PIS. Delete approval (apps)

1 Purpose
2 Key points
3 Specification
4 Authorization
5 Validate request
- 5.1 Validate x-consumer-id (user)
- 5.2 Validate resource owner
6 Service logic
- 6.1 Delete approvals in Mithril
- 6.2 Blacklist approval

Purpose

This WS is designed to delete existing approval to revoke access granted to client. Deleting approval will force client to re-request access from user

Key points

Only active approvals is returned
Approvals filtered by the user based on token details
It is allowed to search approvals (e.g.: by client name)

Specification

Apiary

Authorization

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”)
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = app:delete_pis)
- return 403 (“Your scope does not allow to access this resource. Missing allowances: app:delete_pis”) in case of invalid scope(s)

Validate request

Validate x-consumer-id (user)

Ensure that header x-consumer-id passed to request
- in case of error - 401 ('Unauthorized')

Validate resource owner

Ensure that requested resource belongs to the authenticated user (invoke Mithril.Rpc, :app_by_id, check that user_id = x-consumer-id)
- in case of error - 403 ('Forbidden')

Service logic

Delete approvals in Mithril

Service must operate only with user-related approvals

Call Mithril to delete requested approval and all associated active tokens

Mithril.Api

Mithril.Rpc: :delete_app

Blacklist approval

To blacklist associated active access tokens in JWT format, add key blacklist_app_id_<<approval_id>> to redis database with TTL = AUTH_ACCESS_TOKEN_LIFETIME config parameter.