arazzo: 1.0.1
info:
  title: Stytch B2B Password Authenticate and Session
  summary: Authenticate a member's organization password, then validate the resulting session.
  description: >-
    A password login flow for B2B apps. The workflow authenticates a member's
    email and password scoped to a specific organization, then validates the
    returned session token to confirm the member session is active and resolve
    the member and organization. Every step spells out its request inline so the
    flow can be read and executed without opening the underlying OpenAPI
    description. All calls authenticate with HTTP Basic auth using your Stytch
    project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchB2bApi
  url: ../openapi/stytch-b2b-openapi.yml
  type: openapi
workflows:
- workflowId: password-auth-session
  summary: Authenticate an organization-scoped password and validate the session.
  description: >-
    Authenticates a member's email and password within an organization to mint a
    member session token, then validates that token to confirm the session.
  inputs:
    type: object
    required:
    - organization_id
    - email_address
    - password
    properties:
      organization_id:
        type: string
        description: The id of the organization the member belongs to.
      email_address:
        type: string
        description: The member's email address.
      password:
        type: string
        description: The member's plaintext password.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the member session.
  steps:
  - stepId: authenticatePassword
    description: >-
      Authenticate the member's email and password within the organization to
      mint a member session token.
    operationId: api_b2b_password_v1_Authenticate
    requestBody:
      contentType: application/json
      payload:
        organization_id: $inputs.organization_id
        email_address: $inputs.email_address
        password: $inputs.password
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      sessionToken: $response.body#/session_token
  - stepId: authenticateSession
    description: >-
      Validate the member session token to confirm the session is active and
      resolve the member and organization.
    operationId: api_b2b_session_v1_Authenticate
    requestBody:
      contentType: application/json
      payload:
        session_token: $steps.authenticatePassword.outputs.sessionToken
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member/member_id
      organizationId: $response.body#/organization/organization_id
      sessionToken: $response.body#/session_token
  outputs:
    memberId: $steps.authenticateSession.outputs.memberId
    organizationId: $steps.authenticateSession.outputs.organizationId
    sessionToken: $steps.authenticateSession.outputs.sessionToken