This process describes adding an additional authentication method to an existing person.
Specification
Authorize
Verify the validity of access token
Check user scope append_auth_method:write in order to perform this action
Get global parameters
Invoke Global parameters to get following parameter:
third_person_limit
In table person_auth_methods with type = third_person > N, then error 422
cURL example
curl -X GET \
{:host}/prm/api/global_parameters
|
Validate request
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"auth_method_request": {
"type": "object",
"properties": {
"type": {
"enum": [
"THIRD_PERSON"
]
},
"value": {
"type": "string"
},
"alias": {
"type": "string"
}
},
"required": [
"type",
"phone_number",
"alias"
]
}
}
}
Validate person id
Fiend value is person.id
validate person_id UUID
in case error return 422
search person by person_id in MPI
in case error return 422, "Such person doesn't exist"
Validate
Field type must be third_person.
Generate verification code
Invoke Initialize OTP to generate one time password and send it to third_person number (that is added as a new auth method). At this stage, the patients receive an SMS message.
Phone_numbers:
mpi.person_auth_method.value, where person_id = $.person_id and id_primary=True
mpi.person_auth_method.value, where person_id = $.third_person.id and type = OTP
cURL example
curl -X POST \
http://localhost:4000/verifications \
-H 'content-type: application/json' \
-d '{
"phone_number": "+380936235985"
}'
|