Didomi Issue a Consent Token for an End User

arazzo: 1.0.1
info:
  title: Didomi Issue a Consent Token for an End User
  summary: Create an end user, assign an internal ID, and issue a scoped JWT consent token for that user.
  description: >-
    A Didomi pattern for handing an end user a token that authorizes them to read
    and modify their own consent data from client-side environments. The workflow
    creates an end user, patches it to assign your organization's internal user ID,
    and issues a scoped consent token for that user. Each step spells out its
    request inline, including the bearer Authorization header, so the flow can be
    read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: didomiApi
  url: ../openapi/didomi-platform-api-openapi.yml
  type: openapi
workflows:
- workflowId: issue-consent-token
  summary: Create a user, assign an internal ID, and issue a scoped consent token for that user.
  description: >-
    Creates an end user, patches it to assign your organization's internal user
    ID, and issues a consent token scoped to that user and organization.
  inputs:
    type: object
    required:
    - token
    - organizationId
    - organizationUserId
    - lifetime
    properties:
      token:
        type: string
        description: A valid Didomi JWT used as the bearer token for the Authorization header.
      organizationId:
        type: string
        description: The ID of the organization that the user and token belong to.
      organizationUserId:
        type: string
        description: Your organization's internal user ID to assign to the new user.
      lifetime:
        type: integer
        description: Lifetime of the issued consent token, in seconds.
  steps:
  - stepId: createUser
    description: >-
      Create a new end user under the organization. organization_id is supplied as
      a required query parameter.
    operationPath: '{$sourceDescriptions.didomiApi.url}#/paths/~1consents~1users/post'
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.token"
    - name: organization_id
      in: query
      value: $inputs.organizationId
    requestBody:
      contentType: application/json
      payload:
        organization_id: $inputs.organizationId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/id
  - stepId: assignInternalId
    description: >-
      Patch the user to assign your organization's internal user ID so the token
      can be scoped to that ID.
    operationPath: '{$sourceDescriptions.didomiApi.url}#/paths/~1consents~1users~1{id}/patch'
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.token"
    - name: id
      in: path
      value: $steps.createUser.outputs.userId
    - name: organization_id
      in: query
      value: $inputs.organizationId
    requestBody:
      contentType: application/json
      payload:
        organization_user_id: $inputs.organizationUserId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      organizationUserId: $response.body#/organization_user_id
  - stepId: issueToken
    description: >-
      Issue a consent token scoped to the user and organization. organization_id,
      organization_user_id and lifetime are all required by the ConsentToken input
      schema.
    operationPath: '{$sourceDescriptions.didomiApi.url}#/paths/~1consents~1tokens/post'
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.token"
    requestBody:
      contentType: application/json
      payload:
        organization_id: $inputs.organizationId
        organization_user_id: $steps.assignInternalId.outputs.organizationUserId
        lifetime: $inputs.lifetime
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      idToken: $response.body#/id_token
  outputs:
    userId: $steps.createUser.outputs.userId
    idToken: $steps.issueToken.outputs.idToken