Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Purpose

This WS allows to get nonce (one time JWT) for active client of the system.

Key points

  1. This is a REST method used only by active client of the system.

Specification

Apiary

Validate request

  • Check client_id is submitted

    • in case of error - return 422 ('can't be blank')

  • Check client_id exists in mithril database

    • in case of error - return 404 ('Client is not found.')

  • Check client_id is not blocked (is_blocked != true)

    • in case of error - return 401 ('Client is blocked')

Validate client type

  • Get client_type from client_id

  • Check client_secret is submitted if client_type = TRUSTED_PIS

    • in case of error - return 422 ('required property <property> was not present')

  • Check client_secret belongs to client (through connections table)

    • in case of error - return 401 ('Invalid client id or secret.')

Service logic

  1. Fetch JWT TTL value from JWT_LOGIN_TTL env parameter (in minutes).

  2. Generate JWT with following parameters:

    1. alg = HS512

    2. aud = trusted-client if client_type = TRUSTED_PIS, else mithril-login

    3. exp = iat + JWT_LOGIN_TTL

    4. iat = now()

    5. iss = EHealth

    6. jti = generate uuid of JWT

    7. nbf = now() - 1 second

    8. nonce = generate uuid of nonce

    9. sub = nonce

    10. typ = access

  3. Render a response according to specification.