Table of Contents |
---|
Purpose
This WS allows to get nonce (one time JWT) for active client of the system.
Key points
This is a REST method used only by active client of the system.
Specification
Validate request
Check
client_id
is submittedin case of error - return 422 ('can't be blank')
Check
client_id
exists in mithril databasein case of error - return 404 ('Client is not found.')
Check
client_id
is not blocked (is_blocked != true)in case of error - return 401 ('Client is blocked')
Validate client type
Get
client_type
fromclient_id
Check
client_secret
is submitted ifclient_type
= TRUSTED_PISin case of error - return 422 ('required property <property> was not present')
Check
client_secret
belongs to client (through connections table)in case of error - return 401 ('Invalid client id or secret.')
Service logic
Fetch JWT TTL value from
JWT_LOGIN_TTL
env parameter (in minutes).Generate JWT with following parameters:
alg =
HS512
aud =
trusted-client
ifclient_type
= TRUSTED_PIS, elsemithril-login
exp = iat +
JWT_LOGIN_TTL
iat = now()
iss =
EHealth
jti = generate uuid of JWT
nbf = now() - 1 second
nonce = generate uuid of nonce
sub = nonce
typ =
access
Render a response according to specification.