...
Register users in Cabinet via integrated system of digital identification.
Endpoints used for integration is described here
Sequence diagram
Auth Flow
Front-end: ReCaptcha validation
...
- Get AuthRequest from in-memory DB
- Validate AuthRequest:
- if AuthRequest not found - return 401 error
- if AuthRequest expired - return 401 error
- Validate reCAPTCHA token (state):
- if invalid - return 401 error
- Exchange authorization code to access token in id.gov.ua ua (API documentation)
- Get User Info (tax_id, first_name, last_name, email) by access token from id.gov.ua (API documentation)
Mithril: Create UserRequest
- Search user in
userstable bytax_id- if user found:
- Search person in MPI by user.person_id
- if person found → /wiki/spaces/EH/pages/583403011
- if person not found → continue registration
- if user not found → continue registration
- if user found:
- Create UserRequest with
tax_id,first_name,last_name,emailfields in temporary DB - Generate JWT with UserRequest id (
user_request_id) - Redirects to Front-end Sign-Up page with JWT
...
Process of person creation with id.gov.ua is very close to Sign Up 2.3 MPI/User Create/Update/wiki/spaces/PCAB/pages/583402002
The difference is that the form data is not signed and users personal data should be verified using UserRequest in Mithril, and not with DS
- Validate JWT expiration and claim
- if JWT is invalid - return 401 error
- Get
user_request_idfrom JWT - Get UserRequest from Mithril (Apiary)
- if UserRequest expired or not found - return 409 error
- Ignore
preferred_way_communicationfrom input and set it tophone - Validate Form input via Json Schema (described in Sign Up 2.3 MPI/User Create/Update/wiki/spaces/PCAB/pages/583402002)
- Create User in MPI (described in Sign Up 2.3 MPI/User Create/Update/wiki/spaces/PCAB/pages/583402002)
- Create Token for Consent dialog
- Send back created User, Patient and Token
...