Purpose

Collect factor from user,  save factor & type into token, create OTP for approval factor.

Request parameters

• token
• factor
• type

Logic WS

• Validate token & scope
• Validate request JSON-Schema for $.type=SMS
• Search user by token, validate user is blocked
• Get 2FA item by $.type  for non-blocked user by $.user_id

• SELECT *
  FROM authentication_factors AS 2FA
  	INNER JOIN user AS U
  		ON 2FA.user_id = U.id
  WHERE 
  	U.id = $.user_id
  		AND 2FA.type = $.type
  		AND U.is_active = TRUE
  		AND U.is_blocked = FALSE

  • For this valid conditions:

    Purpose	Conditions
    User change factor (from OLD on NEW) after successful authorization and getting access_token_type	(exist 2FA item for user) AND (token_type = access_token_type) AND (2FA.factor != "" AND  2FA.factor != NULL)
    User setting factor (from NULL on NEW, after Reset factor ) after successful getting 2fa_access_token_type	(exist 2FA item for user) AND (token_type = 2fa_access_token_type) AND (2FA.factor = "" OR  2FA.factor = NULL)

    • Update exist token (for token_type = 2fa_access_token_type) OR create new 2fa_access_token_type (if token_type in payload = access_token_type)
      • insert into `tokens.details` this attributes:
        • `request_authentication_factor` = $.factor
        • `request_authentication_factor_type` = $.type
    • invoke OTP timeout procedure
    • If successful - invoke internal function `create OTP (key)`, for 2FA.type = SMS, with params:
      • key = 2FA.faсtor
      • Get result of call `create OTP()` as `OTP_value` 
    • Sending (delivery) OTP via channel communication 
      • for 2FA.type = SMS - via SMS gateway API
        • mobile phone = 2FA.factor
        • SMS text = OTP_value 
        • ...
• Return 201
• ...

Response

• 201 if 2FA successful set new.factor  + 2FA_object_view
• 4xx in other case