20.1.1. User identifying step

The transaction approval process is initiated by the business logic of the delegating entity (e.g. e-banking system). In the user identifying step, the delegating entity starts a transaction approval process and tells the IAM transaction approval service, what user needs to approve the transaction.

Typically, but not necessarily, the username is transported to the delegating entity (e.g. e-banking system) via an identity propagation mechanism.

Note that the user is not authenticated in this step, i.e. no password or other credential is involved.

It is therefore important that any flow beginning with this step can only be called by a trusted, authenticated entity. This can be ensured by correctly authenticating the delegating entity.

Step 1 - HTTP request - user identifying step

POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/user/identify/
    "username" : "jdoe"