# Inviting End-Users

The sequence diagram below shows the process of how a user controlling a DID is invited and then added to our system by a tenant administrator.

{% @mermaid/diagram content="sequenceDiagram
title Invite End-User using Wallet to Tenancy

autonumber

actor H as Holder
actor TA as Tenant Admin

participant P as Portal
participant W as Wallet
participant API as SVX API

W->>W: did:key generated locally
TA->>P: Navigate to Add User > End Users > Manage Tenancy.
P->>+API: POST /end-users/invitations
API-->>-P: 201 invitation object containing request\_uri
Note over H,P: There are different ways a holder can receive this link<br>- QR code that can be scanned<br>-Deeplink to click on
P->>P: Render QR for request <br> openid://request\_uri=<https://svx-api-sandbox.meeco.me/oidc/presentations/requests/{id}/jwt>

TA-->>H: Email QR code / deeplink

H->>W: Scan QR Code
W->>+API: GET <https://svx-api-sandbox.meeco.me/oidc/presentations/requests/{id}/jwt>
API-->>-W: return request\_jwt
W->>+W: Extract state and reciret\_uri attributes from the request request\_jwt
W->>+API: POST /end\_users/invitations/short\_lived\_access\_token (token: state)
API-->>-W: return short lived access\_token
W->>+API: POST /oidc/presentations/requests/verify (request\_jwt, short lived access\_token)
API-->>-W: 201 OK
W->>+API: POST /oidc/presentations/token<br>(request\_id, state, short lived access\_token)
API-->>-W: 201 OK and unsigned id\_token
W->>W: Sign id\_token

W->>+API: POST /end\_users/invitations/{token}/accept <br> (id\_token, state: token, short lived access\_token) <br> (endpoint is defined under redirect\_uri inside the request\_jwt)

API-->>-W: 201 OK (access\_token: {access\_token})" %}