Confirm
471
edits
Changes
m
→Login: /session/auth
This same protocol is used, with slightly different methods and constants, to obtain the "accountResetToken". This token allows a client to safely reset the account password.
The protocol is optimized to minimize round-trips and to enable parallelism, to reduce the time it takes to connect a browser to the account to just a few seconds. As a result, the two messages it sends (/session/auth/start and /session/auth/finish) each perform multiple jobs. In total, the browser requires four messages in three roundtrips (1: /session/auth/start, 2: /session/auth/finish, 3: /account/keys and /certificate/signin parallel) before it is ready to talk to the storage server.
== auth/start ==
