Table of Contents | ||||
---|---|---|---|---|
|
Required parameters are marked with "*"
...
Purpose*
API paragraph not found
Specification*
...
Link
...
Purpose
This WS allows to get nonce (one time JWT) for active client of the system.
Key points
This is a REST method used only by active client of the system.
Specification
Page Properties | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Logic*
Code Block |
---|
{
"aud": "mithril-login",
"exp": 1523439201,
"iat": 1523438301,
"iss": "EHealth",
"jti": "efe1f08e-d4b4-4cef-a02c-78ea4a1dda25",
"nbf": 1523438300,
"nonce": 123,
"sub": 123,
"typ": "access"
}
|
Request structure*
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
...
|
Logic
Service logic
Fetch JWT TTL value from
JWT_LOGIN_TTL
env parameter (in minutes).Generate JWT with following parameters:
alg =
HS512
aud =
trusted-client
ifclient_type
= TRUSTED_PIS, elsemithril-login
exp = iat +
JWT_LOGIN_TTL
iat = now()
iss =
EHealth
jti = generate uuid of JWT
nbf = now() - 1 second
nonce = generate uuid of nonce
sub = nonce
typ =
access
Render a response according to specification.
Request structure
See on Apiary
Authorize
API paragraph not found
Headers
...
Наприклад:
Content-Type:application/json
Request data validation
...
API paragraph not found
Processing*
API paragraph not found
...
Validate request
Check
client_id
is submittedin case of error - return 422 ('can't be blank')
Check
client_id
exists in mithril databasein case of error - return 404 ('Client is not found.')
Check
client_id
is not blocked (is_blocked != true)in case of error - return 401 ('Client is blocked')
Validate client type
Get
client_type
fromclient_id
Check
client_secret
is submitted ifclient_type
= TRUSTED_PISin case of error - return 422 ('required property <property> was not present')
Check
client_secret
belongs to client (through connections table)in case of error - return 401 ('Invalid client id or secret.')
Processing
Response structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
Post-processing processes
...
API paragraph not found
HTTP status codes
...
Page Properties | ||||||
---|---|---|---|---|---|---|
|
...