OPAQUE login has two steps:
The client requests the envelope stored during registration to the server. Both participants collaborate to generate the key that allows the client to unseal the envelope.
The client opens the envelope and extracts the keypair that is used in an authenticated key exchange protocol. Thus, the client proves its authenticity to the server.
... now: