Sequence

• PIN issuance will be responded to via Server-Sent Events (SSE).
• Block another request within expiration time.
• Phone numbers that have expired will be discarded.

sequenceDiagram

actor user as user
participant site as site
participant pauth as pauth

participant siteB as other site
actor userB as user

user ->> site: Enter phone number
site ->> pauth: Send site token, phone number

par expiration time
    pauth ->> site: 200 OK (SSE)
    site ->> user: Show authentication dialog

    user ->> pauth: Make a phone call

    par
        pauth ->> site: Response PIN (SSE)
    and
        site ->> pauth: Send site token, phone number
        pauth ->> site: Response PIN
    end


    site ->> user: Show PIN

    user ->> site: Enter PIN
    site ->> pauth: Send site token, phone number, PIN

    alt PIN is correct
        pauth ->> site: 200 OK
        site ->> user: Show success message
    else PIN is incorrect
        pauth ->> site: 204 No Content
    end

and
    userB ->> siteB: Enter phone number
    siteB -x pauth: Send site token, phone number
    Note over siteB,pauth: Blocked because of different site token
end

pauth ->> pauth: Discard phone number

userB ->> siteB: Enter phone number
siteB ->> pauth: Send site token, phone number
pauth ->> siteB: 200 OK (SSE)
siteB ->> userB: Show authentication dialog