Purpose
This WS describes adding an additional authentication method to an existing person, update authentication method and delete it.
Specification
Global and configurable parameters
Variable | Values | Description |
|---|---|---|
phone_number_auth_limit | Check if in table person_authentication_methods with type = | |
third_person_limit | In table person_auth_methods with type = | |
third_person_term | ||
person_with_third_person_limit |
cURL example
Input parameters
Input parameter | Values | Type | Description | Example |
|---|---|---|---|---|
id | String | Person identifier. Required |
|
Dictionaries
AUTHENTICATION_METHOD
DOCUMENT_TYPE
Request structure
See on Apiary
Example:
Authorize
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Request to process the request using a token in the headers.
Headers
Content-Type:application/json
Authorization:Bearer {{access_token}}
api-key:{{secret}}
Request data validation
Validate request
if action = deactivate
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"action": "deactivate",
"authentication_method": {
"id": "057413fb-2c2e-4f33-b2d6-433469212744"
}
}
}
if action = update
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"action": "update",
"authentication_method": {
"id": "057413fb-2c2e-4f33-b2d6-433469212744",
"alias": "roksolana"
}
}
}
if action = insert
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"action": "insert",
"authentication_method": {
"type": "THIRD_PERSON",
"value": "d12888c0-1159-4296-8f03-a592c136f673",
"phone_number` : "+380656779678",
"alias": "roksolana"
}
}
}
Validate ids
Fiend value is person.id
validate person.id UUID
in case error return
404
search person by person.id in MPI or person.is_active = false
in case error return
404, "Such person doesn't exist"
validate that person is active ( person.status = active)
in case error return
409, "Such person isn't active"
validate that auth_method is active ( person.auth_method.ended_at > now())
in case error return
422, “Authentication method isn’t active”
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.auth_method_requests.status = NEW, then
Change status of all found person requests:
SET IL_DB.authentication_method_requests.status = 'CANCELED' WHERE IL_DB.authentication_method_requests.id IN (:LIST) |
Validate by actions
if action = deactivate
Field
typemust beTHIRD_PERSON. (where person_auth_method.id = $authentication_method.id)check this auth_method is not primary
auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
aliasis required.auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if action = insert
if type = OTP ,
phone_numberis required andvalueshouldn’t be set. And fieldaliasis optional.validate that person.age >global_parameters.no_self_auth_age
Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE ,
phone_numberandvalueshouldn’t be set . And fieldaliasis optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "Person already has auth method OFFLINE"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = False)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON,
value,phone_number,aliasare required.Validate
phone_numberwith mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE= False - validate that third_person has self method = OTP, else:error
THIRD PERSON can't have OFFLINE self auth method type
validate value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
422, "such person doesn't exist"
search person by person.id in MPI
in case error return 422, "third person must be active"
search third_person.age > prm.global_parameters.no_self_auth_age years:
in case error return 422, "third person must be adult"
validate third_person.auth_method != (MPI.person_auth_methods.ended_at <= now())
in case error return 422, "third person must has auth method OTP or OFFLINE"
validate that person hasn’t this third_person isn’t already as third_person
Processing
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now()) if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else errror - “
Person can't be authorized with NA authentication method“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}
Response structure
See on Apiary
Example: