How's this flow?
1. User enters email
2. Server silently calls createAccount on your PDS
3. DID provisioned, session token issued (all server-side)
4. User lands in the app and can write immediately
5. Send email: "you're signed in as @handle — tap to claim or edit your identity"