Purpose
This WS is used to describe patient sign-up flow to using Patient Information System (PIS).
Key points
This flow is based on current Auth Sign-up UI FE page with existing and modified back-end calls.
Patient registration is performed using pre-signed request on PIS side.
Sequence diagram
Patient sign-up flow
PIS: Prepare patient sign-up data
Obtain nonce (one time JWT) from RC Get nonce endpoint
Prepare filled patient registration request
Sign patient registration request, patient consents and nonce with patients digital signature
Submit pre-signed patient sign-up content to https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/17525606455 eHeath Auth page as query parameter according to table:
query param | M/O | Comment |
---|---|---|
client_id | M | PIS |
redirect_uri | M | PIS |
scope | O | List of scopes that must be approved by user |
user_data | M | Pre-signed patient sign-up content, base64 encoded |
Auth UI: Validate query parameters
Validate query params, obtained from PIS.
check
client_id
exists and is not emptyin case of error - return 'Не вказаний ідентифікатор додатку для авторизації'
check
redirect_uri
exists and is not emptyin case of error - return ‘Не вказано адресу зворотнього визову’
check
user_data
exists and is not emptyin case of error - return ‘Не вказано дані для реєстрації’
Auth UI: Initialize sign-up request validation
Submit sign-up content to https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/17525606470 endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
| Const: ‘base64’ |
Validate methods response:
in case 200 with patien data and jwt is returned - proceed to ‘Show patient data to confirm’, save jwt
in case error is returned - show error page with error message from endpoint response
Auth UI: Show patient data to confirm
In case sign-up request validation step completed successfully, Auth UI front-end renders patient data from sign-up validation endpoint response to confirm registration in the system with button ‘Accept and proceed’.
All rendered fields must be read-only.
Auth UI: Validate phone number
Submit patients phone number from sign-up content to Verify phone number endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
| Const: ‘SMS’ |
| MD5 hash of base64 decoded |
Add Authorization header with jwt.
Validate methods response:
in case 200 with result = ‘OTP sent’ and next_step = ‘REQUEST_OTP’ - add field for patient to input OTP, obtained from SMS, after code is submitted - proceed to ‘Confirm patient sign-up form’
in case 200 with result = ‘Verified’ - proceed to ‘Confirm patient sign-up form’
in case error is returned - show error page with error message from endpoint response
Auth UI: Confirm patient sign-up form
Submit patients sign-up content with optional OTP to https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/17525606489 endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
| Const: ‘base64’ |
| OTP, if necessary |
Add Authorization header with jwt.
Validate methods response:
in case 201 with patient data, user data and session token is returned - proceed to ‘Show consent page’
in case error is returned - show error page with error message from endpoint response
Auth UI: Show consent page
Obtain list of scopes, that must be approved by patient (from query params or based on user roles and global user roles).
Obtain translations for list of scopes.
Show consent page with user and client data, as well as list of scopes translations with button ‘Accept and proceed’.
Auth UI: Accept scopes
Submit content to Authorize an Approval endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
|
|
|
|
|
|
Add Authorization header with session token.
Validate methods response:
in case 201 with session token is returned - redirect grant code to client
in case error is returned - show error message at Show consent page
Auth UI: Redirect grant code to redirect_uri
Redirect user with grant_code to
redirect_uri
from Authorize an Approval response
PIS: Obtain access and refresh token
Submit content to RC Exchange oAuth Code Grant to Access Token endpoint, fill in fields according to table:
Parameter | Comment |
---|---|
| Const: authorization_code |
| Obtained grant code |
|
|
| Client secret value |
|
|
Validate methods response:
in case 201 with access and refresh tokens is returned - save their values to PIS back-end
in case error is returned - show error message at PIS FE