The PASSWORD method is single-instance, active instance is deactivated, if there is new one activated.

The activation flow has 3 steps:

1. Activation of PASSWORD method IAPI/activateMethod
2. Instance initiation IAPI/initiateInstance
3. Instance activation IAPI/activateInstance

The flow is following in case of instance reactivation for active method:

1. Salt obtaining IAPI/methodParams
2. Instance initiation IAPI/initiateInstance
3. Instance activation IAPI/activateInstance

• the method PASSWORD must be activated at first
• specific parameters:
  • IN: .methodSpecific.algType - algorithm type for calculation of password hash and transaction verification code
  • OUT: .data.methodSpecific.salt - salt for password hash calculation (with algType = 2)
• algType = 2
  • password hash = sha256(salt||password)
  • transaction verification code = sha256(sha256(salt||password)||nonce)
• REST API callback:

IAPI/activateMethod

IN     .tenant, .muid, .methodType
       .methodSpecific.algType=2
OUT    .data.methodSpecific.salt

• obtaining salt with active method
• REST API callback:

IAPI/methodParams

IN:     .tenant, .muid, .methodType
OUT:    .data.methodSpecific.salt

• creating instance in INITIATED state and saving the password hash
• specific parameters:
  • IN: .methodSpecific.value - base64-encoded password hash (according to algorithm type)
  • OUT: .data.instanceInfo.instanceId - initiated instance identifier
• REST API callback:

IAPI/initiateInstance

IN      .tenant, .muid, .methodType
        .methodSpecific.value
OUT     .data.instanceInfo.instanceId

• transition of instance state to ACTIVE
• specific parameters:
  • IN: .instanceId - instance identifier
• REST API callback:

IAPI/activateInstance

IN      .tenant, .muid, .methodType
        .instanceId