1 files changed, 54 insertions, 0 deletions

diff --git a/crates/secd/README.md b/crates/secd/README.md
new file mode 100644
index 0000000..5786d0c
--- /dev/null
+++ b/crates/secd/README.md
@@ -0,0 +1,54 @@
+// maybe motif instead of thread?
+
+// Email Address validation example
+thread = start_thread(EmailAddressValidation, "b@g.com");
+thread = advance_thread(AddressValidation, token, code);
+session = complete_thread(thread.id);
+
+// Sms validation example
+thread = start_thread(SmsAddressValidation, "12133447460");
+thread = advance_thread(SmsAddressValidation, token, code);
+
+// New passphrase
+credential = create_credential(Passphrase, "b@g.com", "p4ssw0rd");
+thread = start_thread(Passphrase, "b@g.com", "p4ssw0rd");
+session = complete_thread(thread.id);
+
+// New Totp
+credential = create_credential(Totp);
+thread = start_thread(Totp, code);
+session = complete_thread(thread.id);
+
+// New OneTimeCodes
+credential = create_credential(OneTimeCode);
+thread = start_thread(OneTimeCodes, code);
+session = complete_thread(thread.id);
+
+// MFA example which requires totp after email
+thread = start_thread(Passphrase, "b@g.com", "p4ssw0rd");
+Thread { Proof: { credential: [totp] } }
+thread = advance_thread(Totp, code);
+session = complete_thread(thread.id);
+
+
+// REST entities
+Identity
+Credential
+Address
+Motif
+Session
+
+// example
+POST /api/auth/email-validation
+motif = start_motif(EmailAddress, "b@g.com", None)
+--> an email has been sent with this motif.id + code and stuff
+user clicks on email
+GET /api/auth/email-validation/complete?motif_id=1234
+session = complete_thread(motif_id)
+
+under the hood, it looks up the thread_id, sees that it belongs to an email validation, validates the email, creates a new identity if it's not already attached, creates a session and returns that session.
+
+GET /oidc/provider?state=123444 -- state validated by client
+POST /api/auth/oidc { data ... }
+motif = start_motif(Oidc, access_token, data)
+session = complete_motif(motif.id)