Sure, think of the login as a tree where each node is a state and each branch is an event. Start with three nodes: Idle, Authenticating, and Error. **Idle** - event `submit(credentials)` → go to Authenticating - event `cancel` → stay Idle **Authenticating** - event `success(token)` → go to Idle (or Home) - event `failure(reason)` → go to Error **Error** - event `retry` → back to Idle - event `forgotPassword` → trigger reset flow Use an enum for states and a map of current state → allowed events → next state. Keep each transition in a pure function so you can unit‑test it in isolation. For validation, regex is handy: ``` emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/ ``` Check the credentials against that before firing `submit`. This keeps the flow deterministic, testable, and you can swap out the underlying auth service without touching the state machine logic. If you hit a bug, just break the tree at the offending node and run the unit test again.