The Login Flow
The login process into an application using CosyncJWT can either take place with one function call if two factor verification is not enabled, and with two function calls if it is enabled. In the first scenario, the application will issue a login Cosync REST Service API function call as illustrated in the following sequence diagram:
Login Flow with Two-Factor Verification
If two-factor verification is enabled for the user, the application will first issue a login CosyncJWT REST function call, and then wait for a six-digit verification code to be sent to the user’s phone number for identity confirmation, or a 6 digit code sent to the Google Authenticator. The application will then issue a loginComplete Cosync REST Service API function call to complete login process.