Authentication flow

The authentication flow for the PSI system consists of two parts: registration and authentication

Registration flow

sequenceDiagram
    participant User as User
    participant WebApp as Authorization Frontend
    participant AuthServer as Authorization Server
    participant DB as Database
    participant EmailService as Email Service

    User->>WebApp: Open Registration Page
    WebApp->>User: Display Registration Form
    User->>WebApp: Submit Registration Data (e.g., email, password)
    WebApp->>AuthServer: Validate and Create User (email, password)
    AuthServer->>DB: Store User Details
    DB-->>AuthServer: Confirmation of Storage
    AuthServer->>EmailService: Send Verification Email with One-Time Code
    EmailService-->>User: Email with Verification Code
    User->>WebApp: Submit Verification Code
    WebApp->>AuthServer: Validate Verification Code
    AuthServer->>DB: Update User as Verified
    DB-->>AuthServer: Confirmation of Update
    AuthServer-->>WebApp: Verification Success Response
    WebApp-->>User: Registration Complete Message

Authentication flow

    sequenceDiagram
    participant User
    participant PSI_Frontend as PSI Frontend
    participant AuthorizationServer as Authorization Server
    participant PSI_Backend as PSI Backend

    User->>PSI_Frontend: Open app/login
    PSI_Frontend->>AuthorizationServer: Authorization request (user_id, redirect_uri, scope, state, response_type=token+id_token)
    AuthorizationServer->>User: Authentication prompt
    User->>AuthorizationServer: Provide credentials
    AuthorizationServer->>PSI_Frontend: Redirect with access token & ID token (in URL fragment)
    PSI_Frontend->>PSI_Backend: API request (access token)
    PSI_Backend->>PSI_Frontend: Resource data
    PSI_Frontend->>User: Displays requested resource