Light version (#7)

Simplified version of the Authentication

Author: levhitaIncode

.nvmrc

@@ -0,0 +1 @@
+22.12.0

README.md

@@ -1,15 +1,13 @@
 # Face Authentication Validation Example
 
-This project demonstrates a secure face authentication flow using Incode's WebSDK with proper validation and session management. The application implements:
+This project demonstrates a secure face authentication flow using Incode's WebSDK with proper backend validation. The application implements:
 
-- **User hint input** for authentication (customerId, email, or phone)
+- **User hint input** for authentication (identityId)
 - **Face authentication** using Incode's renderAuthFace SDK
-- **Session management** with IndexedDB to prevent reuse
 - **Backend validation** to verify authentication integrity by:
   - Matching candidate from the SDK with identityId from the score API
-  - Validating overall authentication status
-  - Preventing token tampering and session replay attacks
-  - Marking sessions as used to prevent reuse
+  - Validating overall status to be OK
+  - Closing sessions to prevent modification
 
 This example showcases best practices for implementing face authentication in a web application with proper security measures.
 
@@ -20,64 +18,48 @@ sequenceDiagram
     participant Frontend
     participant Backend
     participant IncodeAPI
-    participant IndexedDB
 
-    Note over Frontend: Enter hint:<br> identityId
+    Note over Frontend: Enter hint:<br>identityId
     Note over Frontend: WebSDK: create()
     Frontend->>Backend: Start Session in Backend<br>{identityId}
     Backend->>IncodeAPI: Create new session<br>{configurationId, apikey}
     Note over IncodeAPI: /omni/start
-    IncodeAPI-->>Backend: Returns Session<br>{token, interviewId}
-    Backend->>IndexedDB: Store session<br>{key: interviewId, backToken: token, status: pending, identityId)
-    Backend-->>Frontend: Return Session<br>{token, interviewId}
+    IncodeAPI-->>Backend: Returns Session<br>{token}
+    Backend-->>Frontend: Return Session<br>{token}
 
     Note over Frontend: WebSDK: renderAuthFace(token, hint)
     Note over Frontend: User completes face authentication
     Note over Frontend:Returns:<br>{candidate}
 
-    Frontend->>Backend: Validate Authentication<br>{interviewId, token, candidate}
-    Backend->>IndexedDB: Get Session Info:<br>{key:interviewId}
-    IndexedDB-->>Backend:  {backToken, status}
-    alt interviewId doesn't exist in DB
-      Backend->>Frontend: {"interviewId doesn't exists", valid:false}
-    end
-    alt status != pending
-      Backend->>Frontend: { "Session was already verified", valid:false}
-    end
-    alt candidate != session.identityId
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"Stored identityId doesn't match candidate", valid:false}
-    end
-    alt token != backToken
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"Stored token doesn't match token", valid:false}
-    end
-   
+    Frontend->>Backend: Get Results<br>{token, candidate}
+  
     Backend->>IncodeAPI: Mark session as completed
     Note over IncodeAPI: /0/omni/finish-status
     IncodeAPI-->>Backend: Return:<br>{redirectionUrl, action}//Unused
 
-    Backend->>IncodeAPI: Get Authentication Score<br>{token:backToken}
+    Backend->>IncodeAPI: Close Session
+    Note over IncodeAPI: /omni/session/status/set?action=Closed
+    IncodeAPI-->>Backend: Return:<br>{sessionStatus}//Unused
+
+    Backend->>IncodeAPI: Get Authentication Score<br>{token}
     Note over IncodeAPI: /0/omni/get/score
-    IncodeAPI-->>Backend: {status, identityId}
+    IncodeAPI-->>Backend: {score, identityId}
     alt identityId != candidate
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"candidate doesn't matches score identityId", valid:false}
+      Backend->>Frontend: {"candidate doesn't match score identityId", isValid:false}
     end
+    
     alt score.status != "OK"
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"Score for this session is not OK", valid:false}
+      Backend->>Frontend: {"Score for this session is not OK", isValid:false}
     end
 
     Note over Backend: Success
-    Backend->>IndexedDB: Mark session as approved<br>{interviewId, status:approved}
-    Backend-->>Frontend: Return validation result<br>{"Succesful validation", valid:true, identityId}
+    Backend-->>Frontend: Return validation result<br>{"Successful validation", isValid:true, identityId}
     Note over Frontend: Show validation results
 ```
 
 # Requirements
 
-Vite requires Node.js version 14.18+, 16+. some templates require a higher Node.js version to work, please upgrade if your package manager warns about it.
+Vite 8 requires **Node.js ^20.19.0 || >=22.12.0**. Run `node -v` to verify before installing.
 
 # Install
 
@@ -99,24 +81,22 @@ VITE_FAKE_BACKEND_FLOW_ID=
 
 Remember the Flow holds the backend counter part of the process, some configurations there might affect the behavior of the WebSDK here.
 
-# Fake Backend Server
+# Example Backend
 
 Starting and finishing the session must be done in the backend. To simplify development, this
-sample includes a `fake_backend.js` file that handles backend operations in the frontend.
+sample includes an `example_backend.js` file that handles backend operations in the frontend.
 
 **Important:** Replace this with a proper backend for production. The API key should NEVER be exposed in the frontend.
 
 ## Key Backend Functions
 
-- `fakeBackendStart()` - Creates a new session and stores it in IndexedDB with `used: false`
-- `fakeBackendFinish()` - Retrieves the finish status from the API
-- `fakeBackendGetScore()` - Gets the authentication score from the API
-- `fakeBackendValidateAuthentication()` - Validates the authentication by:
-  - Checking if the session exists and hasn't been used
-  - Verifying the token matches the stored token
-  - Comparing candidate with identityId from the score
-  - Ensuring overall status is "OK"
-  - Marking the session as used to prevent reuse
+- `start(identityId)` - Calls Incode's `/0/omni/start` API to create a new session and returns the session `token`
+- `getResults(token, candidate)` - Verifies the authentication by:
+  - Finishing the session via `/0/omni/finish-status` to trigger score calculation
+  - Closing the session via `/0/omni/session/status/set?action=Closed` to freeze the score
+  - Retrieving the score via `/0/omni/get/score`
+  - Comparing `candidate` (from the WebSDK) with `identityId` from the score to prevent tampering
+  - Checking that the overall score status is "OK"
 
 # Run