16.9. Protected Flows

Protected flows provide the functionality to view and change context data and to manage authentication tokens of users. In general, protected flows are all end-user flows accessible after authentication.
They require special consideration because a user must be properly authenticated and authorized to be allowed to use such a flow.

  • Typical examples of protected flows are:
  • address-change flow
  • mTAN registration flow
  • email address change flow
  • Airlock 2FA, Cronto, and mTAN token management self-service
  • FIDO registration self-service
  • etc.

Structure of protected flows

  • A typical protected flow follows this sequence of steps:
  • 1.
    Validate pre-conditions to ensure that the user is properly authenticated and authorized.
  • 2.
    Depending on flow steps: select item to be changed (e.g. authentication token).
  • 3.
    Supply information to be added, changed, or deleted:
    • Context data
    • Authentication token-specific values (such as a display name)
  • 4.
    Validate or approve the change.
  • 5.
    Persist the validated or approved information.