feat(docs): add first version of sign-in ux docs page (#1528)

* feat(docs): add first version of sign-in ux docs page

* Add initial sign-in UX documentation page

* fix(docs): fix formatting

Author: franzheidl

.changeset/stale-onions-know.md

@@ -0,0 +1,5 @@
+---
+
+---
+
+feat(docs): add first version of sign-in ux docs page

docs/ux/0_contents.md

@@ -25,7 +25,7 @@
 4. [UX Patterns](ux-patterns-md)
    1. Page And User Flow
    2. Authentication And Access
-      1. Sign In
+      1. [Sign In](sign-in.md)
       2. [UI For Unauthorized Users](ui-for-unauthorized-users.md)
    3. Displaying and Interacting With Data
    4. Wizard Pattern

docs/ux/sign-in.md

@@ -0,0 +1,20 @@
+[← Back to Contents Overview](0_contents.md)
+
+# Sign-In
+
+> [!NOTE]  
+> The below mentioned sign-in form templates have not yet been implemented and are not yet available.
+
+There is a dedicated `SignInForm`component to be used when implementing sign-in forms and pages.
+
+Always use a dedicated sign-in page, do not use modals to display sign-in forms.
+
+There are several designs for sign-in pages which can be found as re-usable templates in storybook.
+
+## Sign-In Form Validation
+
+## Failed Sign-In
+
+When signing-in a user failed, the respective messaging should **never** give away any exact information about the failed sign-in that would give an attacker information they did not have before. For example, the messaging must not state whether an account exists with the user name or email that was attempted to sign in with.
+
+The same goes for when a user tried to reset a password: The message should never state whether an account for the email or user name the password was attempted to reset for actually exists or not.