This process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Use GET persom/{id}/ authentication_method to find authentication method' id of person
Specification
Authorize
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Get global parameters
Invoke Global parameters to get following parameter:
phone_number_auth_limit - Check if in table person_authentication_methods with type =
OTP
> N, thenerror 422, such a phone already exists more N times
third_person_limit - In table person_auth_methods with type =
THIRD_PERSON
> N, then error 422third_person_term
cURL example
curl -X GET \ {:host}/prm/api/global_parameters |
Validate request
if action = deactivate
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } }
if action = update
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "update", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744", "alias": "roksolana", "default": "true" } } }
if action = insert
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insert", "authentication_method": { "type": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673", "phone_number` : "+380656779678", "alias": "roksolana" } } }
Validate ids
Fiend value
is person.id
validate person.id UUID
in case error return 422
search person by person.id in MPI
in case error return 422, "Such person doesn't exist"
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.auth_method_requests.status = NEW or APPROVED, then
Change status of all found person requests:
SET IL_DB.authentication_method_requests.status = 'CANCELED' WHERE IL_DB.authentication_method_requests.id IN (:LIST) |
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
. (where person_auth_method.id = $authentication_method.id)If person < 14, check this auth_method.default=False
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
set
default
only for auth_method.type = THIRD_PERSONoptional field
default
must be only = TRUEalias
anddefault
is optiomal, but minimum one of two filds is required.
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE ,
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.if type = THIRD_PERSON,
value
,phone_number
,alias
are required.if type = THIRD_PERSON - Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valuevalidate value:
validate person.id is UUID
in case error return 422
search person by person.id in MPI
in case error return 422, "such person doesn't exist"
search person by person.id in MPI
in case error return 422, "third person must be active"
search third_person.age > 18 years:
in case error return 422, "third person must be adult"
validate third_person.auth_method !=N/A
in case error return 422, "third person must has auth method OTP or OFFLINE"
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return default auth method.
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
curl -X POST \ http://localhost:4000/verifications \ -H 'content-type: application/json' \ -d '{ "phone_number": "+380936235985" }' |
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}