arazzo: 1.0.1
info:
  title: Stytch OAuth Authenticate and Session
  summary: Authenticate an OAuth token returned from a provider redirect and read the session.
  description: >-
    A social login completion flow for consumer apps. After the user returns
    from an OAuth provider redirect carrying a Stytch OAuth token, the workflow
    authenticates that token to mint a session and resolve the user, then reads
    the user's active sessions to confirm the login. Every step spells out its
    request inline so the flow can be read and executed without opening the
    underlying OpenAPI description. All calls authenticate with HTTP Basic auth
    using your Stytch project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchConsumerApi
  url: ../openapi/stytch-consumer-openapi.yml
  type: openapi
workflows:
- workflowId: oauth-authenticate-session
  summary: Authenticate an OAuth token and verify the resulting session.
  description: >-
    Exchanges the OAuth token captured from a provider redirect for a session,
    then reads the active sessions for the resolved user.
  inputs:
    type: object
    required:
    - token
    properties:
      token:
        type: string
        description: The Stytch OAuth token returned on the provider redirect.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the authenticated session.
  steps:
  - stepId: authenticateOauth
    description: >-
      Authenticate the OAuth token to complete the social login, minting a
      session and resolving the user.
    operationId: api_oauth_v1_Authenticate
    requestBody:
      contentType: application/json
      payload:
        token: $inputs.token
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/user_id
      providerType: $response.body#/provider_type
      sessionToken: $response.body#/session_token
      sessionJwt: $response.body#/session_jwt
  - stepId: getSession
    description: >-
      Read the active sessions for the authenticated user to confirm the OAuth
      login established a session.
    operationId: api_session_v1_Get
    parameters:
    - name: user_id
      in: query
      value: $steps.authenticateOauth.outputs.userId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      sessions: $response.body#/sessions
  outputs:
    userId: $steps.authenticateOauth.outputs.userId
    providerType: $steps.authenticateOauth.outputs.providerType
    sessionToken: $steps.authenticateOauth.outputs.sessionToken