Pluggable Verification
Step 1: Authentication Initiation
The UI starts the authentication process by calling:
POST /verification-srv/authentiaction/:method/initiation
Request payload includes:
requestid: Unique request identifieridentifier: User identifier (email, phone, etc.)verification_challenge: Contains challenge data likechallengeid
Response provides:
exchange_id: Session management object with expirationsub: Masked subject identifier for the userstatus_id: Used to track verification statusserver_challenge: Contains redirect URI for next steps
Step 2 & 3: External Service Integration
The verification service makes a backend call to an external SPI (Service Provider Interface):
POST /external-srv/verify/
Key process:
- Uses
client_idfromVerification_VerificationSettingto create and cache a token - Calls the configured SPI endpoint with verification data
Request includes:
status_id: Links back to the original requestidentifier: User identifierrequestId: Original request IDsub: Subject identifierverification_challenge: Challenge data (flexible structure)
Response (202 Accepted):
redirect_uri: Where to redirect the usermessage: Status message
Step 4 & 5: Status Update
Updates the verification status once authentication is complete:
PUT /verification-srv/verificationstatus/:status_id
Request:
status: Set to "AUTHENTICATED" upon successdeviceInformation: Optional device metadata
Architecture Pattern
This implements an asynchronous polling pattern where:
- UI initiates the process
- Backend orchestrates with external services
- UI polls for status updates using the
status_id - External service updates status when verification completes
This design allows for flexible authentication methods (magic links, SMS, email verification, etc.) while maintaining a consistent API interface and reusing existing verification infrastructure.