arazzo: 1.0.1
info:
  title: Stytch B2B Discovery Intermediate Session Exchange
  summary: Authenticate a discovery magic link, list discovered organizations, then exchange into one.
  description: >-
    An organization-selection login flow for B2B apps where the member already
    belongs to one or more tenants. The workflow authenticates a discovery email
    magic link to obtain an intermediate session and the list of organizations
    the email is a member of, then exchanges that intermediate session into a
    chosen organization to produce a full member session. Every step spells out
    its request inline so the flow can be read and executed without opening the
    underlying OpenAPI description. All calls authenticate with HTTP Basic auth
    using your Stytch project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchB2bApi
  url: ../openapi/stytch-b2b-openapi.yml
  type: openapi
workflows:
- workflowId: discovery-intermediate-exchange
  summary: Authenticate discovery link, then exchange the intermediate session into an organization.
  description: >-
    Exchanges a discovery magic link token for an intermediate session and the
    list of discovered organizations, then exchanges that intermediate session
    into the chosen organization for a full member session.
  inputs:
    type: object
    required:
    - discovery_magic_links_token
    - organization_id
    properties:
      discovery_magic_links_token:
        type: string
        description: The discovery magic link token captured from the clicked link.
      organization_id:
        type: string
        description: The id of the discovered organization to exchange into.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the resulting member session.
  steps:
  - stepId: authenticateDiscovery
    description: >-
      Authenticate the discovery magic link token to obtain an intermediate
      session token and the organizations the email already belongs to.
    operationId: api_b2b_magic_v1_b2b_magic_links_discovery_Authenticate
    requestBody:
      contentType: application/json
      payload:
        discovery_magic_links_token: $inputs.discovery_magic_links_token
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      intermediateSessionToken: $response.body#/intermediate_session_token
      discoveredOrganizations: $response.body#/discovered_organizations
  - stepId: exchangeIntoOrg
    description: >-
      Exchange the intermediate session token into the chosen organization to
      mint a full member session.
    operationId: api_discovery_v1_discovery_intermediate_sessions_Exchange
    requestBody:
      contentType: application/json
      payload:
        intermediate_session_token: $steps.authenticateDiscovery.outputs.intermediateSessionToken
        organization_id: $inputs.organization_id
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      organizationId: $response.body#/organization/organization_id
      sessionToken: $response.body#/session_token
      memberAuthenticated: $response.body#/member_authenticated
  outputs:
    memberId: $steps.exchangeIntoOrg.outputs.memberId
    organizationId: $steps.exchangeIntoOrg.outputs.organizationId
    sessionToken: $steps.exchangeIntoOrg.outputs.sessionToken