Use case: WhatsApp Authentication for Developer and User
Actors: Developer, End user, Cripsa Platform
Goals:
- Developer's Goal: Register with Cripsa, create a WhatsApp project, integrate WhatsApp sign-in screen, and authenticate successfully.
- User's Goal: Log in using WhatsApp authentication, receive an OTP, verify OTP, and access the customer portal.
Main Flow:
For Developer:
- Developer Registration: The developer registers on cripsa.com to access the Cripsa platform.
- Request Authentication from WhatsApp Application: The developer requests authentication from the WhatsApp application on Cripsa.
- Receive Authentication Token: Cripsa provides an authentication token to the developer after successful authentication.
- Access Developer Dashboard: The developer logs in to Cripsa and accesses the Developer Dashboard.
- Create WhatsApp Project: The developer creates a WhatsApp project within the dashboard.
- Receive Project Information: Cripsa generates and provides the developer with Client ID, Client Secret, User Pool ID, and User Pool Domain.
- Develop WhatsApp Sign-In Screen: The developer uses the provided API endpoints ("whatsapp-signin" and "whatsapp-responseToauth") to create the WhatsApp sign-in screen.
- Authentication with WhatsApp: The developer logs in using their mobile number, clicks the login button, and is directed to the OTP screen.
- Receive OTP: The developer receives an OTP on WhatsApp and a session ID is generated.
- Verify OTP: The developer enters the OTP on the OTP screen and clicks the sign-in button.
- Call API for Verification: In the backend, the "whatsapp-verifyAuthChallenge" API endpoint is called to verify the session ID and OTP.
- Receive Tokens: Upon successful verification, Cripsa responds with various tokens (refresh token, ID token, and access token).
- Successful Authentication: The developer's session is established, and they are redirected to the relevant page on the dashboard.
For End User:
- User Registration: The end user accesses the customer portal with the integrated WhatsApp sign-in screen.
- WhatsApp Authentication Initiation: The user logs in using their mobile number and clicks the login button.
- OTP Generation: The user receives an OTP on WhatsApp, and a session ID is generated. The user enters the OTP on the OTP screen and clicks the sign-in button.
- Call API for Verification: The "whatsapp-verifyAuthChallenge" API is called in the backend to verify the session ID and OTP.
- Receive Tokens: After successful verification, Cripsa responds with tokens (refresh token, ID token, and access token).
- Access Customer Portal: The user's session is established, and they are redirected to the relevant page within the customer portal.
Benefits:
- Developer achieves secure authentication through WhatsApp.
- User gains seamless access to the customer portal using WhatsApp authentication.
Preconditions:
- Developer has registered on cripsa.com.
- User has a WhatsApp account.
Postconditions:
- Developer is authenticated and redirected to the dashboard.
- User is authenticated and gains access to the customer portal.
Exceptions:
- Incorrect OTP entry leads to failed verification.
- Developer/User session fails due to network issues.
Trigger:
- Developer/User initiates WhatsApp authentication by entering mobile number and clicking login button.