diff --git a/api/package-lock.json b/api/package-lock.json
index 2152930..fc9a63c 100644
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -26,18 +26,11 @@
         "@types/express": "^5.0.3",
         "@types/morgan": "^1.9.10",
         "@types/node": "^24.8.1",
-        "tsc-alias": "^1.8.16",
         "cross-env": "^10.1.0",
+        "tsc-alias": "^1.8.16",
         "typescript": "^5.9.3"
       }
     },
-    "node_modules/@epic-web/invariant": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@epic-web/invariant/-/invariant-1.0.0.tgz",
-      "integrity": "sha512-lrTPqgvfFQtR/eY/qkIzp98OGdNJu0m5ji3q/nJI8v3SXkRKEnWiOxMmbvcSoAIzv/cGiuvRy57k4suKQSAdwA==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@apm-js-collab/code-transformer": {
       "version": "0.8.2",
       "resolved": "https://registry.npmjs.org/@apm-js-collab/code-transformer/-/code-transformer-0.8.2.tgz",
@@ -55,6 +48,13 @@
         "module-details-from-path": "^1.0.4"
       }
     },
+    "node_modules/@epic-web/invariant": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@epic-web/invariant/-/invariant-1.0.0.tgz",
+      "integrity": "sha512-lrTPqgvfFQtR/eY/qkIzp98OGdNJu0m5ji3q/nJI8v3SXkRKEnWiOxMmbvcSoAIzv/cGiuvRy57k4suKQSAdwA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@gar/promisify": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz",
diff --git a/api/src/routes/auth.ts b/api/src/routes/auth.ts
index 001a200..675c049 100644
--- a/api/src/routes/auth.ts
+++ b/api/src/routes/auth.ts
@@ -20,6 +20,18 @@ function parseJwt(token) {
     return JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
 }
 
+const devLogin = (req: any, res: any, next: any) => {
+    // The object here must match what your 'verify' function returns: { memberId }
+    const devUser = { memberId: 1 }; // Hardcoded ID
+
+    req.logIn(devUser, (err: any) => {
+        if (err) return next(err);
+        const redirectTo = req.session.redirectTo || process.env.CLIENT_URL;
+        delete req.session.redirectTo;
+        return res.redirect(redirectTo);
+    });
+};
+
 passport.use(new OpenIDConnectStrategy({
     issuer: process.env.AUTH_ISSUER,
     authorizationURL: process.env.AUTH_DOMAIN + '/authorize/',
@@ -128,6 +140,10 @@ router.get('/login', (req, res, next) => {
     // Store redirect target in session if provided
     req.session.redirectTo = req.query.redirect;
 
+    if (process.env.AUTH_MODE === 'mock') {
+        return devLogin(req, res, next);
+    }
+
     next();
 }, passport.authenticate('openidconnect'));