CIAM Plus With Protect - Magic Link Authentication - Subflow

The CIAM Plus With Protect - Magic Link Authentication - Subflow lets existing users authenticate using a link sent to the email address that’s associated with their account.

Purpose

The CIAM Plus With Protect - Magic Link Authentication - Subflow presents users with the option to send a magic link to the email address associated with their account. After the link is sent, the flow checks the status of the link. If the link is clicked, the flow authenticates the user. If the link expires, the flow presents an error message. The magic link expires after 2.5 minutes (150 seconds).

Structure

This flow is divided into sections using teleport nodes:

Display Magic Link Form: Uses a PingOne node to look up the user, then presents an HTML form from which the user can send a magic link. The flow then simultaneously progresses to the Create Challenge and Send Email and Challenge Acceptance By The User sections.
Create Challenge and Send Email: Uses a PingOne node to send a magic link email. The flow then progresses to the Display Magic Link Polling And Check For Challenge Status section.
Challenge Acceptance By The User: Checks the challenge status and displays a success message if the magic link is clicked and an error message if the magic link times out.
Display Magic Link Polling And Check For Challenge Status: Displays a custom HTML template directing users to click the magic link. When the challenge is approved, the flow progresses to the Go To Success section.
Go To Success: Progresses to the Return Success section.
Challenge Expiration: Denies the challenge if the magic link expires. The flow then progresses to the Return Error section.
Return Success: Sends a success JSON response, indicating that the flow completed successfully.
Return Error: Sends an error JSON response, indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs:

Input name Required Description

Input name	Required	Description
`p1UserId`	Yes	The user ID of the user to be authenticated.
`canChangeDevice`	Yes	Indicates whether the user can change the device used for authentication.
`companyLogo`	No	The company logo. Used only when the main flow was launched using a redirect.

p1UserId

Yes

The user ID of the user to be authenticated.

canChangeDevice

Yes

Indicates whether the user can change the device used for authentication.

companyLogo

The company logo.

Used only when the main flow was launched using a redirect.

Output schema

This flow has the following outputs:

Output name Description

Output name	Description
`subflowResult`	The result status of the flow.
`errorMessage`	The error message to display in the parent flow.
`errorDetails`	The details of the error that occurred in this flow.

subflowResult

The result status of the flow.

errorMessage

The error message to display in the parent flow.

errorDetails

The details of the error that occurred in this flow.

Variables

This flow uses no variable or parameter values.

PingOne for Customers Plus