website/docs: update flow context variables

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 14:37:37 +00:00 · 2022-12-13 14:37:37 +00:00 · 1dfc0b2e93
parent 291573fbc5
commit 1dfc0b2e93
1 changed files with 25 additions and 3 deletions
--- a/website/docs/policies/expression.mdx
+++ b/website/docs/policies/expression.mdx
@ -87,16 +87,38 @@ Additionally, when the policy is executed from a flow, every variable from the f
 This includes the following:

 -   `context['flow_plan']`: The actual flow plan itself, can be used to inject stages.
-   `context['prompt_data']`: Data which has been saved from a prompt stage or an external source.
-   `context['application']`: The application the user is in the process of authorizing.
+-   `context['redirect']`: The URL the user should be redirected to after the flow execution succeeds. (Optional)
+-   `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional)
+-   `context['application']`: The application the user is in the process of authorizing. (Optional)
+-   `context['source']`: The source the user is authenticating/enrolling with. (Optional)
 -   `context['pending_user']`: The currently pending user, see [User](../user-group/user.md#object-attributes)
-   `context['auth_method']`: Authentication method set (this value is set by password stages)
+-   `context['is_restored']`: Set to `True` when the flow plan has been restored from a flow token, for example the user clicked a link to a flow which was sent by an email stage. (Optional)
+-   `context['auth_method']`: Authentication method (this value is set by password stages) (Optional)

    Depending on method, `context['auth_method_args']` is also set.

    Can be any of:

    -   `password`: Standard password login
+    -   `auth_mfa`: MFA login (this method is only set if no password was used)
+
+        Sets `context['auth_method_args']` to
+
+        ```json
+        {
+            "mfa_devices": [
+                {
+                    "pk": 1,
+                    "app": "otp_static",
+                    "name": "Static Token",
+                    "model_name": "staticdevice"
+                }
+            ]
+        }
+        ```
+
+    -   `auth_webauthn_pwl`: Password-less WebAuthn login
+    -   `jwt`: OAuth Machine-to-machine login via external JWT
    -   `app_password`: App password (token)

        Sets `context['auth_method_args']` to