Version: 1.0

Authentication Action API

This API allows users to take action on the list of suggested verification methods during the authentication flow.

Use Case: When a user logs in and the system suggests additional verification methods (like TOTP, SMS, etc.), this API allows the user to:

• SKIP the suggestions temporarily (they'll be asked again later)
• DONOTSHOWAGAIN to permanently dismiss the suggestions (until admin changes are made)

Integration Flow:

1. User initiates login and receives a prevalidation response with validationType: suggest_verification_methods
2. The prevalidation response includes a track_id and a list of suggested verification methods
3. Your application displays the suggestions to the user
4. User makes a decision (SKIP or DONOTSHOWAGAIN)
5. Call this API with the track_id and the user's decision
6. The preference is stored and will be respected in future login attempts

Security:

• Track IDs expire after 1 hour
• User's subject identifier (sub) is removed from responses
• Track IDs are validated and sanitized

Authentication

OAuth 2.0: OAuth2

Security Scheme Type:	oauth2
OAuth Flow (implicit):	Authorization URL: https://domain/authz-srv/authz Scopes: openid: openid scope to generate an id_token profile: openid scope profile to have access to user profile
OAuth Flow (clientCredentials):	Token URL: https://domain/token-srv/token Scopes: openid: openid scope to generate an id_token profile: openid scope profile to have access to user profile
OAuth Flow (authorizationCode):	Token URL: https://domain/token-srv/token Authorization URL: https://domain/authz-srv/authz Refresh URL: https://domain/token-srv/token Scopes: openid: openid scope to generate an id_token profile: openid scope profile to have access to user profile

Contact

cidaas support: [email protected]

URL: https://support.cidaas.com

Terms of Service

https://www.cidaas.com/terms-of-use/