ЕСОЗ - публічна документація
Manage more than one client connections
- Aleksandr Virny (Unlicensed)
- Dmytro Kulibaba (Unlicensed)
- sveta vedmed (Unlicensed)
- Petro Lymych
- 1 Key features
- 2 Overview
- 3 DB Objects
- 3.1 connections
- 3.2 clients
- 4 Process changes
- 5 API
- 5.1 Get clients
- 5.1.1 Specification
- 5.1.2 Validation
- 5.1.2.1 Authorization
- 5.1.2.2 Context
- 5.1.2.3 Prepare response
- 5.2 Get client details
- 5.2.1 Specification
- 5.2.2 Validation
- 5.2.2.1 Authorization
- 5.2.2.2 Context
- 5.2.2.3 Prepare response
- 5.3 Get client connections
- 5.3.1 Specification
- 5.3.2 Validation
- 5.3.2.1 Authorization
- 5.3.2.2 Context
- 5.3.2.3 Prepare response
- 5.4 Get client connection details
- 5.4.1 Specification
- 5.4.2 Validation
- 5.4.2.1 Authorization
- 5.4.2.2 Context
- 5.4.2.3 Prepare response
- 5.5 Private. Put client connection
- 5.5.1 Logic
- 5.6 Update client connection
- 5.6.1 Specification
- 5.6.2 Validation
- 5.6.2.1 Authorization
- 5.6.2.2 Context
- 5.6.2.3 Request validation
- 5.6.2.4 Logic
- 5.7 Delete client connection
- 5.7.1 Specification
- 5.7.2 Validation
- 5.7.2.1 Authorization
- 5.7.2.2 Context
- 5.7.2.3 Logic
- 5.8 Refresh client secret
- 5.8.1 Specification
- 5.8.2 Validation
- 5.8.2.1 Authorization
- 5.8.2.2 Context
- 5.8.2.3 Logic
- 5.1 Get clients
Key features
During Legal Entity creation process - create new separated configuration for each consumer (MIS)
Manage different configurations for different consumers via API
Secure Client Secret - do not share Client Secret between different consumers
Handle more than one redirect_uri for each consumer
Overview
DB Objects
connections
Attribute | Type | M/O | Description |
|---|---|---|---|
id | Uuid | M | Unique record identifier |
client_id | Uuid | M | id od client that provides connection. FK clients.id |
consumer_id | Uuid | M | id of client that will consume connection. FK clients.id |
secret | String | M | |
redirect_uri | String | M | |
inserted_at | Timestamp | M | |
updated_at | Timestamp | M |
clients
Some fields must be removed from clients table
Attribute | Type | M/O | Description |
|---|---|---|---|
secret | String | M | |
redirect_uri | String | M |
Process changes
Create/Update legal entity
Added new API call to create client connection
See IL.Create/Update Legal Entity
Authorize approval
redirect_uri must be validated against all connections related to client and must matches with connections.redirect_uri
Exchange code grant to access token
Validate that there is a connection related to a specified client with this secret
Validate that redirect_uri matches with redirect_uri for found connection
API
Get clients
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope client:read in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service must return list of clients filtered by context depending on client type
Extract client_type from token
Filter response:
Mithril Admin - receives all client records without context
MSP, MIS, PHARMACY - receives only its own client
Prepare response
Query data from mithril.clients using context
Get client details
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope client:read in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service must returns client details for specified ID and is restricted by context
Extract client_type from token
Validate specified ID according to context:
Mithril Admin - receives all client records
MSP, MIS, PHARMACY - receives only its own client
in case of error generate 403 response ('forbidden')
Prepare response
Query data from mithril.clients using specified ID
Get client connections
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope connection:read in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service must return list of clients connections for specified client ID. Client connections are restricted by Client ID and its context
Extract client_type from token
Validate specified Client ID according to context:
Mithril Admin - receives all client records
MSP, MIS, PHARMACY - receives only its own client
in case of error generate 403 response ('forbidden')
Prepare response
Query data from mithril.connections for specified Client ID
Hide secret from response
Get client connection details
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope connection:read in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service must return connections details for specified client ID and connection ID. Client connections are restricted by Client ID and its context
Extract client_type from token
Validate specified Client ID according to context:
Mithril Admin - receives all client records
MSP, MIS, PHARMACY - receives only its own client
in case of error generate 403 response ('forbidden')
Prepare response
Query data from mithril.connections for specified Client ID and Connection ID
Hide secret from response
Private. Put client connection
This method is only for internal use. There is no public API to create connection (at the moment)
Logic
Generate new secret value
UpSet record in mithril.connections for specified Client ID and Consumer ID
Update client connection
Only redirect uri can be updated using this method
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope connection:write in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service manages connections restricted by Client ID and context
Extract client_type from token
Validate specified Client ID according to context:
MSP, MIS, PHARMACY - receives only its own client
in case of error generate 403 response ('forbidden')
Request validation
Validate according JSON Schema
Return 422 with list of validation errors in case validation fails
Logic
Update mithril.connections for specified Connection ID and replace redirect_uri with the value from request
Hide secret from response
Delete client connection
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope connection:delete in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service manages connections restricted by Client ID and context
Extract client_type from token
Validate specified Client ID according to context:
MSP, MIS, PHARMACY - receives only its own client
in case of error generate 403 response ('forbidden')
Logic
Delete record from mithril.connections for specified Connection ID
Refresh client secret
Specification
Validation
Authorization
Verify the validity of access token
in case of error return 401 ('Access denied')
Check user scope connection:delete in order to perform this action
in case of error generate 403 response ('Invalid scopes')
Context
This service manages connections restricted by Client ID and context
Extract client_type from token
Validate specified Client ID according to context:
MSP, MIS, PHARMACY - receives only its own client
in case of error generate 403 response ('forbidden')
Logic
Generate new secret for specified Connection ID and update it in mithril.connections for specified Connection ID
ЕСОЗ - публічна документація