C#
C#

help

Root Question Message

Duke
Duke8/25/2022
Handling a multi step api flow [Answered]

Hi, I'm trying to build a login flow, I have a wireframe below but having some issues with designing the api around it. Would anyone be able to point me into the right direction?
https://i.gyazo.com/4027f64e12f4ee37351136a5c5289701.png
Duke
Duke8/25/2022
I don't understand how to have some endpoints that create "steps" in the flow. I would want to have the following steps
1. Enter identifier (email, oidc connection)
2. Enter password or login through alternative methods
3. Enter 2fa code if configured
Angius
Angius8/25/2022
I'd say 2 API endpoints
Angius
Angius8/25/2022
1 that takes email and password, another that takes MFA token
Duke
Duke8/25/2022
What about the oidc connections
Angius
Angius8/25/2022
Ah, right, that'd probably be 3rd
Duke
Duke8/25/2022
so
/auth/login/email
/auth/login/oidc
/auth/login/mfa
Angius
Angius8/25/2022
Something like that, yeah
Duke
Duke8/25/2022
Hmm okay
Duke
Duke8/25/2022
Now if the user requires 2fa, should I give them a session but have a property on that session indicating if they've completed 2fa?
Angius
Angius8/25/2022
Not sure about that. I use SignInManager from Identity, and it seems to handle it for me lol
Duke
Duke8/25/2022
That does simplify the flow a lot, I wouldn't have to store flow state on the server
Angius
Angius8/25/2022
var result = await _signInManager.PasswordSignInAsync(Input.Name, Input.Password, Input.RememberMe, true);

if (result.RequiresTwoFactor)
{
    // requires MFA
}

and if MFA is required,
var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(authenticatorCode, rememberMe, Input.RememberMachine);

is how I have it set up
Angius
Angius8/25/2022
Not sure what it does behind the scenes, but probably does store something temporarily in the session or something
Duke
Duke8/25/2022
yeah I assume this is mvc?
Angius
Angius8/25/2022
Razor Pages, but it should be the same for MVC or an API
Duke
Duke8/25/2022
I have an SPA
Angius
Angius8/25/2022
SignInManager is UI-agnostic
Duke
Duke8/25/2022
hmm okay
Duke
Duke8/25/2022
I'll go with the session route
Duke
Duke8/25/2022
Thanks for your time
ContactFrequently Asked QuestionsJoin The DiscordBugs & Feature RequestsTerms & Privacy