Partial-login flow

🎯 Purpose

Addresses recovery scenarios that occur after users have successfully completed their first authentication factor but cannot complete the required second factor authentication.


📍 Flow Context

  • Trigger Point: After successful first factor authentication
  • User State: First factor completed, second factor required
  • Access Scenarios: Account chooser authentication OR username + first factor completed
  • Recovery Need: Cannot complete required second factor

🔄 Partial-login Entry Scenarios

🎯 Account Chooser Path

  • User Action: User clicked on account chooser user card
  • First Factor: Secure cookie provides first factor authentication
  • Current State: User authenticated via trusted browser, second factor required

🔐 Username + First Factor Path

  • User Process: User entered username and completed first factor authentication
  • Factor Types: Password validation or mobile authentication code entry
  • Current State: Primary authentication completed, second factor verification needed

📊 Second Factor Challenge Context

At this stage, users are presented with screens requesting second factor authentication such as:

  • Push notification approval
  • Email OTP entry
  • SMS OTP entry
  • Alternative second-factor methods

🚨 Common Partial-login Recovery Scenarios

Recovery TypeUser SituationAuthentication State
Mobile App IssuesCannot approve push notificationsFirst factor ✅, Push required
Email Access ProblemsCannot access email for OTPFirst factor ✅, Email OTP required
SMS Access IssuesCannot receive SMS codesFirst factor ✅, SMS OTP required