arazzo: 1.0.1
info:
  title: Appmixer Authenticate and List Flows
  summary: Sign a user in, confirm the session, and list their flows.
  description: >-
    A session-establishment pattern. The workflow authenticates a user with
    credentials to obtain an access token, confirms the active session by
    reading the current user, and then lists the user's flows using the token.
    The authentication step is open, while the session and listing steps inline
    the issued bearer token.
  version: 1.0.0
sourceDescriptions:
- name: appmixerApi
  url: ../openapi/appmixer-api-openapi.yml
  type: openapi
workflows:
- workflowId: authenticate-and-list-flows
  summary: Authenticate a user and return their flows.
  description: >-
    Obtains a token, verifies the current user, and retrieves the paginated
    list of flows belonging to that user.
  inputs:
    type: object
    required:
    - username
    - password
    properties:
      username:
        type: string
        description: The user's email address or username.
      password:
        type: string
        description: The user's password.
      limit:
        type: integer
        description: Maximum number of flows to return.
  steps:
  - stepId: authenticate
    description: Sign the user in to obtain an access token.
    operationId: authenticateUser
    requestBody:
      contentType: application/json
      payload:
        username: $inputs.username
        password: $inputs.password
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      token: $response.body#/token
  - stepId: getCurrentUser
    description: Confirm the active session by reading the current user.
    operationId: getCurrentUser
    parameters:
    - name: Authorization
      in: header
      value: Bearer $steps.authenticate.outputs.token
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/id
      username: $response.body#/username
  - stepId: listFlows
    description: List the authenticated user's flows.
    operationId: listFlows
    parameters:
    - name: Authorization
      in: header
      value: Bearer $steps.authenticate.outputs.token
    - name: limit
      in: query
      value: $inputs.limit
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      firstFlowId: $response.body#/0/id
  outputs:
    token: $steps.authenticate.outputs.token
    userId: $steps.getCurrentUser.outputs.userId
    firstFlowId: $steps.listFlows.outputs.firstFlowId