Instead of having the profile persist on the client, have the server
fetch it every time it sets up the auth state. This is then sent to the
client. This prevents the "flash of unauthenticated content" that can
happen due to the server previously not knowing the user's profile.