{
  "_comment_negative_example": "sessionId is NOT a UUID (uses opaque string instead). Validator MUST reject because $ref _common/Identifier enforces UUID pattern (R10).",
  "sessionId":   "not-a-uuid-at-all",
  "redirectUrl": "https://example.com/session",
  "expiresAt":   "2026-06-01T20:00:00Z"
}