Revoke Device Flow

PasswordLessAuth.

Besides creating new keys for new devices, users can also revoke previously existing keys by using this flow. There might be multiple reasons for revoking a key. Maybe the user is going to get rid of the device that stored the key-pair, or the device was stolen. Maybe the keys were compromised (if they were stored in a non-safe way or in an unsafe device) and they need to be revoked for security reasons. The list of devices and associated keys for a user can be obtained by using the flow “User Information Flow”

Whatever the reason, this process is potentially a destructive operation, so it makes use of a security code that is sent to the user’s email, like the Add Device and Key Flow.

The flow starts with a call to DELETE /pwless/devices. The authentication service checks the identity of the user (via email) and a security code is generated and sent to the user’s email. This code must follow the principles applied for the security code of the Add Device and Key Flow, and should be generated following the same procedure.

The authentication service responds with the following response:

Response: 200 OK
{
   “success”: false,
   “code”: “code_validation_required”,
}
						

The recommended UI/UX behavior is presenting an input field to the user to enter the security code that was sent to the registered email address. The user then needs to check the email that was just sent by the authentication service, and enter the code in the application, which performs a new DELETE /pwless/devices request to the authentication service.

If the security code is validated by the authentication service, the corresponding key entry is deleted from the system, and a proper confirmation indication is delivered to the user.

Request and Response

DELETE /pwless/devices
{
   “email”: “user@emailserver.com”,
   “key_id”: 3274627,
}
Response: 200 OK
{
   “success”: true, 
   “code”: “code_validation_required”,
}

DELETE /pwless/devices
{
   “email”: “user@emailserver.com”,
   “key_id”: 3274627,
   “security_code”: “horse291”   
}
Response: 200 OK
{
   “success”: true, 
   “code”: “success”
}
Back to Flows

Want to know more? Join our newsletter.

Find us on Facebook

We are also on Twitter

Oh, and on Github too