This process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Use GET persom/{id}/ authentication_method to find authentication method' id of person
Specification
Authorize
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Get global parameters
Invoke Global parameters to get following parameter:
phone_number_auth_limit - Check if in table person_authentication_methods with type =
OTP
> N, thenerror 422, such a phone already exists more N times
third_person_limit - In table person_auth_methods with type =
THIRD_PERSON
> N, then error 422third_person_term
cURL example
curl -X GET \ {:host}/prm/api/global_parameters |
Validate request
if action = deactivate
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } }
if action = update
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "update", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744", "alias": "roksolana" } } }
if action = insert
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insert", "authentication_method": { "type": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673", "phone_number` : "+380656779678", "alias": "roksolana" } } }
Validate ids
Fiend value
is person.id
validate person.id UUID
in case error return
404
search person by person.id in MPI or person.is_active = false
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active)
in case error return
409
, "Such person isn't active"
validate that auth_method is active ( person.auth_method.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.auth_method_requests.status = NEW, then
Change status of all found person requests:
SET IL_DB.authentication_method_requests.status = 'CANCELED' WHERE IL_DB.authentication_method_requests.id IN (:LIST) |
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
. (where person_auth_method.id = $authentication_method.id)check this auth_method is not primary
auth_method_current != NA
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
alias
is required.auth_method_current != NA
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE ,
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
else error - "Person already has auth method OFFLINE"
if type = THIRD_PERSON,
value
,phone_number
,alias
are required.Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != NA
validate value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
422
, "such person doesn't exist"
search person by person.id in MPI
in case error return 422, "third person must be active"
search third_person.age > 18 years:
in case error return 422, "third person must be adult"
validate third_person.auth_method !=N/A
in case error return 422, "third person must has auth method OTP or OFFLINE"
validate that person hasn’t this third_person isn’t already as third_person
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current !=NA if
action = deactivate
action = update
action = insert and type= THIRD_PERSON
else errror - “
person authentication method is undefined
“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
curl -X POST \ http://localhost:4000/verifications \ -H 'content-type: application/json' \ -d '{ "phone_number": "+380936235985" }' |
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}