added sequence diagrams to docs for enroll and auth

README.md

@@ -105,6 +105,8 @@ trusona.Initializer.initialize(origin)
 
 ## Enroll Your Users
 
+![Enrollment sequence diagram](docs/images/tac-passkey-sdk-enrollment.png)
+
 To enroll a user, from within your backend, generate a `JWT` token with the `subject` claim as a user's identifier or username.
 
 This identifier does not need to be an email address, but it should uniquely identify the user and they should be able to recognize it as their username.
@@ -127,6 +129,9 @@ new trusona.WebAuthnEnrollment().enroll(jwt, controller.signal)
 
 ## Authenticate Your Users
 
+![Authentication sequence diagram](docs/images/tac-passkey-sdk-authentication.png)
+
+
 To authenticate a user, you can provide a username hint to the SDK or not - `lastUserHint()` is available to provide such a hint.
 
 On success, a JWT is going to be provided in the SDK response that you can examine and verify the identity of the user.

docs/tac-passkey-sdk-authentication.puml

@@ -0,0 +1,24 @@
+@startuml
+!include ../../../../style_puml.config
+
+participant "Browser" as bro
+participant "Trusona SDK" as sdk
+participant "Customer Backend" as cust
+participant "Trusona Auth Cloud" as core
+
+== Authentication ==
+bro -> sdk: authenticate (optional user hint)
+sdk -> core: POST /authentications
+core --> sdk: authentication response
+sdk --> bro: (idToken, accessToken)
+== Verification of accessToken ==
+bro -> sdk: get Initializer.jwksEndpoint
+sdk --> bro: jwks_endpoint
+bro -> cust: verify accessToken with jwks_endpoint
+cust -> core: GET /jwks_endpoint
+core --> cust: jwks response
+cust -> cust: verify accessToken with jwks
+cust --> bro: verification success
+bro -> cust: access with accessToken
+
+@enduml

docs/tac-passkey-sdk-enrollment.puml

@@ -0,0 +1,24 @@
+@startuml
+!include ../../../../style_puml.config
+
+participant "Browser" as bro
+participant "Trusona SDK" as sdk
+participant "Customer Backend" as cust
+participant "Trusona Auth Cloud" as core
+
+bro -> cust: Sign in using existing authentication method
+cust --> bro: Success
+bro -> sdk: enroll with JWT
+sdk -> core: POST /attestation/options (JWT)
+core -> cust: GET /jwks_endpoint
+cust --> core: jwks response
+core -> core: Validate JWT with jwks
+core --> sdk: attestation_options, transaction_id
+sdk -> bro: create webauthn credentials using attestation_options
+bro --> sdk: attestation_options
+sdk -> core: POST /enrollments (attestation_options, transaction_id)
+core -> core: create passkey credential
+core --> sdk: enrollment result
+sdk --> bro: enrollment result
+
+@enduml