Table of Contents | ||||
---|---|---|---|---|
|
Purpose
This process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Use GET persom/{id}/ authentication_method to find authentication method' id of person.
Specification
Page Properties |
---|
Table of Contents |
---|
Specification
Authorize
Verify the validity of access token
...
|
...
Get global parameters
...
|
Global and configurable parameters
Variable | Values | Description |
---|---|---|
phone_number_auth_limit |
...
Check if in table person_authentication_methods with | ||
third_person_limit |
...
In table person_auth_methods with type = | ||
third_person_term | parameter is used for calculation of ended_at data for authentication method type = THIRD_PERSON | |
person_with_third_person_limit | In table person_auth_methods with type = THIRD_PERSON >N, then error 422 | |
no_self_auth_age | In table person now()-birth_date <=N & person_auth_methods with type = |
cURL example
Expand | ||
---|---|---|
| ||
|
...
|
Input parameters
Input parameter | Values | Type | Description | Example |
---|---|---|---|---|
id | String | Person identifier. Required |
|
Dictionaries
AUTHENTICATION_METHOD
DOCUMENT_TYPE
Request structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
Authorize
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Headers
Content-Type:application/json
Authorization:Bearer {{access_token}}
api-key:{{secret}}
Request data validation
Validate Patient
Get person_id from URL
Validate id:
validate person.id UUID
in case error return
404
search person by person.id in MPI
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active & is_active = true)
in case error return
409
, "Such person isn't active"
Validate request
if action = deactivate
Code Block | |
---|---|
json | { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } } |
...
Code Block |
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "update", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744", "alias": "roksolana", "default": "true" } } } } |
if action = insert
Code Block |
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insert", "authentication_method": { "type": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673", "phone_number`number" : "+380656779678", "alias": "roksolana" } } } |
Validate ids
Fiend value
is person.id
validate person.id UUID
in case error return
404
search person by person.id in MPI or person.is_active = false
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active)
in case error return
422
, "Such person isn't active"
validate that auth_method is active ( person.auth_method.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
|
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.authauthentication_method_requests.status = NEW, then
Change status of all found person requests:
|
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
...
(where person_auth_method.id = $authentication_method.id)
...
, else return error 422
“Only THIRD_PERSON authentication method type could be deactivated
"Check this auth_method is not primary & there are more than one authentication method for person:
in case of error return 422, “
You can't deactivate the last authentication method
“
Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"Validate that auth_method is active ( person_authentication_methods.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
...
set default
only for auth_method.type = THIRD_PERSON
...
optional field default
must be only = TRUE
...
alias
is required.Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
...
validate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE
...
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "
Person already has auth method OFFLINE
"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = false)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON
...
value
,phone_number
,alias
are required
...
...
Validate
...
value
...
:
...
validate person.
...
id is UUID
in case error return
422
search person
...
by person.
...
id in MPI
in case error return
...
404
, "such person doesn't exist"
search person
...
by person.id in MPI and validate that is_active = true & status = active, else:
in case error return 422, "third person must be active"
search third_person.age >
...
prm.global_parameters.no_self_auth_age years:
in case error return 422, "
...
Incorrect person age for such an action
"
validate third_person.auth_method !
...
= (MPI.person_auth_methods.ended_at <= now())
in case error return 422, "third person must has auth method OTP or OFFLINE"
Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE
= False - validate that
...
third_person has self method = OTP, else:
error
THIRD PERSON can't have OFFLINE self auth method type
validate if THIRD_PERSON != person, else return error 422
Person can't add himself as THIRD_PERSON
validate if person’s authentication method with type THIRD_PERSON with the same value, else return error 422
Such person id is already used in existing person's authorization methods
check if person have authentication method with type THIRD_PERSON less
person_with_third_person_limit
times, else return error 422,Limit of authentication methods with THIRD_PERSON type is exhausted
Processing
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return default primary auth method.
Validate that auth_method_current != NA null (null is set if MPI.person_auth_methods.ended_at <= now()) if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else errror error - “
person authentication method is undefined
Person can't be authorized with NA authentication method
“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
Expand | ||
---|---|---|
| ||
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}
Response structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
Expand | ||
---|---|---|
| ||
|
HTTP status codes
Page Properties | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|