version 1.1

workflow AuthenticatePA {

  input {
    Boolean  is_pay_service
    String   auth_request_model
  }

  # Step 1: User sends initial Authenticate PA Request (Status=Model)
  call SendInitialRequest {
    input:
      request = auth_request_model
  }

  # Step 1.1 / 1.2: Branch on free vs pay service
  if (!is_pay_service) {

    # Step 1.1: Free service — go directly to Authenticate
    call Authenticate as AuthenticateFree {
      input:
        is_pay_service        = false,
        auth_response_model   = SendInitialRequest.response
    }
  }

  if (is_pay_service) {

    # Step 1.2.1: User sends Authenticate PA Request with Service Pricing Model (Status=Model)
    call SendPricingRequest {
      input:
        request = auth_request_model
    }

    # Step 1.2.2: Authenticate Service sends Authenticate PA Response
    # Step 1.2.2.1: If Status=Err, workflow ends here (WDL models this via conditional on Ack)
    Boolean is_ack = SendPricingRequest.status == "Ack"

    if (is_ack) {

      # Step 1.2.2.2: Status=Ack — User transacts value and sends Final request
      call TransactValue {
        input:
          transaction = SendPricingRequest.transaction
      }

      call SendFinalRequest {
        input:
          transaction = TransactValue.completed_transaction,
          request     = auth_request_model
      }

      # Step 2: Authenticate Service sends Authenticate PA Response (pay path)
      call Authenticate as AuthenticatePay {
        input:
          is_pay_service       = true,
          auth_response_model  = SendFinalRequest.response
      }
    }
  }
}

# ──────────────────────────────────────────────
# Tasks
# ──────────────────────────────────────────────

task SendInitialRequest {
  # User sends "Authenticate PA Request including Authentication
  # with Rights (Status=Model)" to Authenticate Service.
  input {
    String request
  }
  command <<< >>>
  output {
    String response = "initial_response"
  }
}

task SendPricingRequest {
  # User sends "Authenticate PA Request with Service Pricing
  # Model (Status=Model)" to Authenticate Service.
  input {
    String request
  }
  command <<< >>>
  output {
    String status      = "Ack"       # or "Err"
    String transaction = "tx_data"   # populated when Status=Ack
  }
}

task TransactValue {
  # User transacts the value included in Transaction.
  input {
    String transaction
  }
  command <<< >>>
  output {
    String completed_transaction = transaction
  }
}

task SendFinalRequest {
  # User sends "Authenticate PA Request including Service Pricing
  # Model with Transaction (Status=Final)" to Authenticate Service.
  input {
    String transaction
    String request
  }
  command <<< >>>
  output {
    String response = "final_response"
  }
}

task Authenticate {
  # Authenticate Service sends "Authenticate PA Response" including:
  #   - Service Pricing Model (Status=Final), if pay service
  #   - Authentication and Rights (Status=Final)
  input {
    Boolean is_pay_service
    String  auth_response_model
  }
  command <<< >>>
  output {
    String? pricing_model_final  = if is_pay_service then "pricing_final" else None
    String  authentication_final = "auth_and_rights_final"
  }
}