Table of Contents | ||||
---|---|---|---|---|
|
Purpose
This WS process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Use GET persom/{id}/ authentication_method to find authentication method' id of person.
Specification
Page Properties | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Global and configurable parameters
Variable | Values | Description |
---|---|---|
phone_number_auth_limit | Check if in table person_authentication_methods with | |
third_person_limit | In table person_auth_methods with type = | |
third_person_term | parameter is used for calculation of ended_at data for authentication method type = THIRD_PERSON | |
person_with_third_person_limit | In table person_auth_methods with type = THIRD_PERSON >N, then error 422 | |
no_self_auth_age | In table person now()-birth_date <=N & person_auth_methods with type = |
cURL example
Expand | ||
---|---|---|
| ||
|
Input parameters
Input parameter | Values | Type | Description | Example |
---|---|---|---|---|
id | String | Person identifier. Required |
|
Dictionaries
AUTHENTICATION_METHOD
DOCUMENT_TYPE
...
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
...
Headers
Content-Type:application/json
...
api-key:{{secret}}
Request data validation
Validate Patient
Get person_id from URL
Validate id:
validate person.id UUID
in case error return
404
search person by person.id in MPI
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active & is_active = true)
in case error return
409
, "Such person isn't active"
Validate request
if action = deactivate
Code Block | language | json
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } } |
...
Code Block |
---|
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"action": "update",
"authentication_method": {
"id": "057413fb-2c2e-4f33-b2d6-433469212744",
"alias": "roksolana"
}
}
}
|
if action = insert
Code Block |
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insert", "authentication_method": { "type": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673", "phone_number`number" : "+380656779678", "alias": "roksolana" } } } |
Validate ids
Fiend value
is person.id
validate person.id UUID
in case error return
404
search person by person.id in MPI or person.is_active = false
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active)
in case error return
409
, "Such person isn't active"
validate that auth_method is active ( person.auth_method.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
|
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.authauthentication_method_requests.status = NEW, then
Change status of all found person requests:
|
Validate by actions
if action = deactivate
Field
checktype
must beTHIRD_PERSON
. (where person_auth_method.id = $authentication_method.id), else return error 422
“Only THIRD_PERSON authentication method type could be deactivated
"Check this auth_method is not primary auth& there are more than one authentication method for person:
in case of error return 422, “
You can't deactivate the last authentication method
“
Check if authentication_method_current != null (null is set if MPI.person_authNA, else return error 422 “
Person can't be authorized with NA authentication method
"Validate that auth_method is active ( person_authentication_methods.ended_at <= > now())
in case error return
422
, “Authentication method isn’t active”
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
alias
is required.authCheck if authentication_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())NA, else return error 422 “
Person can't be authorized with NA authentication method
"
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
Verificate validate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE ,
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "
Person already has auth method OFFLINE
"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = Falsefalse)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON,
value
,phone_number
,alias
are required.Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE
= False - validate that third_person has self method = OTP, else:error
THIRD PERSON can't have OFFLINE self auth method type
...
value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
422
404
, "such person doesn't exist"
search person by person.id in
MPI and validate that is_active = true & status = active, else:
in case error return 422, "third person must be active"
search third_person.age > prm.global_parameters.no_self_auth_age years:
in case error return 422, "
Incorrect person age for such an action
"
validate third_person.auth_method != (MPI.person_auth_methods.ended_at <= now())
in case error return 422, "third person must has auth method OTP or OFFLINE"
Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE
= False - validate that
third_person has self method = OTP, else:
error
THIRD PERSON can't have OFFLINE self auth method type
validate if THIRD_PERSON != person, else return error 422
Person can't add himself as THIRD_PERSON
validate if person’s authentication method with type THIRD_PERSON with the same value, else return error 422
Such person id is already used in existing person's authorization methods
check if person have authentication method with type THIRD_PERSON less
person_with_third_person_limit
times, else return error 422,Limit of authentication methods with THIRD_PERSON type is exhausted
Processing
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now()) if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else errror error - “
Person can't be authorized with NA authentication method
“
...
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
...
Expand | ||
---|---|---|
| ||
|
...
Page Properties | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|