Table of Contents | ||||
---|---|---|---|---|
|
Purpose
This process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Table of Contents |
---|
Specification
Authorize
Verify the validity of access token
Check user scope authentication_method:write in order to perform this action
Get global parameters
Invoke Global parameters to get following parameter:Use GET persom/{id}/ authentication_method to find authentication method' id of person.
Specification
Page Properties | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Global and configurable parameters
Variable | Values | Description |
---|---|---|
phone_number_auth_limit |
...
Check if in table person_authentication_methods with | ||
third_person_limit |
...
In table person_auth_methods with type = | ||
third_person_term | parameter is used for calculation of ended_at data for authentication method type = THIRD_PERSON | |
person_with_third_person_limit | In table person_auth_methods with type = THIRD_PERSON >N, then error 422 | |
no_self_auth_age | In table person now()-birth_date <=N & person_auth_methods with type = |
cURL example
Expand | ||
---|---|---|
| ||
|
...
|
Input parameters
Input parameter | Values | Type | Description | Example |
---|---|---|---|---|
id | String | Person identifier. Required |
|
Dictionaries
AUTHENTICATION_METHOD
DOCUMENT_TYPE
Request structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
Authorize
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Headers
Content-Type:application/json
Authorization:Bearer {{access_token}}
api-key:{{secret}}
Request data validation
Validate Patient
Get person_id from URL
Validate id:
validate person.id UUID
in case error return
404
search person by person.id in MPI
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active & is_active = true)
in case error return
409
, "Such person isn't active"
Validate request
if action = delete deactivate
Code Block | |
---|---|
json | { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deletedeactivate", "authentication_methodsmethod": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } } |
if action = insert
update
Code Block |
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insertupdate", "authentication_methodsmethod": { "typeid": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673057413fb-2c2e-4f33-b2d6-433469212744", "alias": "roksolana" } } } |
if action = update insert
Code Block |
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "updateinsert", "authentication_methodsmethod": { "type": "idTHIRD_PERSON", "value": "057413fbd12888c0-2c2e1159-4f334296-b2d68f03-433469212744a592c136f673", "aliasphone_number" : "roksolana+380656779678", "defaultalias": "trueroksolana" } } } |
Validate ids
Fiend value
is person.id
validate person.id UUID
in case error return 422
search person by person.id in MPI
in case error return 422, "Such person doesn't exist"
Validate
Use GET persom/{id}/ authentication_method to find authentication method' id of person
...
|
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.authentication_method_requests.status = NEW, then
Change status of all found person requests:
|
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
...
(where person_auth_method.id =
...
$authentication_method.id)
...
, else return error 422
“Only THIRD_PERSON authentication method type could be deactivated
"Check this auth_method is not primary & there are more than one authentication method for person:
in case of error return 422, “
You can't deactivate the last authentication method
“
Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"Validate that auth_method is active ( person_authentication_methods.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person
...
.id
in case error return 422, "such authentication method does not belong to this person"
alias
is required.Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"
if action = insert
if type = OTP
...
,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
validate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "
Person already has auth method OFFLINE
"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = false)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON
...
Start date: start_date = Current_date()
End date:
Code Block |
---|
if (person.age < 18) { end_date = min(birth_date + 18y - 1d, start_date + third_person_term);} else { end_date = start_date + third_person_term;} |
...
if action = update
if the transferred method is the main one (
default
= TRUE), method that had this flagdefault = TRUE
now hasdefault = FALSE
if person>18, can’t set
default
= TRUE where auth_method.type=THIRD_PERSON
Generate verification code
...
value
,phone_number
,alias
are requiredValidate value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
404
, "such person doesn't exist"
search person by person.id in MPI and validate that is_active = true & status = active, else:
in case error return 422, "third person must be active"
search third_person.age > prm.global_parameters.no_self_auth_age years:
in case error return 422, "
Incorrect person age for such an action
"
validate third_person.auth_method != (MPI.person_auth_methods.ended_at <= now())
in case error return 422, "third person must has auth method OTP or OFFLINE"
Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE
= False - validate that third_person has self method = OTP, else:error
THIRD PERSON can't have OFFLINE self auth method type
validate if THIRD_PERSON != person, else return error 422
Person can't add himself as THIRD_PERSON
validate if person’s authentication method with type THIRD_PERSON with the same value, else return error 422
Such person id is already used in existing person's authorization methods
check if person have authentication method with type THIRD_PERSON less
person_with_third_person_limit
times, else return error 422,Limit of authentication methods with THIRD_PERSON type is exhausted
Processing
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now()) if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else error - “
Person can't be authorized with NA authentication method
“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it to third_person number (that is added as a new auth method). At this stage, the patients receive an SMS message.
Phone_numbers: mpi.person_auth_method.value, where person_id = $.third_person.id and type = OTP
cURL where auth_method_requests.auth_method_current = OTP.
cURL example
Expand | ||
---|---|---|
| ||
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Generate upload URL
If action = insert
...
auth_method
...
_requests.auth_method
...
_current = OFFLINE
Generate URL's with type person.{$
...
.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}
Response structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
Expand | ||
---|---|---|
| ||
|
HTTP status codes
Page Properties | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|