Spec Template: Login Flow
This is a ready-to-use Intent Specification for a standard email/password login flow. You can copy this template, adapt it for your tech stack, and feed it directly to your AI coding agent or engineering team.
The Template
{
"intentId": "INT-TEMPLATE-LOGIN-001",
"title": "User Login Flow",
"source": {
"type": "feature-request",
"description": "Enable users to authenticate and access protected features."
},
"behavior": {
"userStory": "As a registered user, I can log in with my email and password so that I can access my personal dashboard and data.",
"acceptanceCriteria": [
"A login form is accessible from the main navigation.",
"Form fields: Email (required, email format validation), Password (required, min 8 characters).",
"Submitting valid credentials authenticates the user.",
"Successful login redirects to /dashboard.",
"Invalid credentials display an inline error: 'Invalid email or password.'",
"A 'Forgot Password?' link is visible and navigates to /reset-password.",
"The login button shows a loading state during authentication.",
"Session persists across browser tabs."
]
},
"context": {
"suggestedComponent": "LoginForm.tsx or LoginModal.tsx",
"framework": "[Your Framework, e.g., Next.js, React, Vue]",
"authProvider": "[Your Auth Provider, e.g., Supabase, Firebase, Auth0]",
"designSystem": "[Your Design System, e.g., Tailwind, Chakra UI, MUI]"
},
"constraints": [
"Passwords must NOT be logged to the console or any analytics service.",
"All API calls must be over HTTPS.",
"Rate limiting: Max 5 failed attempts per email per 15 minutes."
],
"verification": {
"e2eTests": [
"User can log in with valid credentials.",
"User sees error with invalid credentials.",
"User is redirected to /dashboard after login."
],
"unitTests": [
"Email validation function correctly identifies invalid formats.",
"Auth service returns appropriate error codes for different failure modes."
],
"manualChecks": [
"Verify mobile responsiveness.",
"Confirm 'Forgot Password' link works."
]
}
}How to Use This Template
- Copy the JSON above.
- Replace placeholders in the
contextsection with your actual tech stack. - Adjust acceptance criteria to match your product's specific requirements.
- Feed to your agent: Paste directly into Cursor, Windsurf, or your AI-assisted IDE.
- Or create a ticket: Use this as the description for your Linear/Jira issue.
Customization Ideas
- OAuth Login: Add acceptance criteria for "Sign in with Google" and "Sign in with GitHub" buttons.
- Two-Factor Auth: Add criteria for OTP verification after password submission.
- Magic Link: Replace password fields with email-only input and "Send Magic Link" button.
💡 Tip: Use the Copy button on the JSON block above to grab the full template. Then paste it into your AI agent or issue tracker.
See It In Action
We fed this exact spec to an AI coding agent. The result? A fully functional login form with validation, loading states, and tests — in under 3 minutes.
What the AI Agent Said
We asked the agent: "Was it better that I gave you this intent spec instead of prompting loosely?"
"Yes, significantly better."
The acceptance criteria were a checklist I could implement directly. No guessing "did they want password strength indicators?" — the spec said 8 char min, so that's what I built.
The constraints like "Passwords must NOT be logged" are the kind of security requirements that often get forgotten in a typical prompt but were explicit here.
The verification section told me exactly what to test. I wrote 8 unit tests directly from the spec.
With a loose prompt, I'd have to ask: Do you want validation? Loading states? Error handling? The intent spec answered all of that upfront.
The spec created a contract between intent and implementation. I knew when I was "done" because the acceptance criteria were finite.
— Claude (Anthropic), via Gemini Code
Ready to create your own specs? Let Pathmode synthesize them from your user research.