User Authentication Flow
This authentication flow is for interactive users. If you're using a service account, use Bearer authentication with the token.
- Client sends an init request. This can be either:
AuthStep::Init
which just includes the username, orAuthStep::Init2
which can request a "privileged" session
- The server responds with a list of authentication methods.
(
AuthState::Choose(Vec<AuthAllowed>)
) - Client requests auth with a method (
AuthStep::Begin(AuthMech)
) - Server responds with an acknowledgement (
AuthState::Continue(Vec<AuthAllowed>)
). This is so the challenge can be included in the response, for Passkeys or other challenge-response methods.- If required, this challenge/response continues in a loop until the requirements are satisfied. For example, TOTP and then Password.
- The result is returned, either:
- Success, with the User Auth Token as a
String
. - Denied, with a reason as a
String
.
- Success, with the User Auth Token as a