setup_sequence.txt (1553B)
1 sequenceDiagram 2 participant Client 3 participant KyCH OAuth2 Gateway 4 participant KyCH OAuth2 Gateway DB 5 6 Client ->> KyCH OAuth2 Gateway: POST /setup/{client_id}\nAuthorization: Bearer {client_secret} 7 8 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway DB: SELECT secret_hash FROM clients\nWHERE client_id = $1 9 10 alt Client not found 11 KyCH OAuth2 Gateway DB -->> KyCH OAuth2 Gateway: 0 rows 12 KyCH OAuth2 Gateway -->> Client: 401 UNAUTHORIZED\n{error: "unauthorized"} 13 else Client found 14 KyCH OAuth2 Gateway DB -->> KyCH OAuth2 Gateway: secret_hash 15 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway: bcrypt_verify(bearer_token, secret_hash) 16 17 alt Invalid secret 18 KyCH OAuth2 Gateway -->> Client: 401 UNAUTHORIZED\n{error: "unauthorized"} 19 else Valid secret 20 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway: generate_nonce()\n(256-bit CSPRNG) 21 22 KyCH OAuth2 Gateway ->> KyCH OAuth2 Gateway DB: INSERT INTO verification_sessions\n(client_id, nonce, expires_at)\nSELECT c.id, $1, NOW() + INTERVAL '15 minutes'\nFROM clients c WHERE c.client_id = $2\nRETURNING id, nonce, expires_at 23 24 alt DB error 25 KyCH OAuth2 Gateway DB -->> KyCH OAuth2 Gateway: Error 26 KyCH OAuth2 Gateway -->> Client: 500 INTERNAL SERVER ERROR 27 else Success 28 KyCH OAuth2 Gateway DB -->> KyCH OAuth2 Gateway: session {id, nonce, expires_at} 29 KyCH OAuth2 Gateway -->> Client: 200 OK {nonce} 30 end 31 end 32 end