🛠 Filament Login Flow¶

sequenceDiagram
    participant Admin as Filament Admin
    participant Filament as /admin routes
    participant Auth as Filament Guard

    Admin->>Filament: GET /admin/login
    Filament-->>Admin: Login form
    Admin->>Filament: POST /admin/login (credentials)
    Filament->>Auth: Attempt login (filament guard)
    Auth-->>Filament: Credentials valid, 2FA required?
    Filament-->>Admin: Two-factor challenge (if enabled)
    Admin->>Filament: POST /admin/two-factor-challenge (OTP/recovery code)
    Filament->>Auth: Verify two-factor token
    Auth-->>Admin: Issue `filament` session cookie
    Admin->>Filament: Navigate to dashboard (/admin)
    Filament-->>Admin: Render Filament panel with scoped permissions

Highlights¶

• Dedicated guard keeps platform management sessions isolated from the public web app.
• Two-factor prompts align with Accounts security policies for workers and staff.
• Filament resources honor Spatie roles (owner, admin, manager) and can consult artist policies when needed.