arazzo: 1.0.1
info:
  title: Stytch B2B Email OTP Login
  summary: Send an email OTP to an organization member and authenticate the code.
  description: >-
    A passwordless email OTP login flow for B2B apps. The workflow sends a
    one-time passcode by email to a member of an organization (creating the
    member if they do not yet exist) and then authenticates the code the member
    enters to mint a member session. Every step spells out its request inline so
    the flow can be read and executed without opening the underlying OpenAPI
    description. All calls authenticate with HTTP Basic auth using your Stytch
    project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchB2bApi
  url: ../openapi/stytch-b2b-openapi.yml
  type: openapi
workflows:
- workflowId: email-otp-login
  summary: Send an organization email OTP and authenticate the code.
  description: >-
    Dispatches a one-time passcode by email to a member of an organization and
    exchanges the member-entered code for an authenticated member session.
  inputs:
    type: object
    required:
    - organization_id
    - email_address
    - code
    properties:
      organization_id:
        type: string
        description: The id of the organization the member belongs to.
      email_address:
        type: string
        description: The member's email address to send the passcode to.
      code:
        type: string
        description: The one-time passcode the member received by email and entered.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the member session.
  steps:
  - stepId: sendEmailOtp
    description: >-
      Send a one-time passcode by email to the member, creating the member if no
      account exists yet in the organization.
    operationId: api_b2b_otp_v1_b2b_otp_email_LoginOrSignup
    requestBody:
      contentType: application/json
      payload:
        organization_id: $inputs.organization_id
        email_address: $inputs.email_address
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      memberCreated: $response.body#/member_created
  - stepId: authenticateEmailOtp
    description: >-
      Authenticate the email one-time passcode the member entered to mint a
      member session.
    operationId: api_b2b_otp_v1_b2b_otp_email_Authenticate
    requestBody:
      contentType: application/json
      payload:
        organization_id: $inputs.organization_id
        email_address: $inputs.email_address
        code: $inputs.code
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      organizationId: $response.body#/organization_id
      sessionToken: $response.body#/session_token
  outputs:
    memberId: $steps.authenticateEmailOtp.outputs.memberId
    organizationId: $steps.authenticateEmailOtp.outputs.organizationId
    sessionToken: $steps.authenticateEmailOtp.outputs.sessionToken