Protected Flows

Protected flows provide the functionality to view and change context data and to manage authentication tokens of users. In general, protected flows are all end-user flows accessible after authentication.
They require special consideration because a user must be properly authenticated and authorized to be allowed to use such a flow.

Typical examples of protected flows are:

  • address-change flow
  • mTAN registration flow
  • email address change flow
  • Airlock 2FA, Cronto, and mTAN token management self-service
  • FIDO registration self-service
  • etc.

Structure of protected flows

A typical protected flow follows this sequence of steps:

  1. Validate pre-conditions to ensure that the user is properly authenticated and authorized.
  2. Depending on flow steps: select item to be changed (e.g. authentication token).
  3. Supply information to be added, changed, or deleted:
    • Context data
    • Authentication token-specific values (such as a display name)
  5. Validate or approve the change.
  6. Persist the validated or approved information.