## Re-authentication

Atto Connect allows re-authentication of consents to extend the lifetime of
the consent. This flow can be started when a consent is about to expire, is
expired or revoked.

Atto provides both [Webhooks](/content/docs/guides/platform-integration/notifications#v2-webhooks) and [Email notification
V2](/content/docs/guides/platform-integration/notifications#v2) to notify of upcoming consent expirations, each of which can
be configured for how many days prior to consent expiration they should be
triggered.

To re-authenticate a consent:

1. Get an access token for Consent API using the [Authorization
API](/content/apis/get-token) (Scope should be `api:consent`).
2. Append the consent ID that needs to be re-authenticated as query
parameter and add the access token as a fragment to the Atto Connect url.
eg:
`https://connect.atto.co?consent_id=<ConsentID>#access_token=<AccessToken>`
and send it to the end user.
3. User will be prompted to confirm the details of re-authenticating their
access:


Note: `api:consent` Access Token validity period is about 1 hour. Attaching
Reauthentication URL straight to the email would not end up with good user
experience as URL would not be usable after 1 hour. Recommended approach is
to redirect end user to your page, where end user can continue with
Reauthentication and new Access Token can be requested.

![Reauthentication flow](/assets/connect-reauthentication-flow.410ea23db4659bc4f21a4d5913e2cfd817a05c60a49708f21586aac016c49a73.d5e2313b.png)

![Reauthentication flow step
1](/assets/connect-reauthentication-flow-1.7553a35fd9e19b3972ada4661a43901f2d2afafcae7be505c8db7e0e736d08c3.d5e2313b.jpg)

![Reauthentication flow step
2](/assets/connect-reauthentication-flow-2.1f617787623b6dc659eae61cb3f47472ee331a731721b9122e0d20eb4748e495.d5e2313b.jpg)

User is redirected to their bank where they will authorize the access:

![Reauthentication flow step
3](/assets/connect-reauthentication-flow-3.caa64c28b175b7b9c13abcdde26c7b127001940b0dc046c6b65901ae92fe2bfa.d5e2313b.png)

If authorization was successful, user is redirected back to Connect:

![Reauthentication flow step
4](/assets/connect-reauthentication-flow-4.6cfa4fa8308317cf733d50b9ebc19b321e6e71605efb75d9d12ca73692d0711c.d5e2313b.jpg)

The user may be required to re-select their accounts during the
reauthentication flow. This will only be applicable after their consent has
been marked as `Revoked` by calling the [Revoke Consent
API](/content/apis/revoke-consent).

### Notifications

Atto dispatches Webhook `evenType` : `Consent` when the journey finishes.
`consentJourney` value is set to `Reauthentication`. Once the journey
finishes and a notification is received indicating success, you may resume
fetching the data from the APIs.

### API Flow

![Reauthentication API flow
diagram](/assets/connect-reauthentication-api-flow.561a71ca960c107c9e87c8c9f089a3177600f97e48e3f136ed9d36f881252581.d5e2313b.png)