B2C Customer Authentication Flow
This guide details the complete authentication flow for individual (B2C) customers in the FinHub platform. The authentication process involves token generation, retrieving customer details, and two-factor authentication when enabled.Flow Overview
The following sequence diagram illustrates the complete B2C authentication process:Detailed API Flow
Step 1: Generate Authentication Token
The first step is to authenticate the user and generate the necessary tokens. API Request:- The tokens are stored in localStorage
- The
bffToken
is used for subsequent API calls - The session has an expiration time (typically 1 hour)
- The system records the login attempt for security monitoring
Step 2: Get Customer Details
After authentication, the system retrieves the customer’s profile details. API Request:- The customer details are stored in the application state
- The response includes the KYC status and 2FA settings
- The system updates the last login timestamp
Step 3: Two-Factor Authentication (if enabled)
If 2FA is enabled for the customer, an additional verification step is required. API Request to initiate 2FA:- The 2FA code is typically a 6-digit number
- The code is valid for a limited time (usually 10 minutes)
- After successful 2FA verification, the session expiration is extended
- The system records the successful 2FA verification for security monitoring
Logout Process
The logout process invalidates the current session and clears authentication data. API Request:- The system invalidates the session on the server
- All localStorage items are cleared
- The application state is reset
- The user is redirected to the login page
Error Handling
The authentication process includes comprehensive error handling for various scenarios:Error Scenario | Error Code | Description |
---|---|---|
Invalid credentials | INVALID_CREDENTIALS | The provided username or password is incorrect |
Account locked | ACCOUNT_LOCKED | The account has been locked due to too many failed attempts |
Session expired | SESSION_EXPIRED | The authentication session has expired |
Invalid 2FA code | INVALID_2FA_CODE | The provided 2FA code is incorrect |
Expired 2FA code | 2FA_CODE_EXPIRED | The 2FA code has expired |
Too many 2FA attempts | TOO_MANY_2FA_ATTEMPTS | Too many failed 2FA verification attempts |
Security Considerations
When implementing the B2C authentication flow, consider the following security measures:- Rate Limiting: Implement rate limiting to prevent brute force attacks
- IP Tracking: Monitor and flag suspicious login attempts from unusual locations
- Device Fingerprinting: Track and verify device information for additional security
- Session Management: Implement proper session timeout and renewal mechanisms
- Secure Communication: Ensure all authentication traffic is encrypted with TLS
- Audit Logging: Maintain detailed logs of all authentication activities