Table of Contents | ||||
---|---|---|---|---|
|
Purpose
This process describes adding an additional authentication method to an existing person.
...
, update authentication method and delete it.
Use GET persom/{id}/ authentication_method to find authentication method' id of person.
Specification
Authorize
Verify the validity of access token
Check user scope append_auth_method:write in order to perform this action
Get global parameters
Invoke Global parameters to get following parameter:
Page Properties | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Global and configurable parameters
Variable | Values | Description |
---|---|---|
phone_number_auth_limit | Check if in table person_authentication_methods with | |
third_person_limit | In table person_auth_methods with type = | |
third_person_term | parameter is used for calculation of ended_at data for authentication method type = THIRD_PERSON | |
person_with_third_person_limit | In table person_auth_methods with type = |
...
THIRD_PERSON >N, then error 422 | ||
no_self_auth_age | In table person now()-birth_date <=N & person_auth_methods with type = |
cURL example
Expand | ||
---|---|---|
| ||
|
...
|
...
Validate request
...
Input parameters
Input parameter | Values | Type | Description | Example |
---|---|---|---|---|
id | String | Person identifier. Required |
|
Dictionaries
AUTHENTICATION_METHOD
DOCUMENT_TYPE
Request structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Authorize
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Headers
Content-Type:application/json
Authorization:Bearer {{access_token}}
api-key:{{secret}}
Request data validation
Validate Patient
Get person_id from URL
Validate id:
validate person.id UUID
in case error return
404
search person by person.id in MPI
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active & is_active = true)
in case error return
409
, "Such person isn't active"
Validate request
if action = deactivate
Code Block |
---|
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } } |
if action = update
Code Block |
---|
{ |
...
"$schema": "http://json-schema.org/draft-04/schema#", "type": "object", |
...
"properties": { |
...
"action": "update", " |
...
authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744", " |
...
alias": " |
...
roksolana" } } } |
...
|
if action = insert
Code Block |
---|
{ |
...
"$schema": "http://json-schema.org/draft-04/schema#", " |
...
type": |
...
"object", |
...
"properties": { |
...
" |
...
action": " |
...
insert", "authentication_method": { |
...
"type": "THIRD_PERSON", |
...
" |
...
value": |
...
"d12888c0-1159-4296-8f03-a592c136f673", |
...
"phone_number" |
...
: "+380656779678", |
...
"alias": "roksolana" |
...
} } |
...
Validate person id
Fiend value
is person.id
...
validate person_id UUID
in case error return 422
...
}
|
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.authentication_method_requests.status = NEW, then
Change status of all found person requests:
|
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
(where person_auth_method.id = $authentication_method.id), else return error 422“Only THIRD_PERSON authentication method type could be deactivated
"Check this auth_method is not primary & there are more than one authentication method for person:
in case of error return 422, “
You can't deactivate the last authentication method
“
Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"Validate that auth_method is active ( person_authentication_methods.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
alias
is required.Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
validate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "
Person already has auth method OFFLINE
"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = false)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON
value
,phone_number
,alias
are requiredValidate value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
...
404
, "
...
such person doesn't exist"
Validate
Field type
must be third_person
.
Generate verification code
Invoke Initialize OTP to generate one time password and send it to third_person number (that is added as a new auth method). At this stage, the patients receive an SMS message.
Phone_numbers:
search person by person.id in MPI and validate that is_active = true & status = active, else:
in case error return 422, "third person must be active"
search third_person.age > prm.global_parameters.no_self_auth_age years:
in case error return 422, "
Incorrect person age for such an action
"
validate third_person.auth_method != (MPI.person_auth_methods.ended_at <= now())
in case error return 422, "third person must has auth method OTP or OFFLINE"
Validate
phone_number
with mpi.person_auth_method.
...
mpi.person_auth_method.value, where person_id = $.third_person.id and type = OTP
cURL example
phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.value
auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE
= False - validate that third_person has self method = OTP, else:error
THIRD PERSON can't have OFFLINE self auth method type
validate if THIRD_PERSON != person, else return error 422
Person can't add himself as THIRD_PERSON
validate if person’s authentication method with type THIRD_PERSON with the same value, else return error 422
Such person id is already used in existing person's authorization methods
check if person have authentication method with type THIRD_PERSON less
person_with_third_person_limit
times, else return error 422,Limit of authentication methods with THIRD_PERSON type is exhausted
Processing
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now()) if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else error - “
Person can't be authorized with NA authentication method
“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
Expand | ||
---|---|---|
| ||
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}
Response structure
See on Apiary
Example:
Expand | ||
---|---|---|
| ||
|
Expand | ||
---|---|---|
| ||
|
HTTP status codes
Page Properties | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|