Managing Responses in Workflows

Response Management: Handling Feedback and Completing Workflows

Once a target system has received a workflow notification from Next Identity, a response is expected to prevent a retry or a logged failure. In the case of synchronous actions, a response is needed to proceed with the user workflow.

Responses are always expected to return a200 OK HTTP response code. If the system receives an invalid URL response, it will be logged as a failure and will not be retried. HTTP error responses will be retried. Any other response that is not a 2XX response or one of the above will be marked as a failure and will not be retried.

In the case of asynchronous enrich actions, where a response message is needed to determine the next steps for the user workflow, the response to the Next Identity workflows service is expected to contain a signed JWT in the body with the necessary information to proceed. When configuring a receiving endpoint for workflows, the JWS source must be provided to the configuration team to decode the JWT.

A sample payload response for an enrich action from the target system back to the Next Identity Workflows service might look like this after the JWT is decoded:

  "iss": "",  
  "iat": 1458496025,  
  "jti": "someuniqueeventidfb4e75b5411e4e19b6c0f",  
  "action": "allow",  
  "custom_claims": {  
    "some_key1": "some_value1",  
    "some_key2": "some_value2"  

Target System Response Message Components

AttributeDescriptionRequiredValue Restrictions
actionWhat action should Next Identity take with this transaction? This should be from the customer system based on whatever processing was done based on the original Next Identity notification for this transaction.Accepted values allowed are:
allow: The user can proceed
block: The user should be blocked
challenge: The user should be provided a security challenge
custom_claimsClaims from an external service that are included in the id_token for the user at the end of the login processThis is appended to the id_token as is and does not go through any validation or changes in the service.
issService provider publishing the SETNone
iatIssued at dateTimeNone
jtiUnique ID of the eventNone


How to configure Workflows?

Workflows are configured by Next Reason. Contact your Next Reason Solutions Architect to discuss your workflow requirements.