sequenceDiagram
participant B as Browser (Angular)
participant BFF as ASP.NET Core BFF
participant A as Auth0
participant R as Redis
B->>BFF: GET /api/workflow/resume
Note over BFF: Bearer token validated
BFF->>A: GET /userinfo (validate opaque token)
A->>BFF: {sub: "auth0|abc123"}
BFF->>R: GET workflow:{userId}
R->>BFF: <encrypted blob>
BFF->>BFF: AES-256-GCM decrypt(blob)
BFF->>B: {exists: true, data: {PII + banking}}
Note over B: Display in form, never store in NgRx