Clarify how sessions work when establishing associations

2018-08-29 21:01:28 -06:00 · 2018-08-29 21:01:28 -06:00 · 0387da51e2
commit 0387da51e2
parent 039cefdbea
1 changed files with 6 additions and 0 deletions
--- a/specification/identity_service_api.rst
+++ b/specification/identity_service_api.rst
@ -199,6 +199,12 @@ session, within a 24 hour period since its most recent modification. Any
 attempts to perform these actions after the expiry will be rejected, and a new
 session should be created and used instead.

+To start a session, the client makes a request to the appropriate ``/requestToken``
+endpoint. The user then receives a validation token which should be provided
+to the client. The client then provides the token to the appropriate ``/submitToken``
+endpoint, completing the session. At this point, the client should ``/bind`` the
+third party identifier or leave it for another entity to bind.
+
 Email associations
 ~~~~~~~~~~~~~~~~~~