arazzo: 1.0.1
info:
  title: Stytch Password Signup to Session
  summary: Create a password-based user, authenticate the credentials, and read the resulting session.
  description: >-
    A complete email-and-password onboarding flow for consumer apps. The
    workflow creates a new user with an email and password, then proves the
    credentials by authenticating them into a session, and finally reads the
    live session back by user_id to confirm it is active. Every step spells out
    its request inline so the flow can be read and executed without opening the
    underlying OpenAPI description. All calls authenticate with HTTP Basic auth
    using your Stytch project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchConsumerApi
  url: ../openapi/stytch-consumer-openapi.yml
  type: openapi
workflows:
- workflowId: password-signup-session
  summary: Register an email/password user, authenticate, and read the session.
  description: >-
    Creates a password user, authenticates the email and password to obtain a
    session token, then retrieves the active sessions for the user to verify the
    session was established.
  inputs:
    type: object
    required:
    - email
    - password
    properties:
      email:
        type: string
        description: The email address to register the password user under.
      password:
        type: string
        description: The plaintext password to set for the new user.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the authenticated session.
  steps:
  - stepId: createPassword
    description: >-
      Create a new user with an email and password, returning the user_id and an
      initial session for the freshly registered account.
    operationId: api_password_v1_Create
    requestBody:
      contentType: application/json
      payload:
        email: $inputs.email
        password: $inputs.password
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/user_id
      sessionToken: $response.body#/session_token
  - stepId: authenticatePassword
    description: >-
      Authenticate the email and password pair to confirm the credentials and
      mint a session token and JWT.
    operationId: api_password_v1_Authenticate
    requestBody:
      contentType: application/json
      payload:
        email: $inputs.email
        password: $inputs.password
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/user_id
      sessionToken: $response.body#/session_token
      sessionJwt: $response.body#/session_jwt
  - stepId: getSession
    description: >-
      Read the active sessions for the authenticated user to confirm the session
      is live.
    operationId: api_session_v1_Get
    parameters:
    - name: user_id
      in: query
      value: $steps.authenticatePassword.outputs.userId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      sessions: $response.body#/sessions
  outputs:
    userId: $steps.authenticatePassword.outputs.userId
    sessionToken: $steps.authenticatePassword.outputs.sessionToken
    sessionJwt: $steps.authenticatePassword.outputs.sessionJwt