Auth.js session secret
AUTH_SECRET
Required before real buyer rooms can be enabled.
B2B Account
UrbanDream consultation rooms will use email or Google login. This route stays locked until the B2B auth environment is enabled.
Why this is locked
Real login should open only after the B2B-only database, room membership checks, private buyer image storage, and audit logging are connected.
Auth readiness
This panel shows only whether required environment variables are present. It never displays secret values.
Auth.js session secret
AUTH_SECRET
Required before real buyer rooms can be enabled.
Public auth callback URL
AUTH_URL
Required before real buyer rooms can be enabled.
Google OAuth credentials
AUTH_GOOGLE_ID/AUTH_GOOGLE_SECRET
Optional for the first auth provider mix.
Email login provider mode
B2B_EMAIL_PROVIDER
Optional for the first auth provider mix.
Separate B2B PostgreSQL database
B2B_DATABASE_URL
Required before real buyer rooms can be enabled.
Private buyer attachment storage
B2B_PRIVATE_UPLOAD_DIR/B2B_STORAGE_BUCKET
Required before real buyer rooms can be enabled.
Initial staff/admin allowlist
B2B_STAFF_EMAILS/B2B_ADMIN_EMAILS
Required before real buyer rooms can be enabled.
Current status: locked scaffold
Session testing can run before database persistence. Real buyer rooms should remain locked until room-level authorization, B2B database persistence, private storage, rate limiting, and audit logging are implemented.