PowerAuth Web Flow

Web Flow is the main component which serves as an OAuth 2.0 provider.

You can obtain the war file which can be deployed to a Java EE container in releases.

The configuration of Web Flow is described in Web Flow Configuration.

Web Flow Functionality

Web Flow implements following functionality:

  • frontend application the user interacts with during the authentication process
  • backend REST services the frontend communicates with to handle user input and operation workflow
  • OAuth 2.0 provider which authenticates user HTTP session in case of successful authentication
  • implementation of authentication methods
    • the authentication process consists of one or more authentication methods which are invoked as defined by the Next Step Server
    • each authentication method is stored in a separate project
  • central point which communicates with other backends
    • communication with Next Step Server to get a response about next step and redirect of user to the right screen
    • communication with Data Adapter to obtain additional data, authenticate user, send SMS messages and notify Data Adapter about operation status and form data changes
    • communication with PowerAuth Server to obtain activation status, signature verification and token verification
    • communication with PowerAuth Push Server to deliver push messages to user mobile device
  • Web Socket communication with frontend for immediate response in Mobile Token authentication
  • tracking of operations within HTTP session to handle concurrent operations
  • preparation of operation form data (value formatting, resource localization, resource translation)