_already_linked"
+            }
             AuthenticationError::SocketError => "socket",
         }
     }
diff --git a/apps/labrinth/src/routes/internal/flows.rs b/apps/labrinth/src/routes/internal/flows.rs
index e531e824eb..a933bc55eb 100644
--- a/apps/labrinth/src/routes/internal/flows.rs
+++ b/apps/labrinth/src/routes/internal/flows.rs
@@ -10,6 +10,7 @@ use crate::database::models::{DBUser, DBUserId};
 use crate::database::redis::RedisPool;
 use crate::env::ENV;
 use crate::file_hosting::{FileHost, FileHostPublicity};
+use crate::models::error::ApiError as ApiErrorResponse;
 use crate::models::notifications::NotificationBody;
 use crate::models::pats::Scopes;
 use crate::models::users::{Badges, Role};
@@ -23,6 +24,7 @@ use crate::util::ext::get_image_ext;
 use crate::util::img::upload_image_optimized;
 use crate::util::validate::validation_errors_to_string;
 use actix_http::header::LOCATION;
+use actix_web::http::StatusCode;
 use actix_web::web::{Data, Query, ServiceConfig, scope};
 use actix_web::{HttpRequest, HttpResponse, delete, get, patch, post, web};
 use argon2::password_hash::SaltString;
@@ -40,6 +42,7 @@ use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::str::FromStr;
 use std::sync::Arc;
+use thiserror::Error;
 use tracing::{error, info};
 use url::Url;
 use validator::Validate;
@@ -52,6 +55,7 @@ pub fn config(cfg: &mut ServiceConfig) {
             .service(auth_callback)
             .service(delete_auth_provider)
             .service(create_oauth_account)
+            .service(validate_create_account_with_password)
             .service(create_account_with_password)
             .service(login_password)
             .service(login_2fa)
@@ -96,7 +100,7 @@ impl TempUser {
                 .await?
                 .is_some()
         {
-            return Err(AuthenticationError::DuplicateUser);
+            return Err(AuthenticationError::DuplicateEmail);
         }
 
         let user_id =
@@ -107,7 +111,7 @@ impl TempUser {
             .wrap_err("failed to fetch existing user by id")?;
 
         if existing_id.is_some() {
-            return Err(AuthenticationError::DuplicateUser);
+            return Err(AuthenticationError::UsernameTaken);
         }
 
         let (avatar_url, raw_avatar_url) = if let Some(avatar_url) =
@@ -1266,7 +1270,7 @@ pub async fn auth_callback(
 
         if let Some(id) = user_id {
             if user_id_opt.is_some() {
-                return Err(AuthenticationError::DuplicateUser);
+                return Err(AuthenticationError::ProviderAlreadyLinked);
             }
 
             provider
@@ -1339,6 +1343,7 @@ pub async fn auth_callback(
             // for this, we redirect them to a frontend page which lets them set a username.
             // then frontend will call `/create/oauth` with the same state parameter and
             // chosen settings (username, subscribe to newsletter), and handle navigation.
+            let suggested_username = oauth_user.username.clone();
 
             flow_guard
                 .replace_with(DBFlow::OAuthPending {
@@ -1356,7 +1361,8 @@ pub async fn auth_callback(
                 .append_pair(
                     "requires_dob",
                     &requires_dob(provider).to_string(),
-                );
+                )
+                .append_pair("username", &suggested_username);
 
             let redirect_url = redirect_url.to_string();
             Ok(HttpResponse::TemporaryRedirect()
@@ -1394,6 +1400,10 @@ async fn create_oauth_account(
     redis: Data<RedisPool>,
     web::Json(new_account): web::Json<NewOAuthAccount>,
 ) -> Result<HttpResponse, ApiError> {
+    new_account.validate().map_err(|err| {
+        ApiError::InvalidInput(validation_errors_to_string(err, None))
+    })?;
+
     if !check_hcaptcha(&req, &new_account.challenge).await? {
         return Err(ApiError::Turnstile);
     }
@@ -1525,144 +1535,264 @@ pub async fn check_sendy_subscription(
     Ok(response.trim() == "Subscribed")
 }
 
-#[derive(Deserialize, Validate)]
+#[derive(Deserialize)]
 pub struct NewAccount {
     // keep in sync with NewOAuthAccount
-    #[validate(length(min = 1, max = 39), regex(path = *crate::util::validate::RE_URL_SAFE))]
     pub username: String,
-    #[validate(length(min = 8, max = 256))]
     pub password: String,
-    #[validate(email)]
     pub email: String,
-    pub challenge: String,
+    pub challenge: Option<String>,
     pub sign_up_newsletter: Option<bool>,
 }
 
-#[post("create")]
-pub async fn create_account_with_password(
-    req: HttpRequest,
-    pool: Data<PgPool>,
-    redis: Data<RedisPool>,
-    new_account: web::Json<NewAccount>,
-    email: web::Data<EmailQueue>,
-) -> Result<HttpResponse, ApiError> {
-    new_account.0.validate().map_err(|err| {
-        ApiError::InvalidInput(validation_errors_to_string(err, None))
-    })?;
+#[derive(Debug, Validate)]
+struct AccountRegisterFlow {
+    #[validate(length(min = 1, max = 39), regex(path = *crate::util::validate::RE_URL_SAFE))]
+    username: String,
+    #[validate(length(min = 8, max = 256))]
+    password: String,
+    #[validate(email)]
+    email: String,
+    sign_up_newsletter: bool,
+}
 
-    if !check_hcaptcha(&req, &new_account.challenge).await? {
-        return Err(ApiError::Turnstile);
-    }
+#[derive(Debug)]
+struct ReadyAccountRegisterFlow {
+    inner: AccountRegisterFlow,
+}
 
-    if crate::database::models::DBUser::get(
-        &new_account.username,
-        &**pool,
-        &redis,
-    )
-    .await?
-    .is_some()
-    {
-        return Err(ApiError::InvalidInput("Username is taken!".to_string()));
+#[derive(Debug, Error)]
+enum AccountRegisterValidateError {
+    #[error("Username is already taken on Modrinth.")]
+    UsernameTaken,
+    #[error(
+        "Email is already registered on Modrinth. Try 'Forgot password' to access your account."
+    )]
+    DuplicateEmail,
+    #[error("{}", match .0 {
+        Some(feedback) => format!("Password too weak: {feedback}"),
+        None => "Specified password is too weak! Please improve its strength.".to_string(),
+    })]
+    WeakPassword(Option<String>),
+    #[error("{0}")]
+    InvalidInput(String),
+}
+
+impl AccountRegisterValidateError {
+    fn error_code(&self) -> &'static str {
+        match self {
+            AccountRegisterValidateError::UsernameTaken => "username_taken",
+            AccountRegisterValidateError::DuplicateEmail => "duplicate_email",
+            AccountRegisterValidateError::WeakPassword(_) => "weak_password",
+            AccountRegisterValidateError::InvalidInput(_) => "invalid_input",
+        }
     }
+}
 
-    let mut transaction = pool.begin().await?;
-    let user_id =
-        crate::database::models::generate_user_id(&mut transaction).await?;
+impl actix_web::ResponseError for AccountRegisterValidateError {
+    fn status_code(&self) -> StatusCode {
+        StatusCode::BAD_REQUEST
+    }
 
-    let new_account = new_account.0;
+    fn error_response(&self) -> HttpResponse {
+        HttpResponse::build(self.status_code()).json(ApiErrorResponse {
+            error: self.error_code(),
+            description: self.to_string(),
+            details: None,
+        })
+    }
+}
 
-    let score = zxcvbn::zxcvbn(
-        &new_account.password,
-        &[&new_account.username, &new_account.email],
-    );
+impl From<AccountRegisterValidateError> for ApiError {
+    fn from(value: AccountRegisterValidateError) -> Self {
+        match &value {
+            AccountRegisterValidateError::UsernameTaken => {
+                ApiError::Authentication(AuthenticationError::UsernameTaken)
+            }
+            AccountRegisterValidateError::DuplicateEmail => {
+                ApiError::Authentication(AuthenticationError::DuplicateEmail)
+            }
+            _ => ApiError::InvalidInput(value.to_string()),
+        }
+    }
+}
 
-    if score.score() < Score::Three {
-        return Err(ApiError::InvalidInput(
-            if let Some(feedback) = score.feedback().and_then(|x| x.warning()) {
-                format!("Password too weak: {feedback}")
-            } else {
-                "Specified password is too weak! Please improve its strength."
-                    .to_string()
-            },
-        ));
+impl From<NewAccount> for AccountRegisterFlow {
+    fn from(account: NewAccount) -> Self {
+        Self {
+            username: account.username,
+            password: account.password,
+            email: account.email,
+            sign_up_newsletter: account.sign_up_newsletter.unwrap_or(false),
+        }
     }
+}
 
-    let hasher = Argon2::default();
-    let salt = SaltString::generate(&mut ChaCha20Rng::from_entropy());
-    let password_hash = hasher
-        .hash_password(new_account.password.as_bytes(), &salt)?
-        .to_string();
+impl AccountRegisterFlow {
+    async fn validate(
+        self,
+        pool: &PgPool,
+        redis: &RedisPool,
+    ) -> Result<ReadyAccountRegisterFlow, AccountRegisterValidateError> {
+        validator::Validate::validate(&self).map_err(|err| {
+            AccountRegisterValidateError::InvalidInput(
+                validation_errors_to_string(err, None),
+            )
+        })?;
 
-    if !crate::database::models::DBUser::get_by_case_insensitive_email(
-        &new_account.email,
-        &**pool,
-    )
-    .await?
-    .is_empty()
-    {
-        return Err(ApiError::InvalidInput(
-            "Email is already registered on Modrinth! Try 'Forgot password' to access your account.".to_string(),
-        ));
-    }
+        if crate::database::models::DBUser::get(&self.username, pool, redis)
+            .await
+            .map_err(|err| {
+                AccountRegisterValidateError::InvalidInput(err.to_string())
+            })?
+            .is_some()
+        {
+            return Err(AccountRegisterValidateError::UsernameTaken);
+        }
 
-    crate::database::models::DBUser {
-        id: user_id,
-        github_id: None,
-        discord_id: None,
-        gitlab_id: None,
-        google_id: None,
-        steam_id: None,
-        microsoft_id: None,
-        password: Some(password_hash),
-        paypal_id: None,
-        paypal_country: None,
-        paypal_email: None,
-        venmo_handle: None,
-        stripe_customer_id: None,
-        totp_secret: None,
-        username: new_account.username.clone(),
-        email: Some(new_account.email.clone()),
-        email_verified: false,
-        avatar_url: None,
-        raw_avatar_url: None,
-        bio: None,
-        created: Utc::now(),
-        role: Role::Developer.to_string(),
-        badges: Badges::default(),
-        allow_friend_requests: true,
-        is_subscribed_to_newsletter: new_account
-            .sign_up_newsletter
-            .unwrap_or(false),
-    }
-    .insert(&mut transaction)
-    .await?;
+        let score =
+            zxcvbn::zxcvbn(&self.password, &[&self.username, &self.email]);
 
-    let session =
-        issue_session(req, user_id, &mut transaction, &redis, None).await?;
-    let res = crate::models::sessions::Session::from(session, true, None);
+        if score.score() < Score::Three {
+            let feedback = score
+                .feedback()
+                .and_then(|x| x.warning())
+                .map(|w| w.to_string());
+            return Err(AccountRegisterValidateError::WeakPassword(feedback));
+        }
 
-    let mailbox: Mailbox = new_account.email.parse().map_err(|_| {
-        ApiError::InvalidInput("Invalid email address!".to_string())
-    })?;
+        if !crate::database::models::DBUser::get_by_case_insensitive_email(
+            &self.email,
+            pool,
+        )
+        .await
+        .map_err(|err| {
+            AccountRegisterValidateError::InvalidInput(err.to_string())
+        })?
+        .is_empty()
+        {
+            return Err(AccountRegisterValidateError::DuplicateEmail);
+        }
 
-    let flow = DBFlow::ConfirmEmail {
-        user_id,
-        confirm_email: new_account.email.clone(),
+        Ok(ReadyAccountRegisterFlow { inner: self })
     }
-    .insert(Duration::hours(24), &redis)
-    .await?;
+}
 
-    email
-        .send_one(
-            &mut transaction,
-            NotificationBody::VerifyEmail { flow },
+impl ReadyAccountRegisterFlow {
+    async fn execute(
+        self,
+        req: HttpRequest,
+        pool: &PgPool,
+        redis: &RedisPool,
+        email_queue: &EmailQueue,
+    ) -> Result<crate::models::sessions::Session, ApiError> {
+        let register_flow = self.inner;
+
+        let mut transaction = pool.begin().await?;
+        let user_id =
+            crate::database::models::generate_user_id(&mut transaction).await?;
+
+        let hasher = Argon2::default();
+        let salt = SaltString::generate(&mut ChaCha20Rng::from_entropy());
+        let password_hash = hasher
+            .hash_password(register_flow.password.as_bytes(), &salt)?
+            .to_string();
+
+        crate::database::models::DBUser {
+            id: user_id,
+            github_id: None,
+            discord_id: None,
+            gitlab_id: None,
+            google_id: None,
+            steam_id: None,
+            microsoft_id: None,
+            password: Some(password_hash),
+            paypal_id: None,
+            paypal_country: None,
+            paypal_email: None,
+            venmo_handle: None,
+            stripe_customer_id: None,
+            totp_secret: None,
+            username: register_flow.username.clone(),
+            email: Some(register_flow.email.clone()),
+            email_verified: false,
+            avatar_url: None,
+            raw_avatar_url: None,
+            bio: None,
+            created: Utc::now(),
+            role: Role::Developer.to_string(),
+            badges: Badges::default(),
+            allow_friend_requests: true,
+            is_subscribed_to_newsletter: register_flow.sign_up_newsletter,
+        }
+        .insert(&mut transaction)
+        .await?;
+
+        let session =
+            issue_session(req, user_id, &mut transaction, redis, None).await?;
+        let res = crate::models::sessions::Session::from(session, true, None);
+
+        let mailbox: Mailbox = register_flow.email.parse().map_err(|_| {
+            ApiError::InvalidInput("Invalid email address!".to_string())
+        })?;
+
+        let flow = DBFlow::ConfirmEmail {
             user_id,
-            mailbox,
-        )
+            confirm_email: register_flow.email.clone(),
+        }
+        .insert(Duration::hours(24), redis)
+        .await?;
+
+        email_queue
+            .send_one(
+                &mut transaction,
+                NotificationBody::VerifyEmail { flow },
+                user_id,
+                mailbox,
+            )
+            .await?
+            .as_user_error()?;
+
+        transaction.commit().await?;
+
+        Ok(res)
+    }
+}
+
+#[post("create/validate")]
+pub async fn validate_create_account_with_password(
+    pool: Data<PgPool>,
+    redis: Data<RedisPool>,
+    new_account: web::Json<NewAccount>,
+) -> Result<(), AccountRegisterValidateError> {
+    AccountRegisterFlow::from(new_account.into_inner())
+        .validate(&pool, &redis)
+        .await?;
+
+    Ok(())
+}
+
+#[post("create")]
+pub async fn create_account_with_password(
+    req: HttpRequest,
+    pool: Data<PgPool>,
+    redis: Data<RedisPool>,
+    new_account: web::Json<NewAccount>,
+    email: web::Data<EmailQueue>,
+) -> Result<HttpResponse, ApiError> {
+    let new_account = new_account.into_inner();
+
+    if !check_hcaptcha(&req, new_account.challenge.as_deref().unwrap_or(""))
         .await?
-        .as_user_error()?;
+    {
+        return Err(ApiError::Turnstile);
+    }
 
-    transaction.commit().await?;
+    let ready_flow = AccountRegisterFlow::from(new_account)
+        .validate(&pool, &redis)
+        .await?;
+
+    let res = ready_flow.execute(req, &pool, &redis, &email).await?;
 
     Ok(HttpResponse::Ok().json(res))
 }

From 2d8c66186c0c37228f11fbdf878961d2d9c1bdef Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Fri, 17 Apr 2026 16:54:44 -0600
Subject: [PATCH 10/11] feat: implement under 13 DOB guard and email/password
 validation route

---
 .../src/components/ui/auth/CreateAccount.vue  | 87 +++++++++++++++----
 .../src/components/ui/auth/SignUp.vue         | 53 +----------
 apps/frontend/src/pages/auth/sign-up.vue      | 57 ++++++++++--
 .../src/modules/labrinth/auth/v2.ts           | 16 ++++
 .../api-client/src/modules/labrinth/types.ts  |  6 ++
 5 files changed, 146 insertions(+), 73 deletions(-)

diff --git a/apps/frontend/src/components/ui/auth/CreateAccount.vue b/apps/frontend/src/components/ui/auth/CreateAccount.vue
index 288d1ab5c0..67e318f49e 100644
--- a/apps/frontend/src/components/ui/auth/CreateAccount.vue
+++ b/apps/frontend/src/components/ui/auth/CreateAccount.vue
@@ -15,25 +15,29 @@
 			<input
 				id="create-account-dob"
 				v-model="dateOfBirthModel"
-				class="scheme-dark w-full border-0 bg-surface-4 text-lg text-contrast outline-none [color-scheme:dark]"
+				class="scheme-dark w-full border-0 bg-surface-4 text-lg text-primary outline-none [color-scheme:dark]"
 				type="date"
 				:max="maxBirthDate"
 			/>
-			<div>You must be over 13 years old to use Modrinth.</div>
-			<Admonition type="info">
-				<div class="flex flex-col gap-1.5 leading-normal">
-					<div>
-						{{ formatMessage(messages.infoPanelText) }}
+			<div>
+				{{ formatMessage(messages.over13HelperText) }}
+			</div>
+			<Admonition :type="'info'">
+				<template #header>
+					<div class="-mb-2 flex flex-col gap-1.5 font-normal leading-normal">
+						<div>
+							{{ formatMessage(messages.infoPanelText) }}
+						</div>
+						<a
+							class="w-fit text-link underline"
+							:href="sourceCodeUrl"
+							target="_blank"
+							rel="noopener noreferrer"
+						>
+							{{ formatMessage(messages.relevantSourceCodeText) }}
+						</a>
 					</div>
-					<a
-						class="w-fit text-link"
-						:href="sourceCodeUrl"
-						target="_blank"
-						rel="noopener noreferrer"
-					>
-						{{ formatMessage(messages.relevantSourceCodeText) }}
-					</a>
-				</div>
+				</template>
 			</Admonition>
 		</section>
 
@@ -71,7 +75,7 @@
 			<button
 				class="!w-full font-bold"
 				:disabled="globals?.captcha_enabled ? !tokenModel : false"
-				@click="onCompleteSignUp()"
+				@click="onCompleteSignUpClick"
 			>
 				{{ formatMessage(messages.completeSignUpButton) }}
 			</button>
@@ -85,6 +89,7 @@ import {
 	ButtonStyled,
 	Checkbox,
 	defineMessages,
+	injectNotificationManager,
 	StyledInput,
 	useVIntl,
 } from '@modrinth/ui'
@@ -120,7 +125,7 @@ const props = defineProps({
 	sourceCodeUrl: {
 		type: String,
 		default:
-			'https://github.com/modrinth/labrinth/blob/main/apps/labrinth/src/routes/internal/flows.rs',
+			'https://github.com/modrinth/code/blob/main/apps/frontend/src/components/ui/auth/CreateAccount.vue',
 	},
 	onCompleteSignUp: {
 		type: Function,
@@ -165,8 +170,40 @@ const maxBirthDate = computed(() => {
 	return date.toISOString().slice(0, 10)
 })
 
+const isDateOfBirthMissing = computed(() => props.requiresDob && dateOfBirthModel.value === '')
+
+const isUnder13 = computed(
+	() =>
+		props.requiresDob &&
+		dateOfBirthModel.value !== '' &&
+		dateOfBirthModel.value > maxBirthDate.value,
+)
+
+const { addNotification } = injectNotificationManager()
 const { formatMessage } = useVIntl()
 
+function onCompleteSignUpClick() {
+	if (isDateOfBirthMissing.value) {
+		addNotification({
+			title: formatMessage(messages.dateOfBirthRequiredTitle),
+			text: formatMessage(messages.dateOfBirthRequiredText),
+			type: 'warning',
+		})
+		return
+	}
+
+	if (isUnder13.value) {
+		addNotification({
+			title: formatMessage(messages.ageRequirementWarningTitle),
+			text: formatMessage(messages.under13HelperText),
+			type: 'error',
+		})
+		return
+	}
+
+	props.onCompleteSignUp()
+}
+
 const messages = defineMessages({
 	title: {
 		id: 'auth.create-account.title',
@@ -176,10 +213,26 @@ const messages = defineMessages({
 		id: 'auth.create-account.date-of-birth.label',
 		defaultMessage: 'Date of birth',
 	},
+	dateOfBirthRequiredTitle: {
+		id: 'auth.create-account.date-of-birth.required.title',
+		defaultMessage: 'Date of birth required',
+	},
+	dateOfBirthRequiredText: {
+		id: 'auth.create-account.date-of-birth.required.text',
+		defaultMessage: 'Please enter your date of birth before continuing.',
+	},
 	over13HelperText: {
 		id: 'auth.create-account.date-of-birth.over13-helper',
 		defaultMessage: 'You must be over 13 years old to use Modrinth.',
 	},
+	under13HelperText: {
+		id: 'auth.create-account.date-of-birth.under13-helper',
+		defaultMessage: 'You cannot create an account at Modrinth unless you are 13 years old.',
+	},
+	ageRequirementWarningTitle: {
+		id: 'auth.create-account.age-requirement.warning-title',
+		defaultMessage: 'Age requirement',
+	},
 	infoPanelText: {
 		id: 'auth.create-account.info-panel.text',
 		defaultMessage:
diff --git a/apps/frontend/src/components/ui/auth/SignUp.vue b/apps/frontend/src/components/ui/auth/SignUp.vue
index 9b46aca712..e12ebd14b1 100644
--- a/apps/frontend/src/components/ui/auth/SignUp.vue
+++ b/apps/frontend/src/components/ui/auth/SignUp.vue
@@ -79,13 +79,6 @@
 				wrapper-class="w-full"
 			/>
 
-			<Checkbox
-				v-model="subscribeModel"
-				class="subscribe-btn"
-				:label="formatMessage(messages.subscribeLabel)"
-				:description="formatMessage(messages.subscribeLabel)"
-			/>
-
 			<p v-if="!routeQuery.launcher">
 				<IntlFormatted :message-id="messages.legalDisclaimer">
 					<template #terms-link="{ children }">
@@ -101,17 +94,11 @@
 				</IntlFormatted>
 			</p>
 
-			<HCaptcha
-				v-if="globals?.captcha_enabled && emailModel && passwordModel"
-				:ref="onSetCaptchaRef"
-				v-model="tokenModel"
-			/>
-
 			<ButtonStyled color="brand">
 				<button
 					class="!w-full"
-					:disabled="globals?.captcha_enabled ? !tokenModel : false"
-					@click="onCreateAccount()"
+					:disabled="!emailModel || !passwordModel"
+					@click="onContinueWithEmail()"
 				>
 					{{ formatMessage(messages.continueWithEmail) }} <RightArrowIcon />
 				</button>
@@ -147,7 +134,6 @@ import {
 } from '@modrinth/assets'
 import {
 	ButtonStyled,
-	Checkbox,
 	commonMessages,
 	defineMessages,
 	IntlFormatted,
@@ -156,7 +142,6 @@ import {
 } from '@modrinth/ui'
 import { computed } from 'vue'
 
-import HCaptcha from '@/components/ui/auth/HCaptcha.vue'
 import { getAuthUrl } from '@/composables/auth.ts'
 
 const props = defineProps({
@@ -172,10 +157,6 @@ const props = defineProps({
 		type: Object,
 		default: () => ({}),
 	},
-	globals: {
-		type: Object,
-		default: null,
-	},
 	email: {
 		type: String,
 		default: '',
@@ -184,29 +165,17 @@ const props = defineProps({
 		type: String,
 		default: '',
 	},
-	token: {
-		type: String,
-		default: '',
-	},
-	subscribe: {
-		type: Boolean,
-		default: false,
-	},
 	onToggleOtherOptions: {
 		type: Function,
 		default: () => {},
 	},
-	onCreateAccount: {
+	onContinueWithEmail: {
 		type: Function,
 		default: () => {},
 	},
-	onSetCaptchaRef: {
-		type: Function,
-		default: undefined,
-	},
 })
 
-const emit = defineEmits(['update:email', 'update:password', 'update:token', 'update:subscribe'])
+const emit = defineEmits(['update:email', 'update:password'])
 
 const emailModel = computed({
 	get: () => props.email,
@@ -218,16 +187,6 @@ const passwordModel = computed({
 	set: (value) => emit('update:password', value),
 })
 
-const tokenModel = computed({
-	get: () => props.token,
-	set: (value) => emit('update:token', value),
-})
-
-const subscribeModel = computed({
-	get: () => props.subscribe,
-	set: (value) => emit('update:subscribe', value),
-})
-
 const { formatMessage } = useVIntl()
 
 const messages = defineMessages({
@@ -239,10 +198,6 @@ const messages = defineMessages({
 		id: 'auth.continue-with-provider',
 		defaultMessage: 'Continue with {provider}',
 	},
-	subscribeLabel: {
-		id: 'auth.sign-up.subscribe.label',
-		defaultMessage: 'Subscribe to updates about Modrinth',
-	},
 	legalDisclaimer: {
 		id: 'auth.sign-up.legal-dislaimer',
 		defaultMessage:
diff --git a/apps/frontend/src/pages/auth/sign-up.vue b/apps/frontend/src/pages/auth/sign-up.vue
index 5e18477b15..398232da5c 100644
--- a/apps/frontend/src/pages/auth/sign-up.vue
+++ b/apps/frontend/src/pages/auth/sign-up.vue
@@ -1,15 +1,22 @@
 <template>
 	<SignUpView
+		v-if="!isCreateAccountStep"
 		v-model:email="email"
 		v-model:password="password"
-		v-model:token="token"
-		v-model:subscribe="subscribe"
 		:redirect-target="redirectTarget"
 		:show-other-options="showOtherOptions"
 		:route-query="route.query"
-		:globals="globals"
 		:on-toggle-other-options="toggleOtherOptions"
-		:on-create-account="createAccount"
+		:on-continue-with-email="continueWithEmail"
+	/>
+	<CreateAccountView
+		v-else
+		v-model:date-of-birth="dateOfBirth"
+		v-model:username="username"
+		v-model:token="token"
+		v-model:subscribe="subscribe"
+		:globals="globals"
+		:on-complete-sign-up="createAccount"
 		:on-set-captcha-ref="setCaptchaRef"
 	/>
 </template>
@@ -24,6 +31,7 @@ import {
 } from '@modrinth/ui'
 import { useQuery } from '@tanstack/vue-query'
 
+import CreateAccountView from '@/components/ui/auth/CreateAccount.vue'
 import SignUpView from '@/components/ui/auth/SignUp.vue'
 
 const client = injectModrinthClient()
@@ -35,6 +43,14 @@ const messages = defineMessages({
 		id: 'auth.sign-up.title',
 		defaultMessage: 'Sign Up',
 	},
+	ageRequirementWarningTitle: {
+		id: 'auth.sign-up.age-requirement.warning-title',
+		defaultMessage: 'Age requirement',
+	},
+	under13HelperText: {
+		id: 'auth.create-account.date-of-birth.under13-helper',
+		defaultMessage: 'You cannot create an account at Modrinth unless you are 13 years old.',
+	},
 })
 
 useHead({
@@ -46,6 +62,7 @@ const route = useNativeRoute()
 
 const redirectTarget = route.query.redirect
 const showOtherOptions = ref(false)
+const isCreateAccountStep = ref(false)
 
 if (auth.value.user) {
 	await navigateTo('/dashboard')
@@ -73,12 +90,38 @@ const { data: globals } = useQuery({
 
 const email = ref('')
 const password = ref('')
+const dateOfBirth = ref('')
+const username = ref('')
 const token = ref('')
 const subscribe = ref(false)
 
+async function continueWithEmail() {
+	startLoading()
+	try {
+		const generatedUsername = generateUsernameFromEmail(email.value)
+
+		await client.labrinth.auth_v2.validateCreateAccount({
+			username: generatedUsername,
+			password: password.value,
+			email: email.value,
+		})
+
+		token.value = ''
+		username.value = generatedUsername
+		isCreateAccountStep.value = true
+	} catch (err) {
+		addNotification({
+			title: formatMessage(commonMessages.errorNotificationTitle),
+			text: err.data ? err.data.description : err,
+			type: 'error',
+		})
+	}
+	stopLoading()
+}
+
 function generateUsernameFromEmail(emailAddress) {
-	const [localPart = '', domainPart = ''] = emailAddress.trim().toLowerCase().split('@')
-	const sanitized = `${localPart}_${domainPart}`
+	const [localPart = ''] = emailAddress.trim().toLowerCase().split('@')
+	const sanitized = localPart
 		.replace(/[^a-zA-Z0-9_-]/g, '_')
 		.replace(/_+/g, '_')
 		.replace(/^_+|_+$/g, '')
@@ -90,7 +133,7 @@ async function createAccount() {
 	startLoading()
 	try {
 		const res = await client.labrinth.auth_v2.createAccount({
-			username: generateUsernameFromEmail(email.value),
+			username: username.value.trim() || generateUsernameFromEmail(email.value),
 			password: password.value,
 			email: email.value,
 			challenge: token.value,
diff --git a/packages/api-client/src/modules/labrinth/auth/v2.ts b/packages/api-client/src/modules/labrinth/auth/v2.ts
index 53c9b2669e..e1829d7726 100644
--- a/packages/api-client/src/modules/labrinth/auth/v2.ts
+++ b/packages/api-client/src/modules/labrinth/auth/v2.ts
@@ -57,6 +57,22 @@ export class LabrinthAuthV2Module extends AbstractModule {
 		})
 	}
 
+	/**
+	 * Validate email/password inputs for account creation without creating an account.
+	 *
+	 * @param data - Prospective account credentials
+	 */
+	public async validateCreateAccount(
+		data: Labrinth.Auth.v2.ValidateCreateAccountRequest,
+	): Promise<void> {
+		return this.client.request(`/auth/create/validate`, {
+			api: 'labrinth',
+			version: 2,
+			method: 'POST',
+			body: data,
+		})
+	}
+
 	/**
 	 * Create a new account from an OAuth callback flow state
 	 *
diff --git a/packages/api-client/src/modules/labrinth/types.ts b/packages/api-client/src/modules/labrinth/types.ts
index 1e03777162..78b84b0cac 100644
--- a/packages/api-client/src/modules/labrinth/types.ts
+++ b/packages/api-client/src/modules/labrinth/types.ts
@@ -278,6 +278,12 @@ export namespace Labrinth {
 				session: string
 			}
 
+			export type ValidateCreateAccountRequest = {
+				username: string
+				password: string
+				email: string
+			}
+
 			export type CreateOAuthAccountRequest = {
 				username: string
 				state: string

From 2592eb3f32a18c3075cfec7572ab1ec134d4645d Mon Sep 17 00:00:00 2001
From: tdgao <mr.trumgao@gmail.com>
Date: Wed, 22 Apr 2026 08:51:49 -0600
Subject: [PATCH 11/11] fix: TOCTOU issue

---
 apps/labrinth/src/routes/internal/flows.rs | 73 +++++++++++++++-------
 1 file changed, 51 insertions(+), 22 deletions(-)

diff --git a/apps/labrinth/src/routes/internal/flows.rs b/apps/labrinth/src/routes/internal/flows.rs
index c4baac5ece..06ebd34a2a 100644
--- a/apps/labrinth/src/routes/internal/flows.rs
+++ b/apps/labrinth/src/routes/internal/flows.rs
@@ -1665,7 +1665,7 @@ impl From<NewAccount> for AccountRegisterFlow {
 impl AccountRegisterFlow {
     async fn validate(
         self,
-        pool: &PgPool,
+        transaction: &mut PgTransaction<'_>,
         redis: &RedisPool,
     ) -> Result<ReadyAccountRegisterFlow, AccountRegisterValidateError> {
         validator::Validate::validate(&self).map_err(|err| {
@@ -1674,12 +1674,16 @@ impl AccountRegisterFlow {
             )
         })?;
 
-        if crate::database::models::DBUser::get(&self.username, pool, redis)
-            .await
-            .map_err(|err| {
-                AccountRegisterValidateError::InvalidInput(err.to_string())
-            })?
-            .is_some()
+        if crate::database::models::DBUser::get(
+            &self.username,
+            &mut *transaction,
+            redis,
+        )
+        .await
+        .map_err(|err| {
+            AccountRegisterValidateError::InvalidInput(err.to_string())
+        })?
+        .is_some()
         {
             return Err(AccountRegisterValidateError::UsernameTaken);
         }
@@ -1697,7 +1701,7 @@ impl AccountRegisterFlow {
 
         if !crate::database::models::DBUser::get_by_case_insensitive_email(
             &self.email,
-            pool,
+            &mut *transaction,
         )
         .await
         .map_err(|err| {
@@ -1716,15 +1720,14 @@ impl ReadyAccountRegisterFlow {
     async fn execute(
         self,
         req: HttpRequest,
-        pool: &PgPool,
+        transaction: &mut PgTransaction<'_>,
         redis: &RedisPool,
         email_queue: &EmailQueue,
     ) -> Result<crate::models::sessions::Session, ApiError> {
         let register_flow = self.inner;
 
-        let mut transaction = pool.begin().await?;
         let user_id =
-            crate::database::models::generate_user_id(&mut transaction).await?;
+            crate::database::models::generate_user_id(transaction).await?;
 
         let hasher = Argon2::default();
         let salt = SaltString::generate(&mut ChaCha20Rng::from_entropy());
@@ -1759,11 +1762,30 @@ impl ReadyAccountRegisterFlow {
             allow_friend_requests: true,
             is_subscribed_to_newsletter: register_flow.sign_up_newsletter,
         }
-        .insert(&mut transaction)
-        .await?;
+        .insert(transaction)
+        .await
+        .map_err(|err| {
+            if let sqlx::Error::Database(database_error) = &err {
+                match database_error.constraint() {
+                    Some("username_unique" | "users_username_key") => {
+                        return ApiError::from(
+                            AccountRegisterValidateError::UsernameTaken,
+                        );
+                    }
+                    Some("email_unique" | "users_email_key") => {
+                        return ApiError::from(
+                            AccountRegisterValidateError::DuplicateEmail,
+                        );
+                    }
+                    _ => {}
+                }
+            }
+
+            ApiError::from(err)
+        })?;
 
         let session =
-            issue_session(req, user_id, &mut transaction, redis, None).await?;
+            issue_session(req, user_id, transaction, redis, None).await?;
         let res = crate::models::sessions::Session::from(session, true, None);
 
         let mailbox: Mailbox = register_flow.email.parse().map_err(|_| {
@@ -1779,7 +1801,7 @@ impl ReadyAccountRegisterFlow {
 
         email_queue
             .send_one(
-                &mut transaction,
+                transaction,
                 NotificationBody::VerifyEmail { flow },
                 user_id,
                 mailbox,
@@ -1787,8 +1809,6 @@ impl ReadyAccountRegisterFlow {
             .await?
             .as_user_error()?;
 
-        transaction.commit().await?;
-
         Ok(res)
     }
 }
@@ -1801,14 +1821,18 @@ impl ReadyAccountRegisterFlow {
         (status = 400, description = "Invalid input")
     )
 )]
-#[post("create/validate")]
+#[post("/create/validate")]
 pub async fn validate_create_account_with_password(
     pool: Data<PgPool>,
     redis: Data<RedisPool>,
     new_account: web::Json<NewAccount>,
 ) -> Result<(), AccountRegisterValidateError> {
+    let mut transaction = pool.begin().await.map_err(|err| {
+        AccountRegisterValidateError::InvalidInput(err.to_string())
+    })?;
+
     AccountRegisterFlow::from(new_account.into_inner())
-        .validate(&pool, &redis)
+        .validate(&mut transaction, &redis)
         .await?;
 
     Ok(())
@@ -1822,7 +1846,7 @@ pub async fn validate_create_account_with_password(
         (status = 400, description = "Invalid input")
     )
 )]
-#[post("create")]
+#[post("/create")]
 pub async fn create_account_with_password(
     req: HttpRequest,
     pool: Data<PgPool>,
@@ -1838,11 +1862,16 @@ pub async fn create_account_with_password(
         return Err(ApiError::Turnstile);
     }
 
+    let mut transaction = pool.begin().await?;
+
     let ready_flow = AccountRegisterFlow::from(new_account)
-        .validate(&pool, &redis)
+        .validate(&mut transaction, &redis)
         .await?;
 
-    let res = ready_flow.execute(req, &pool, &redis, &email).await?;
+    let res = ready_flow
+        .execute(req, &mut transaction, &redis, &email)
+        .await?;
+    transaction.commit().await?;
 
     Ok(HttpResponse::Ok().json(res))
 }