Purpose
This WS is used to describe sign-up flow for patient via confidant person to using Patient Information System (PIS).
Key points
This flow is based on current Auth Sign-up UI FE page with existing and modified back-end calls.
This flow requires user to be already authenticated to prove his relationship with person to be registered
Patient registration is performed using pre-signed request on PIS side.
Sequence diagram
Patient sign-up flow
PIS: Prepare patient sign-up data
Authenticate as existing user that has confirmed relationship with patient
Fill in patient registration request
Sign patient registration request, patient consents with digital signature
Submit pre-signed patient sign-up content to PIS. Confidant patient sign-up as query parameter according to table:
query param | M/O | Comment |
---|---|---|
client_id | M | PIS |
redirect_uri | M | PIS |
scope | M | List of scopes that must be approved by user |
user_data | M | Pre-signed patient sign-up content, base64 encoded |
token | M | Token of authenticated user |
Auth UI: Validate query parameters
Validate query params, obtained from PIS.
check
client_id
exists and is not emptyin case of error - return 'Не вказаний ідентифікатор додатку для авторизації'
check
redirect_uri
exists and is not emptyin case of error - return ‘Не вказано адресу зворотнього визову’
check
scope
exists and is not emptyin case of error - return ‘Не вказано скоупів для авторизації’
check
user_data
exists and is not emptyin case of error - return ‘Не вказано дані для авторизації’
check
token
exists and is not emptyin case of error - return ‘Не вказано токен особи для авторизації’
Auth UI: Initialize sign-up request validation
Submit sign-up content to https://edenlab.atlassian.net/wiki/spaces/EH/pages/3750264854/PIS.+Confidant+patient+sign-up+validation endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
| Const: ‘base64’ |
Headers:
Authorization: token
from query params
Validate methods response:
in case 200 with patien data and jwt is returned - proceed to ‘Show patient data to confirm’, save jwt
in case error is returned - show error page with error message from endpoint response
Auth UI: Show patient data to confirm
In case sign-up request validation step completed successfully, Auth UI front-end renders patient data from sign-up validation endpoint response to confirm registration in the system with button ‘Accept and proceed’.
All rendered fields must be read-only.
Auth UI: Confirm patient sign-up form
Submit patients sign-up content with optional OTP to https://edenlab.atlassian.net/wiki/spaces/EH/pages/3742531590/PIS.+Confidant+patient+sign-up+registration endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
| Const: ‘base64’ |
Add Authorization header with jwt.
Validate methods response:
in case 201 with patient data, user data and session token is returned - proceed to ‘Show consent page’
in case error is returned - show error page with error message from endpoint response
Auth UI: Show consent page
Obtain list of scopes, that must be approved by patient (from query params or based on user roles and global user roles).
Obtain translations for list of scopes.
Show consent page with user and client data, as well as list of scopes translations with button ‘Accept and proceed’.
Auth UI: Accept scopes
Submit content to /wiki/spaces/PCAB/pages/17422811155 endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
|
|
|
|
Add Authorization header with session token.
Validate methods response:
in case 201 with session token is returned - redirect grant code to client
in case error is returned - show error message at Show consent page
Auth UI: Redirect grant code to redirect_uri
Redirect user with grant_code to
redirect_uri
from Authorize an Approval response
PIS: Obtain access and refresh token
Submit content to /wiki/spaces/PCAB/pages/17452269702 endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
| Const: authorization_code |
| Obtained grant code |
|
|
| Client secret value |
|
|
Validate methods response:
in case 201 with access and refresh tokens is returned - save their values to PIS back-end
in case error is returned - show error message at PIS FE