diff --git a/apps/web/src/lib/auth/RedirectIfLoggedIn.svelte b/apps/web/src/lib/auth/RedirectIfLoggedIn.svelte
new file mode 100644
index 0000000000..ccb886fc88
--- /dev/null
+++ b/apps/web/src/lib/auth/RedirectIfLoggedIn.svelte
@@ -0,0 +1,18 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { USER_SERVICE } from '$lib/user/userService';
+	import { inject } from '@gitbutler/shared/context';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
+	const isLoggedIn = $derived($user !== undefined);
+
+	// If there is a user, redirect to the home page
+	$effect(() => {
+		if (isLoggedIn) {
+			goto(routesService.homePath());
+		}
+	});
+</script>
diff --git a/apps/web/src/lib/auth/RedirectIfNotFinalized.svelte b/apps/web/src/lib/auth/RedirectIfNotFinalized.svelte
new file mode 100644
index 0000000000..ee12c931d7
--- /dev/null
+++ b/apps/web/src/lib/auth/RedirectIfNotFinalized.svelte
@@ -0,0 +1,28 @@
+<script lang="ts">
+	import { afterNavigate, goto } from '$app/navigation';
+	import { USER_SERVICE } from '$lib/user/userService';
+	import { inject } from '@gitbutler/shared/context';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
+	const userEmail = $derived($user?.email);
+	const userLogin = $derived($user?.login);
+	const isLoggedIn = $derived($user !== undefined);
+	// Logged in but missing email or login
+	const accountNotFinalized = $derived(isLoggedIn && (!userEmail || !userLogin));
+	let currentPathName = $state<string>(location.pathname);
+
+	// Keep track of the current path name to avoid redirect loops
+	afterNavigate((navigation) => {
+		currentPathName = navigation.to?.url.pathname || '';
+	});
+
+	// If the user account is not finalized, redirect to the finalization page
+	$effect(() => {
+		if (accountNotFinalized && currentPathName !== routesService.finalizeAccountPath()) {
+			goto(routesService.finalizeAccountPath());
+		}
+	});
+</script>
diff --git a/apps/web/src/lib/components/Navigation.svelte b/apps/web/src/lib/components/Navigation.svelte
index 4ede786c6c..584216961f 100644
--- a/apps/web/src/lib/components/Navigation.svelte
+++ b/apps/web/src/lib/components/Navigation.svelte
@@ -7,7 +7,6 @@
 	import { inject } from '@gitbutler/shared/context';
 	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { Button, ContextMenu, ContextMenuItem, ContextMenuSection, Icon } from '@gitbutler/ui';
-
 	import { env } from '$env/dynamic/public';
 
 	const authService = inject(AUTH_SERVICE);
@@ -21,13 +20,9 @@
 	let ctxUserTriggerButton = $state<HTMLButtonElement | undefined>();
 	let isCtxMenuOpen = $state(false);
 
-	function login() {
-		window.location.href = `${env.PUBLIC_APP_HOST}cloud/login?callback=${window.location.href}`;
-	}
-
 	function logout() {
 		authService.clearToken();
-		window.location.href = `${env.PUBLIC_APP_HOST}cloud/logout?returnTo=${window.location.href}`;
+		window.location.href = `${env.PUBLIC_APP_HOST}cloud/logout`;
 	}
 </script>
 
@@ -79,8 +74,12 @@
 			>
 		{:else}
 			<div class="login-signup-wrap">
-				<Button kind="outline" onclick={login}>Join GitButler</Button>
-				<Button style="pop" icon="signin" onclick={login}>Log in</Button>
+				<a href={routes.signupPath()}>
+					<Button kind="outline">Join GitButler</Button>
+				</a>
+				<a href={routes.loginPath()} title="Log in" aria-label="Log in">
+					<Button style="pop" icon="signin">Log in</Button>
+				</a>
 			</div>
 		{/if}
 	</div>
diff --git a/apps/web/src/lib/components/login/GitHubButton.svelte b/apps/web/src/lib/components/login/GitHubButton.svelte
new file mode 100644
index 0000000000..595048ba1a
--- /dev/null
+++ b/apps/web/src/lib/components/login/GitHubButton.svelte
@@ -0,0 +1,51 @@
+<script lang="ts">
+	import { env } from '$env/dynamic/public';
+</script>
+
+<a
+	class="oauth-login"
+	href={`${env.PUBLIC_APP_HOST}auth/github?origin=${encodeURIComponent(window.location.href)}`}
+	title="Sign in with GitHub"
+	aria-label="Sign in with GitHub"
+>
+	<svg class="oauth-logo" viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
+		<title>Sign in with GitHub</title>
+		<path
+			fill-rule="evenodd"
+			clip-rule="evenodd"
+			d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z"
+			fill="#000"
+		/>
+	</svg>
+	<span>Sign in with GitHub</span>
+</a>
+
+<style lang="postcss">
+	.oauth-login {
+		display: flex;
+		align-items: center;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-border-2);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-bg-1);
+		color: var(--clr-scale-ntrl-0);
+		cursor: pointer;
+
+		&:hover {
+			background-color: var(--clr-bg-2);
+		}
+
+		span {
+			width: 100%;
+			font-weight: 500;
+			font-size: 14px;
+			text-align: center;
+		}
+	}
+
+	.oauth-logo {
+		width: 24px;
+		height: 24px;
+	}
+</style>
diff --git a/apps/web/src/lib/components/login/GoogleButton.svelte b/apps/web/src/lib/components/login/GoogleButton.svelte
new file mode 100644
index 0000000000..4d48d7a282
--- /dev/null
+++ b/apps/web/src/lib/components/login/GoogleButton.svelte
@@ -0,0 +1,61 @@
+<script lang="ts">
+	import { env } from '$env/dynamic/public';
+</script>
+
+<a
+	class="oauth-login"
+	href={`${env.PUBLIC_APP_HOST}auth/google_oauth2?origin=${encodeURIComponent(window.location.href)}`}
+	title="Sign in with Google"
+	aria-label="Sign in with Google"
+>
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="oauth-logo">
+		<title>Sign in with Google</title>
+		<path
+			d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+			fill="#4285f4"
+		></path>
+		<path
+			d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
+			fill="#34a853"
+		></path>
+		<path
+			d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
+			fill="#fbbc05"
+		></path>
+		<path
+			d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
+			fill="#ea4335"
+		></path>
+	</svg>
+	<span>Sign in with Google</span>
+</a>
+
+<style lang="postcss">
+	.oauth-login {
+		display: flex;
+		align-items: center;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-border-2);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-bg-1);
+		color: var(--clr-scale-ntrl-0);
+		cursor: pointer;
+
+		&:hover {
+			background-color: var(--clr-bg-2);
+		}
+
+		span {
+			width: 100%;
+			font-weight: 500;
+			font-size: 14px;
+			text-align: center;
+		}
+	}
+
+	.oauth-logo {
+		width: 24px;
+		height: 24px;
+	}
+</style>
diff --git a/apps/web/src/lib/user/userService.ts b/apps/web/src/lib/user/userService.ts
index a19b4ec198..b3923de15c 100644
--- a/apps/web/src/lib/user/userService.ts
+++ b/apps/web/src/lib/user/userService.ts
@@ -73,6 +73,16 @@ export class UserService {
 		return user;
 	}
 
+	async refreshUser() {
+		try {
+			const user = await this.fetchUser();
+			this.user.set(user);
+			this.error.set(undefined);
+		} catch (error) {
+			this.error.set(error);
+		}
+	}
+
 	clearUser() {
 		this.user.set(undefined);
 	}
diff --git a/apps/web/src/routes/(app)/+layout.svelte b/apps/web/src/routes/(app)/+layout.svelte
index 7564e8f532..a49663c902 100644
--- a/apps/web/src/routes/(app)/+layout.svelte
+++ b/apps/web/src/routes/(app)/+layout.svelte
@@ -2,6 +2,7 @@
 	import '$lib/styles/global.css';
 	import { page } from '$app/state';
 	import { ButlerAIClient, BUTLER_AI_CLIENT } from '$lib/ai/service';
+	import RedirectIfNotFinalized from '$lib/auth/RedirectIfNotFinalized.svelte';
 	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import Footer from '$lib/components/Footer.svelte';
 	import Navigation from '$lib/components/Navigation.svelte';
@@ -20,6 +21,7 @@
 	} from '@gitbutler/shared/chat/chatChannelsService';
 	import { inject, provide } from '@gitbutler/shared/context';
 	import { FeedService, FEED_SERVICE } from '@gitbutler/shared/feeds/service';
+	import LoginService, { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
 	import { HttpClient, HTTP_CLIENT } from '@gitbutler/shared/network/httpClient';
 	import {
 		OrganizationService,
@@ -71,6 +73,9 @@
 	const httpClient = new HttpClient(window.fetch, env.PUBLIC_APP_HOST, authService.tokenReadable);
 	provide(HTTP_CLIENT, httpClient);
 
+	const loginService = new LoginService(httpClient);
+	provide(LOGIN_SERVICE, loginService);
+
 	const aiService = new ButlerAIClient(httpClient);
 	provide(BUTLER_AI_CLIENT, aiService);
 
@@ -142,10 +147,15 @@
 	provide(RULES_SERVICE, rulesService);
 
 	const isCommitPage = $derived(page.url.pathname.includes('/commit/'));
+	const isLoginPage = $derived(page.url.pathname.includes('/login'));
+	const isSignupPage = $derived(page.url.pathname.includes('/signup'));
+	const hasNavigation = $derived(!isCommitPage && !isLoginPage && !isSignupPage);
 </script>
 
+<RedirectIfNotFinalized />
+
 <div class="app">
-	{#if !isCommitPage}
+	{#if hasNavigation}
 		<Navigation />
 	{/if}
 
diff --git a/apps/web/src/routes/(app)/+page.svelte b/apps/web/src/routes/(app)/+page.svelte
index 0e3cff6880..2100deab63 100644
--- a/apps/web/src/routes/(app)/+page.svelte
+++ b/apps/web/src/routes/(app)/+page.svelte
@@ -1,13 +1,22 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import DashboardLayout from '$lib/components/dashboard/DashboardLayout.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
 	import { inject } from '@gitbutler/shared/context';
 	import { isFound } from '@gitbutler/shared/network/loadable';
 	import { getRecentlyPushedProjects } from '@gitbutler/shared/organizations/projectsPreview.svelte';
 	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { Button } from '@gitbutler/ui';
 
+	const authService = inject(AUTH_SERVICE);
+	const persistedToken = authService.token;
+
 	const routes = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
+
+	const loggedIn = $derived($user !== undefined);
 	const recentProjects = getRecentlyPushedProjects();
 	let hasRecentProjects = $state(false);
 
@@ -25,9 +34,18 @@
 			}
 		}
 	});
+
+	$effect(() => {
+		if (!loggedIn && persistedToken.current) {
+			// Clear any stale tokens if the user is not logged in
+			authService.clearToken();
+		}
+	});
 </script>
 
-{#if hasRecentProjects}
+{#if !loggedIn}
+	<p>Loading...</p>
+{:else if hasRecentProjects}
 	<DashboardLayout>
 		<p>You have no recent projects!</p>
 	</DashboardLayout>
diff --git a/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte b/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte
index c601423c37..15b1e0a2cd 100644
--- a/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte
+++ b/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte
@@ -1,9 +1,9 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
-	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import BranchIndexCard from '$lib/components/branches/BranchIndexCard.svelte';
 	import DashboardLayout from '$lib/components/dashboard/DashboardLayout.svelte';
 	import Table from '$lib/components/table/Table.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
 	import { getBranchReviewsForRepository } from '@gitbutler/shared/branches/branchesPreview.svelte';
 	import { BranchStatus } from '@gitbutler/shared/branches/types';
 	import { inject } from '@gitbutler/shared/context';
@@ -14,12 +14,13 @@
 	import { Button, Select, SelectItem } from '@gitbutler/ui';
 
 	// Get authentication service and check if user is logged in
-	const authService = inject(AUTH_SERVICE);
 	const routes = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
 
-	// If there is no token (user not logged in), redirect to home
+	// If there is no user (user not logged in), redirect to home
 	$effect(() => {
-		if (!authService.token.current) {
+		if ($user === undefined) {
 			goto(routes.homePath());
 		}
 	});
diff --git a/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte b/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte
index ac9c41f9bb..ce0d87066a 100644
--- a/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte
+++ b/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
-	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
 	import { eventTimeStamp } from '@gitbutler/shared/branches/utils';
 	import { inject } from '@gitbutler/shared/context';
 	import Loading from '@gitbutler/shared/network/Loading.svelte';
@@ -11,12 +11,13 @@
 	import type { Rule } from '@gitbutler/shared/rules/types';
 
 	// Get authentication service and check if user is logged in
-	const authService = inject(AUTH_SERVICE);
 	const routes = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
 
-	// If there is no token (user not logged in), redirect to home
+	// If there is no user (user not logged in), redirect to home
 	$effect(() => {
-		if (!authService.token.current) {
+		if ($user === undefined) {
 			goto(routes.homePath());
 		}
 	});
diff --git a/apps/web/src/routes/(app)/login/+page.svelte b/apps/web/src/routes/(app)/login/+page.svelte
new file mode 100644
index 0000000000..7f0222eb96
--- /dev/null
+++ b/apps/web/src/routes/(app)/login/+page.svelte
@@ -0,0 +1,210 @@
+<script lang="ts">
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import GitHubButton from '$lib/components/login/GitHubButton.svelte';
+	import GoogleButton from '$lib/components/login/GoogleButton.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+	import { env } from '$env/dynamic/public';
+
+	let email = $state<string>();
+	let password = $state<string>();
+
+	let error = $state<string>();
+	let errorCode = $state<string>();
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const authService = inject(AUTH_SERVICE);
+
+	async function handleSubmit(event: Event) {
+		event.preventDefault();
+		if (!email || !password) {
+			console.error('Email and password are required');
+			return;
+		}
+
+		const response = await loginService.loginWithEmail(email, password);
+
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			errorCode = response.errorCode;
+			console.error('Login failed:', response.raw ?? response.errorMessage);
+		} else {
+			const token = response.data;
+			authService.setToken(token);
+			window.location.href = `${env.PUBLIC_APP_HOST}successful_login?access_token=${token}`;
+		}
+	}
+
+	async function resendConfirmationEmail() {
+		if (!email) {
+			error = 'Please enter your email to resend the confirmation email.';
+			return;
+		}
+		const response = await loginService.resendConfirmationEmail(email);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			errorCode = response.errorCode;
+			console.error('Failed to resend confirmation email:', response.raw ?? response.errorMessage);
+		} else {
+			error = 'Confirmation email resent. Please check your inbox.';
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Login</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="login-form">
+	<div class="login-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={email} required />
+			</div>
+			<div class="field">
+				<label for="password">Password</label>
+				<input id="password" type="password" bind:value={password} required />
+			</div>
+		</SectionCard>
+
+		<div class="reset-password-link">
+			Or did you forget your password?
+			<br />
+			Wow. That sounds irresponsible.
+			<a href={routesService.resetPasswordPath()}>I mean... it's fine. Reset it</a>
+		</div>
+
+		<Button type="submit">Log in</Button>
+
+		<div class="signup-link">
+			Don't have an account?
+			<a href={routesService.signupPath()}>Sign up</a>
+		</div>
+
+		{#if error}
+			<div class="error-message">
+				<span>
+					{error}
+				</span>
+			</div>
+			{#if errorCode === 'email_not_verified'}
+				<span>
+					Please verify your email address before logging in. Check your inbox for a verification
+					email or
+				</span>
+				<Button
+					type="button"
+					onclick={resendConfirmationEmail}
+					disabled={!email}
+					tooltip={!email
+						? 'Please enter your email in the field above to resend the confirmation email.'
+						: 'Resend confirmation email'}
+				>
+					resend the confirmation email</Button
+				>
+			{/if}
+		{/if}
+
+		<SectionCard>
+			<GitHubButton />
+			<GoogleButton />
+		</SectionCard>
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.login-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.signup-link,
+	.reset-password-link {
+		display: flex;
+		flex-direction: column;
+		align-items: center;
+		justify-content: center;
+
+		gap: 4px;
+		font-size: 14px;
+
+		a {
+			text-decoration: underline;
+		}
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/login/confirm-password/+page.svelte b/apps/web/src/routes/(app)/login/confirm-password/+page.svelte
new file mode 100644
index 0000000000..3ff7423003
--- /dev/null
+++ b/apps/web/src/routes/(app)/login/confirm-password/+page.svelte
@@ -0,0 +1,177 @@
+<script lang="ts">
+	import { page } from '$app/state';
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+	import { env } from '$env/dynamic/public';
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const authService = inject(AUTH_SERVICE);
+
+	let password = $state<string>();
+	let passwordConfirmation = $state<string>();
+	let error = $state<string>();
+	let message = $state<string>();
+
+	const confirmationMatches = $derived(password === passwordConfirmation);
+
+	async function handleSubmit() {
+		const token = page.url.searchParams.get('t');
+
+		if (!token) {
+			error = 'Invalid or missing token';
+			// TODO: Probably redirect to the login page or show a more user-friendly error
+			return;
+		}
+
+		if (!confirmationMatches) {
+			error = 'Passwords do not match';
+			return;
+		}
+
+		if (!password || !passwordConfirmation) {
+			error = 'Password are required';
+			return;
+		}
+
+		const response = await loginService.confirmPasswordReset(token, password, passwordConfirmation);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Confirm password failed:', response.raw ?? response.errorMessage);
+			message = '';
+			return;
+		}
+
+		error = undefined;
+		message = response.data.message;
+		authService.setToken(response.data.token);
+		window.location.href = `${env.PUBLIC_APP_HOST}successful_login?access_token=${token}`;
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Confirm Password</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="signin-form">
+	<div class="signup-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="password">Password</label>
+				<input
+					id="password"
+					type="password"
+					bind:value={password}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+			<div class="field">
+				<label for="passwordConfirmation">Password confirmation</label>
+				<input
+					id="passwordConfirmation"
+					type="password"
+					bind:value={passwordConfirmation}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+		</SectionCard>
+
+		<Button type="submit">Log in</Button>
+
+		{#if error}
+			<div class="error-message">{error}</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.signup-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/login/reset-password/+page.svelte b/apps/web/src/routes/(app)/login/reset-password/+page.svelte
new file mode 100644
index 0000000000..308c4e00d2
--- /dev/null
+++ b/apps/web/src/routes/(app)/login/reset-password/+page.svelte
@@ -0,0 +1,153 @@
+<script lang="ts">
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+
+	let email = $state<string>();
+	let error = $state<string>();
+	let message = $state<string>();
+
+	async function handleSubmit() {
+		if (!email) {
+			error = 'Email is required';
+			return;
+		}
+
+		const response = await loginService.resetPassword(email);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Reset password failed:', response.raw ?? response.errorMessage);
+		} else {
+			error = undefined;
+			message = response.data.message;
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Login</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="signin-form">
+	<div class="signup-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={email} required />
+			</div>
+		</SectionCard>
+
+		<Button type="submit">Send password reset mail</Button>
+
+		<div class="login-link">
+			You rather just create a new account?
+			<a href={routesService.signupPath()}>Sound easier, I guess</a>
+		</div>
+
+		{#if error}
+			<div class="error-message">{error}</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.signup-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.login-link {
+		display: flex;
+		justify-content: center;
+		gap: 4px;
+		font-size: 14px;
+
+		a {
+			text-decoration: underline;
+		}
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/profile/+page.svelte b/apps/web/src/routes/(app)/profile/+page.svelte
index 4046ef458b..219e362291 100644
--- a/apps/web/src/routes/(app)/profile/+page.svelte
+++ b/apps/web/src/routes/(app)/profile/+page.svelte
@@ -232,12 +232,7 @@
 
 <div class="profile-page">
 	<div class="content">
-		{#if !$token}
-			<SectionCard>
-				<h1 class="title">Who this?</h1>
-				<p>Log into your butler account, create one or do whatever you please.</p>
-			</SectionCard>
-		{:else if !$user?.id}
+		{#if !$token || !$user?.id}
 			<p>Loading...</p>
 		{:else}
 			<h1 class="title">My Preferences</h1>
diff --git a/apps/web/src/routes/(app)/profile/finalize/+page.svelte b/apps/web/src/routes/(app)/profile/finalize/+page.svelte
new file mode 100644
index 0000000000..03ac9eefa9
--- /dev/null
+++ b/apps/web/src/routes/(app)/profile/finalize/+page.svelte
@@ -0,0 +1,215 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	const userService = inject(USER_SERVICE);
+	const loginService = inject(LOGIN_SERVICE);
+	const user = userService.user;
+	const isLoggedIn = $derived($user !== undefined);
+	const userEmail = $derived($user?.email);
+	const userLogin = $derived($user?.login);
+	const authService = inject(AUTH_SERVICE);
+	const token = authService.tokenReadable;
+
+	const isFinalized = $derived(isLoggedIn && userEmail && userLogin);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+
+	let agreeToTerms = $state<boolean>(false);
+	let email = $state<string>();
+	let username = $state<string>();
+
+	let error = $state<string>();
+	let message = $state<string>();
+	const effectiveEmail = $derived(email ?? userEmail);
+	const effectiveUsername = $derived(username ?? userLogin);
+	const canSubmit = $derived(agreeToTerms && !!effectiveEmail && !!effectiveUsername);
+
+	async function handleSubmit(event: Event) {
+		event.preventDefault();
+		if (!$token) {
+			// should not happen
+			error = 'You must be logged in to finalize your account.';
+			return;
+		}
+
+		if (!effectiveEmail) {
+			error = 'Email is required.';
+			return;
+		}
+
+		if (!effectiveUsername) {
+			error = 'Username is required.';
+			return;
+		}
+
+		if (!agreeToTerms) {
+			error = 'You must agree to the terms and conditions.';
+			return;
+		}
+
+		const response = await loginService.finalizeAccount($token, effectiveEmail, effectiveUsername);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Finalize account failed:', response.raw ?? response.errorMessage);
+			return;
+		}
+
+		error = undefined;
+		message = response.data.message;
+		await userService.refreshUser();
+	}
+
+	$effect(() => {
+		if (!isLoggedIn) {
+			goto(routesService.loginPath());
+		} else if (isFinalized) {
+			goto(routesService.homePath());
+		}
+	});
+</script>
+
+<svelte:head>
+	<title>GitButler | Login</title>
+</svelte:head>
+
+<form onsubmit={handleSubmit} class="finalize-form">
+	<div class="finalize-form__content">
+		<SectionCard>
+			{#if !userLogin}
+				<div class="field">
+					<label for="username">Username</label>
+					<input id="username" type="text" bind:value={username} required />
+				</div>
+			{/if}
+			{#if !userEmail}
+				<div class="field">
+					<label for="email">Email</label>
+					<input id="email" type="email" bind:value={email} required />
+				</div>
+			{/if}
+		</SectionCard>
+		<div class="terms">
+			<label for="comments" class="text-13">Terms and Conditions Agreement</label>
+			<div class="terms-checkbox">
+				<input
+					id="terms"
+					name="terms"
+					type="checkbox"
+					value={agreeToTerms}
+					onchange={(e) => (agreeToTerms = e.currentTarget.checked)}
+				/>
+				<p class="text-12">
+					I agree to GitButler's
+					<a
+						href="https://app.termly.io/document/terms-and-conditions/7924c71d-80bb-4444-9381-947237b9fc0f"
+						>Terms and Conditions</a
+					>
+					and
+					<a
+						href="https://app.termly.io/document/privacy-policy/a001c8b7-505b-4eab-81e3-fcd1c72bdd79"
+						>Privacy Policy</a
+					>
+				</p>
+			</div>
+		</div>
+
+		<Button style="pop" type="submit" disabled={!canSubmit}>🔥FINISH IT🔥</Button>
+
+		{#if error}
+			<div class="error-message">
+				<span>
+					{error}
+				</span>
+			</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+	</div>
+</form>
+
+<style lang="postcss">
+	.finalize-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.terms {
+		display: flex;
+		flex-direction: column;
+		padding: 4px;
+		gap: 8px;
+	}
+
+	.terms-checkbox {
+		display: flex;
+		align-items: center;
+		gap: 8px;
+		& a {
+			text-decoration: underline;
+		}
+	}
+
+	.error-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/signup/+page.svelte b/apps/web/src/routes/(app)/signup/+page.svelte
new file mode 100644
index 0000000000..d7ae5eb3ed
--- /dev/null
+++ b/apps/web/src/routes/(app)/signup/+page.svelte
@@ -0,0 +1,195 @@
+<script lang="ts">
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import GitHubButton from '$lib/components/login/GitHubButton.svelte';
+	import GoogleButton from '$lib/components/login/GoogleButton.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	let email = $state<string>();
+	let password = $state<string>();
+	let passwordConfirmation = $state<string>();
+	let error = $state<string>();
+	let message = $state<string>();
+
+	const passwordsMatch = $derived(password === passwordConfirmation);
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+
+	async function handleSubmit(event: Event) {
+		event.preventDefault();
+		if (!email || !password || !passwordConfirmation) {
+			error = 'Email and password are required';
+			return;
+		}
+
+		if (!passwordsMatch) {
+			error = 'Passwords do not match';
+			return;
+		}
+
+		const response = await loginService.createAccountWithEmail(
+			email,
+			password,
+			passwordConfirmation
+		);
+
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Login failed:', response.raw ?? response.errorMessage);
+		} else {
+			error = undefined;
+			message = response.data.message;
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Sign Up</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="signin-form">
+	<div class="signup-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={email} required />
+			</div>
+			<div class="field">
+				<label for="password">Password</label>
+				<input
+					id="password"
+					type="password"
+					bind:value={password}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+			<div class="field">
+				<label for="passwordConfirmation">Password confirmation</label>
+				<input
+					id="passwordConfirmation"
+					type="password"
+					bind:value={passwordConfirmation}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+		</SectionCard>
+
+		<Button type="submit">Create account</Button>
+
+		<div class="login-link">
+			Already have an account?
+			<a href={routesService.loginPath()}>Log in</a>
+		</div>
+
+		{#if error}
+			<div class="error-message">{error}</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+
+		<SectionCard>
+			<GitHubButton />
+			<GoogleButton />
+		</SectionCard>
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.signup-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.login-link {
+		display: flex;
+		justify-content: center;
+		gap: 4px;
+		font-size: 14px;
+
+		a {
+			text-decoration: underline;
+		}
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte b/apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte
new file mode 100644
index 0000000000..bed40afabb
--- /dev/null
+++ b/apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte
@@ -0,0 +1,175 @@
+<script lang="ts">
+	import { page } from '$app/state';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	let error = $state<string>();
+	let notice = $state<string>();
+
+	const loginService = inject(LOGIN_SERVICE);
+
+	const email = $derived(page.url.searchParams.get('email'));
+	const messageCode = $derived(page.url.searchParams.get('message_code'));
+	const banner = $derived(
+		messageCode === 'invalid_or_expired_token'
+			? 'It seems that your confirmation token is invalid or has expired. Please try resending the confirmation email.'
+			: undefined
+	);
+
+	let inputEmail = $state<string>();
+
+	const emailToSendTo = $derived(inputEmail ?? email ?? undefined);
+
+	async function resendConfirmationEmail() {
+		if (!emailToSendTo) {
+			error = 'Please enter your email to resend the confirmation email.';
+			return;
+		}
+		const response = await loginService.resendConfirmationEmail(emailToSendTo);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Failed to resend confirmation email:', response.raw ?? response.errorMessage);
+		} else {
+			notice = 'Confirmation email resent. Please check your inbox.';
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Sign Up</title>
+</svelte:head>
+
+{#if banner}
+	<div class="banner">
+		<span>{banner}</span>
+	</div>
+{/if}
+
+<div class="resend-confirmation-email">
+	<SectionCard>
+		<h1 class="title">Resend Confirmation Email</h1>
+		{#if email}
+			<p>
+				We will send a confirmation email to <strong>{email}</strong>.
+			</p>
+		{:else}
+			<p>Please provide your email address to resend the confirmation email.</p>
+
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={inputEmail} required />
+			</div>
+		{/if}
+
+		<Button style="pop" disabled={!emailToSendTo} onclick={resendConfirmationEmail}
+			>Resend Confirmation Email</Button
+		>
+
+		{#if error}
+			<div class="error-message">
+				<span>
+					{error}
+				</span>
+			</div>
+		{/if}
+
+		{#if notice}
+			<div class="notice-message">
+				<span>
+					{notice}
+				</span>
+			</div>
+		{/if}
+	</SectionCard>
+</div>
+
+<style lang="postcss">
+	.banner {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		max-width: 400px;
+		margin: 0 auto;
+		margin-bottom: 16px;
+		padding: 16px;
+		border: var(--clr-scale-err-60) 1px solid;
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.resend-confirmation-email {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: 0 auto;
+		gap: 16px;
+	}
+
+	.title {
+		align-self: flex-start;
+		color: var(--clr-scale-ntrl-0);
+		font-weight: 600;
+		font-size: 24px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.notice-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-succ-10);
+		font-size: 14px;
+	}
+</style>
diff --git a/apps/web/src/routes/(home)/components/Header.svelte b/apps/web/src/routes/(home)/components/Header.svelte
index eaf8c07efc..5603bfae82 100644
--- a/apps/web/src/routes/(home)/components/Header.svelte
+++ b/apps/web/src/routes/(home)/components/Header.svelte
@@ -4,8 +4,8 @@
 	import * as jsonLinks from '$home/data/links.json';
 	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import { inject } from '@gitbutler/shared/context';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { fly } from 'svelte/transition';
-	import { env } from '$env/dynamic/public';
 
 	let isMobileMenuOpen = $state(false);
 
@@ -14,6 +14,7 @@
 	}
 
 	const authService = inject(AUTH_SERVICE);
+	const routes = inject(WEB_ROUTES_SERVICE);
 	let token = $derived(authService.tokenReadable);
 </script>
 
@@ -115,11 +116,7 @@
 			{#if $token}
 				<HeaderLink label="My Dashboard" href="/" icon="dashboard" />
 			{:else}
-				<HeaderLink
-					label="Sign up / Log in"
-					href={`${env.PUBLIC_APP_HOST}cloud/login?callback=${window.location.href}`}
-					icon="login"
-				/>
+				<HeaderLink label="Sign up / Log in" href={routes.loginPath()} icon="login" />
 			{/if}
 		</section>
 	</nav>
@@ -171,11 +168,7 @@
 					{#if $token}
 						<HeaderMobileLink label="My Dashboard" href="/" icon="dashboard" />
 					{:else}
-						<HeaderMobileLink
-							label="Sign up / Log in"
-							href={`${env.PUBLIC_APP_HOST}cloud/login?callback=${window.location.href}`}
-							icon="login"
-						/>
+						<HeaderMobileLink label="Sign up / Log in" href={routes.loginPath()} icon="login" />
 					{/if}
 				</section>
 			</nav>
diff --git a/apps/web/src/routes/+layout.svelte b/apps/web/src/routes/+layout.svelte
index 9c38201fe9..73713963b9 100644
--- a/apps/web/src/routes/+layout.svelte
+++ b/apps/web/src/routes/+layout.svelte
@@ -15,7 +15,6 @@
 	import { provide } from '@gitbutler/shared/context';
 	import { WebRoutesService, WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { type Snippet } from 'svelte';
-	import { get } from 'svelte/store';
 	import '$lib/styles/global.css';
 
 	interface Props {
@@ -30,17 +29,17 @@
 	const authService = new AuthService();
 	provide(AUTH_SERVICE, authService);
 
-	let token = $state<string | null>();
+	const persistedToken = authService.token;
 
 	$effect(() => {
-		token = get(authService.tokenReadable) || page.url.searchParams.get('gb_access_token');
-		if (token) {
-			authService.setToken(token);
-
-			if (page.url.searchParams.has('gb_access_token')) {
-				page.url.searchParams.delete('gb_access_token');
-				goto(`?${page.url.searchParams.toString()}`);
+		if (page.url.searchParams.has('gb_access_token')) {
+			const token = page.url.searchParams.get('gb_access_token');
+			if (token && token !== persistedToken.current) {
+				authService.setToken(token);
 			}
+
+			page.url.searchParams.delete('gb_access_token');
+			goto(`?${page.url.searchParams.toString()}`);
 		}
 	});
 
@@ -49,7 +48,7 @@
 			window.location.href = jsonLinks.legal.privacyPolicy.url;
 		}
 
-		if (!token && page.route.id === '/(app)/home') {
+		if (!persistedToken.current && page.route.id === '/(app)/home') {
 			goto('/');
 		}
 	});
@@ -69,7 +68,7 @@
 	{/if}
 </svelte:head>
 
-{#if (page.route.id === '/(app)' && !token) || page.route.id === '/(app)/home'}
+{#if (page.route.id === '/(app)' && !persistedToken.current) || page.route.id === '/(app)/home'}
 	<section class="marketing-page">
 		<Header />
 		<Hero />