| TC-AUTH-001 | Login with valid credentials | Positive | Critical | User logs in successfully | Screenshot or API 200 response | Not Run |
| TC-AUTH-002 | Login with invalid password | Negative | Critical | Login is rejected | Screenshot or API 401/422 response | Not Run |
| TC-AUTH-003 | Access protected endpoint without token | Negative | Critical | API returns unauthorized response | API response evidence | Not Run |
| TC-AUTH-004 | Logout current device | Positive | High | Token/session is invalidated | Screenshot or API response | Not Run |
| TC-AUTH-005 | Logout from all devices | Positive | Medium | All sessions are invalidated where supported | API response and retest login state | Not Run |
| TC-AUTH-006 | Rate limit login attempts where configured | Security | High | Excess attempts are blocked or throttled | API response or log evidence | Not Run |