authorize_sequence.txt (2834B)
1 sequenceDiagram 2 participant Client 3 participant KyCH OAuth2 Gateway 4 participant KyCH OAuth2 Gateway DB 5 participant Swiyu Verifier 6 7 Client ->> KyCH OAuth2 Gateway: GET /authorize/{nonce}?\nresponse_type=code&\nclient_id={client_id}&\nredirect_uri={redirect_uri}&\nstate={state}&\nscope={scope} 8 9 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway: Validate parameters:\n- response_type == 'code' 10 11 alt Invalid parameters 12 KyCH OAuth2 Gateway -->> Client: 400 BAD REQUEST\n{error: 'invalid_request'} 13 else Valid parameters 14 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway DB: SELECT s.id, s.status, s.expires_at,\ns.scope, s.verification_url, s.request_id,\ns.verification_deeplink, c.verifier_url,\nc.verifier_management_api_path,\nc.allowed_redirect_uris, c.accepted_issuer_dids\nFROM verification_sessions s\nJOIN clients c ON s.client_id = c.id\nWHERE s.nonce = $1 AND c.client_id = $2 15 16 KyCH OAuth2 Gateway DB -->> KyCH OAuth2 Gateway: Query result 17 end 18 19 alt Session not found 20 KyCH OAuth2 Gateway -->> Client: 404 NOT FOUND\n{error: 'session_not_found'} 21 else Invalid redirect_uri 22 KyCH OAuth2 Gateway -->> Client: 400 BAD REQUEST\n{error: 'invalid_redirect_uri'} 23 else Session expired 24 KyCH OAuth2 Gateway -->> Client: 410 GONE\n{error: 'session_expired'} 25 else Session not pending (already processed) 26 KyCH OAuth2 Gateway -->> Client: 409 CONFLICT\n{error: 'invalid_session_status'} 27 else Session already authorized (idempotent) 28 KyCH OAuth2 Gateway -->> Client: 200 OK\n{verification_id, verification_url,\nverification_deeplink, state} 29 else Session valid and pending - proceed 30 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway: Validate scope against allowed_scopes\nbuild_presentation_definition(scope) 31 32 KyCH OAuth2 Gateway ->> Swiyu Verifier: POST /management/api/verifications\n{presentation_definition, response_mode,\naccepted_issuer_dids, ...} 33 Swiyu Verifier -->> KyCH OAuth2 Gateway: Response 34 35 alt Verifier error 36 KyCH OAuth2 Gateway -->> Client: 502 BAD GATEWAY\n{error: 'verifier_error'} 37 else Success 38 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway DB: UPDATE verification_sessions\nSET verification_url = $1, request_id = $2,\nverification_deeplink = $3, status = 'authorized',\nauthorized_at = NOW(), scope = $4,\nredirect_uri = $5, state = $6\nWHERE id = $7\nRETURNING verification_url, request_id 39 40 alt DB error 41 KyCH OAuth2 Gateway -->> Client: 500 INTERNAL SERVER ERROR 42 else Success 43 KyCH OAuth2 Gateway DB -->> KyCH OAuth2 Gateway: Updated session 44 KyCH OAuth2 Gateway -->> Client: 200 OK\n{verification_id, verification_url,\nverification_deeplink, state} 45 end 46 end 47 end