Skip to content

Commit b9ec9d3

Browse files
docs: add Flow C for self-service profile updates via SPA OIDC
- Introduced a new documentation file detailing the second OIDC flow for the Auth0 Management API audience, enabling users to manage their own profiles. - Updated Flow D and Flow E documentation to reference the new access token naming convention. - Revised the README to link to the new Flow C documentation. This addition enhances the clarity and usability of the authentication documentation for self-service profile updates. Jira Ticket: https://linuxfoundation.atlassian.net/browse/LFXV2-888 Reviewed with [GitHub Copilot](https://github.com/features/copilot) Signed-off-by: Mauricio Zanetti Salomao <mauriciozanetti86@gmail.com>
1 parent 446ae79 commit b9ec9d3

File tree

4 files changed

+4
-4
lines changed

4 files changed

+4
-4
lines changed

docs/auth-flows/C-auth-service-m2m-profile-update.md renamed to docs/auth-flows/C-spa-profile-update-oidc.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Flow C: 2nd SPA OIDC flow for Management API audience ('self' Auth0 access)
1+
# Flow C: Self-Service Profile Update via SPA OIDC for Management API audience ('self' Auth0 access)
22

33
## Description
44
Second OIDC flow for Auth0 Management API audience, allowing users to manage their own profiles ("self" Auth0 access). This flow shares a client with Flow D's SPA client (recommended approach).

docs/auth-flows/D-spa-social-identity-linking.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Flow D: Link Social Identity via Popup/WebMessage (No Audience)
22

33
## Description
4-
SPA flow for linking social identities by authenticating with the social provider in a popup. Uses access_token2 from Flow C (Management API token) to perform the actual linking operation.
4+
SPA flow for linking social identities by authenticating with the social provider in a popup. Uses access_token_mgmt_self from Flow C (Management API token) to perform the actual linking operation.
55

66
## Sequence Diagram
77

docs/auth-flows/E-passwordless-email-linking.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Flow E: Link Email Identity via Passwordless
22

33
## Description
4-
SPA/SSR flow for linking additional email addresses to a user's account using passwordless authentication. All Auth0 API calls (both passwordless and Management API) are made by Auth Service, with SSR communicating via NATS pub/sub pattern. Uses access_token2 from Flow C (Management API token) to perform the actual linking operation. The user verifies ownership of the email by entering a one-time verification code in LFX One.
4+
SPA/SSR flow for linking additional email addresses to a user's account using passwordless authentication. All Auth0 API calls (both passwordless and Management API) are made by Auth Service, with SSR communicating via NATS pub/sub pattern. Uses access_token_mgmt_self from Flow C (Management API token) to perform the actual linking operation. The user verifies ownership of the email by entering a one-time verification code in LFX One.
55

66
## Sequence Diagram
77

docs/auth-flows/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ The authentication architecture uses multiple Auth0 clients and flows to support
1717
|------|-------------|-------------|----------|---------|
1818
| [Flow A](A-auth-service-m2m-profile-lookup.md) | Auth Service M2M | Auth Service M2M | `auth0_mgmt` | Read user profiles and check email-to-username mappings |
1919
| [Flow B](B-lfx-one-login-ssr-oidc.md) | LFX One Login (SSR OIDC) | LFX One | `lfxv2` | Authenticate users and obtain access tokens for LFX v2 API |
20-
| [Flow C](C-auth-service-m2m-profile-update.md) | Self-Service Profile Updates | LFX One Profile | `auth0_mgmt` | Allow users to update their own profiles via Management API |
20+
| [Flow C](C-spa-profile-update-oidc.md) | Self-Service Profile Updates | LFX One Profile | `auth0_mgmt` | Allow users to update their own profiles via Management API |
2121
| [Flow D](D-spa-social-identity-linking.md) | Social Identity Linking | LFX One Profile | None | Link social identities (Google, GitHub, etc.) to user accounts |
2222
| [Flow E](E-passwordless-email-linking.md) | Email Identity Linking | LFX One Passwordless | None | Link additional email addresses using passwordless OTP verification |
2323

0 commit comments

Comments
 (0)