RC Get nonce

Purpose

This WS allows to get nonce (one time JWT) for active client of the system.

Key points

1. This is a REST method used only by active client of the system.

Specification

Apiary

Validate request

• Check client_id is submitted

  • in case of error - return 422 ('can't be blank')

• Check client_id exists in mithril database

  • in case of error - return 404 ('Client is not found.')

• Check client_id is not blocked (is_blocked != true)

  • in case of error - return 401 ('Client is blocked')

Validate client type

• Get client_type from client_id

• Check client_secret is submitted if client_type = TRUSTED_PIS

  • in case of error - return 422 ('required property <property> was not present')

• Check client_secret belongs to client (through connections table)

  • in case of error - return 401 ('Invalid client id or secret.')

Service logic

1. Fetch JWT TTL value from JWT_LOGIN_TTL env parameter (in minutes).

2. Generate JWT with following parameters:

   1. alg = HS512

   2. aud = trusted-client if client_type = TRUSTED_PIS, else mithril-login

   3. exp = iat + JWT_LOGIN_TTL

   4. iat = now()

   5. iss = EHealth

   6. jti = generate uuid of JWT

   7. nbf = now() - 1 second

   8. nonce = generate uuid of nonce

   9. sub = nonce

   10. typ = access

3. Render a response according to specification.