Partial-login flow
🎯 Purpose
Addresses recovery scenarios that occur after users have successfully completed their first authentication factor but cannot complete the required second factor authentication.
📍 Flow Context
- Trigger Point: After successful first factor authentication
- User State: First factor completed, second factor required
- Access Scenarios: Account chooser authentication OR username + first factor completed
- Recovery Need: Cannot complete required second factor
🔄 Partial-login Entry Scenarios
🎯 Account Chooser Path
- User Action: User clicked on account chooser user card
- First Factor: Secure cookie provides first factor authentication
- Current State: User authenticated via trusted browser, second factor required
🔐 Username + First Factor Path
- User Process: User entered username and completed first factor authentication
- Factor Types: Password validation or mobile authentication code entry
- Current State: Primary authentication completed, second factor verification needed
📊 Second Factor Challenge Context
At this stage, users are presented with screens requesting second factor authentication such as:
- Push notification approval
- Email OTP entry
- SMS OTP entry
- Alternative second-factor methods
🚨 Common Partial-login Recovery Scenarios
| Recovery Type | User Situation | Authentication State |
|---|---|---|
| Mobile App Issues | Cannot approve push notifications | First factor ✅, Push required |
| Email Access Problems | Cannot access email for OTP | First factor ✅, Email OTP required |
| SMS Access Issues | Cannot receive SMS codes | First factor ✅, SMS OTP required |
