Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

Purpose

...

This WS allows to get nonce (one time JWT) for active client of the system.

Key points

  1. This is a REST method used only by active client of the system.

Specification

Page Properties

Link

API paragraph not foundeHealth PIS API - Apiary

Resource

/oauth/nonce

Scope

Not required

Components

API paragraph not found

Microservices

API paragraph not found

Protocol type

REST

Request type

GET

Sync/Async

API paragraph not found

Public/Private/Internal

Internal. Cabinet

Logic

...

Service logic

  1. Fetch JWT TTL value from JWT_LOGIN_TTL env parameter (in minutes).

  2. Generate JWT with following parameters:

    1. alg = HS512

    2. aud = trusted-client if client_type = TRUSTED_PIS, else mithril-login

    3. exp = iat + JWT_LOGIN_TTL

    4. iat = now()

    5. iss = EHealth

    6. jti = generate uuid of JWT

    7. nbf = now() - 1 second

    8. nonce = generate uuid of nonce

    9. sub = nonce

    10. typ = access

  3. Render a response according to specification.

Request structure

See on Apiary

Example:

...

titleRequest example

...

...

{
  "client_id": "30074b6e-fbab-4dc1-9d37-88c21dab1847"
}

Authorize

API paragraph not found

Headers

...

  • Content-Type:application/json

Request data validation

API paragraph not found

Processing

...

Validate request

  • Check client_id is submitted

    • in case of error - return 422 ('can't be blank')

  • Check client_id exists in mithril database

    • in case of error - return 404 ('Client is not found.')

  • Check client_id is not blocked (is_blocked != true)

    • in case of error - return 401 ('Client is blocked')

Validate client type

  • Get client_type from client_id

  • Check client_secret is submitted if client_type = TRUSTED_PIS

    • in case of error - return 422 ('required property <property> was not present')

  • Check client_secret belongs to client (through connections table)

    • in case of error - return 401 ('Invalid client id or secret.')

Processing

Response structure

See on Apiary

...