Versions Compared

Old Version 2

changes.mady.by.user Liudmyla Dobrovolska (SoE eHealth)

Saved on

compared with

New Version Current

changes.mady.by.user Liudmyla Dobrovolska (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. This method is used only by TRUSTED_PIS, PIS and CABINET client types.

  2. Only one active verification code can exist for phone number.

  3. This method can be used only with JWT with fixed set of aud, specific for each client type.

Specification

Apiary

Validate JWT

  • Check Authorization header contains a valid JWT

    • in case of error - return 401 ('JWT is invalid')

  • Check JWT is not expired (exp > now())

    • in case of error - return 401 ('JWT expired')

  • Check JWT is with correct aud : cabinet-registration, pis-registration, trusted-client.

    • in case of error - return 401 ('JWT is not permitted for this action')

...