Security:4 Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer

app/Http/Controllers/OtpController.php

@@ -107,8 +107,15 @@ class OtpController extends Controller
 
         // TODO: Send SMS/WhatsApp via external provider
 
+        // Check if passenger exists to allow immediate login (V1 style)
+        $passenger = DB::connection('primary')->table('passengers')
+            ->where('phone', $phone)
+            ->first();
+
         return $this->success([
-            'message' => 'OTP sent successfully',
+            'message' => 'OTP process initiated',
+            'isRegistered' => !is_null($passenger),
+            'passenger' => $passenger,
             'expires_at' => $expiration->toIso8601String(),
         ]);
     }