Skip to main content
A support-initiated flow is useful when your team determines that a user needs additional proof before account access can be restored. The flow is:
  1. Your support team opens an account-recovery case in your internal tooling.
  2. Your backend creates a short-lived, signed authorization token that identifies the user, the support case, and the permitted action.
  3. Your backend calls OwnID to start a support-led identity document challenge.
  4. OwnID returns a challengeId and challengeUrl.
  5. Your backend or support team sends the challengeUrl to the user’s verified email address.
  6. Your support tooling polls the challenge status on demand and restores access only after the challenge is allowed.

Create a Signed Authorization Token

Create the token on your backend only. Include a short expiration time and a unique jti so the token can be audited and revoked if needed. TBD

Start the Challenge and Send the Redirect URL

TBD

Poll Challenge Status on Demand

Poll only when the support agent opens or refreshes the case. Avoid background polling loops that create unnecessary traffic. TBD