From 0387da51e268ce79f0c27fa6e8cb7ea444ff6515 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 29 Aug 2018 21:01:28 -0600 Subject: [PATCH] Clarify how sessions work when establishing associations --- specification/identity_service_api.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/specification/identity_service_api.rst b/specification/identity_service_api.rst index ea607799..ab7c9b0c 100644 --- a/specification/identity_service_api.rst +++ b/specification/identity_service_api.rst @@ -199,6 +199,12 @@ session, within a 24 hour period since its most recent modification. Any attempts to perform these actions after the expiry will be rejected, and a new session should be created and used instead. +To start a session, the client makes a request to the appropriate ``/requestToken`` +endpoint. The user then receives a validation token which should be provided +to the client. The client then provides the token to the appropriate ``/submitToken`` +endpoint, completing the session. At this point, the client should ``/bind`` the +third party identifier or leave it for another entity to bind. + Email associations ~~~~~~~~~~~~~~~~~~