Modules
Pure Sigra auth-return boundary contracts.
Host-owned authoritative auth-return attempt record contract.
Append-only auth-return lifecycle evidence contract.
Successful backend auth-return validation result.
Shared outer auth-return envelope.
Native auth-return evidence posture after transport parsing.
Provider-neutral OAuth/OIDC return evidence posture.
Provider-neutral passkey/WebAuthn assertion evidence posture.
Host validation input after transport-specific parsing.
Typed auth contracts for the Sigra backend seam.
Backend-projected auth context used for route-level auth checks.
Backend-owned session authority facts.
Reference-only step-up requirement state.
Canonical Sigra auth denial subcodes and shell-safe detail sanitization.
Pure Sigra route-auth evaluator for backend-owned session authority.
Pure Sigra session handoff contracts.
Append-only handoff lifecycle evidence contract.
Signed-envelope payload after host verification.
Successful backend redemption result.
Host redemption input after transport-specific parsing.
Host-owned server ticket record contract.
Host-owned Phoenix session renewal instructions.
Pure Sigra step-up intent contracts.
Host-owned session, CSRF, and LiveView invalidation instructions.
Append-only step-up lifecycle evidence contract.
Host-owned challenge descriptor for a server-backed step-up intent.
Successful backend step-up completion result.
Host consume input after locator parsing and challenge evidence collection.
Low-sensitivity locator payload after host transport verification.
Host-owned authoritative step-up intent record contract.
Shared Sigra step-up ceremony decision core.
Stable telemetry contract for Sigra auth diagnostics.