1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
// maybe motif instead of thread?
// Email Address validation example
thread = start_thread(EmailAddressValidation, "b@g.com");
thread = advance_thread(AddressValidation, token, code);
session = complete_thread(thread.id);
// Sms validation example
thread = start_thread(SmsAddressValidation, "12133447460");
thread = advance_thread(SmsAddressValidation, token, code);
// New passphrase
credential = create_credential(Passphrase, "b@g.com", "p4ssw0rd");
thread = start_thread(Passphrase, "b@g.com", "p4ssw0rd");
session = complete_thread(thread.id);
// New Totp
credential = create_credential(Totp);
thread = start_thread(Totp, code);
session = complete_thread(thread.id);
// New OneTimeCodes
credential = create_credential(OneTimeCode);
thread = start_thread(OneTimeCodes, code);
session = complete_thread(thread.id);
// MFA example which requires totp after email
thread = start_thread(Passphrase, "b@g.com", "p4ssw0rd");
Thread { Proof: { credential: [totp] } }
thread = advance_thread(Totp, code);
session = complete_thread(thread.id);
// REST entities
Identity
Credential
Address
Motif
Session
// example
POST /api/auth/email-validation
motif = start_motif(EmailAddress, "b@g.com", None)
--> an email has been sent with this motif.id + code and stuff
user clicks on email
GET /api/auth/email-validation/complete?motif_id=1234
session = complete_thread(motif_id)
under the hood, it looks up the thread_id, sees that it belongs to an email validation, validates the email, creates a new identity if it's not already attached, creates a session and returns that session.
GET /oidc/provider?state=123444 -- state validated by client
POST /api/auth/oidc { data ... }
motif = start_motif(Oidc, access_token, data)
session = complete_motif(motif.id)
|
