ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1

Purpose

This WS allows to get nonce (one time JWT) for active client of the system.

Key points

  1. This is a REST method used only by active client of the system.

Specification

Apiary

Validate request

  • Check client_id is submitted

    • in case of error - return 422 ('can't be blank')

  • Check client_id exists in mithril database

    • in case of error - return 404 ('Client is not found.')

  • Check client_id is not blocked (is_blocked != true)

    • in case of error - return 401 ('Client is blocked')

Validate client type

  • Get client_type from client_id

  • Check client_secret is submitted if client_type = TRUSTED_PIS

    • in case of error - return 422 ('required property <property> was not present')

  • Check client_secret belongs to client (through connections table)

    • in case of error - return 401 ('Invalid client id or secret.')

Service logic

  1. Fetch JWT TTL value from JWT_LOGIN_TTL env parameter (in minutes).

  2. Generate JWT with following parameters:

    1. alg = HS512

    2. aud = trusted-client if client_type = TRUSTED_PIS, else mithril-login

    3. exp = iat + JWT_LOGIN_TTL

    4. iat = now()

    5. iss = EHealth

    6. jti = generate uuid of JWT

    7. nbf = now() - 1 second

    8. nonce = generate uuid of nonce

    9. sub = nonce

    10. typ = access

  3. Render a response according to specification.

  • No labels

ЕСОЗ - публічна документація