This process describes adding an additional authentication method to an existing person, update authentication method and delete it.

Specification

Apiary

Authorize

1. Verify the validity of access token

   • Check user scope authentication_method:write in order to perform this action

Get global parameters

Invoke Global parameters to get following parameter:

• phone_number_auth_limit - Check if in table person_authentication_methods  with type = OTP > N, then error 422, such a phone already exists more N times

• third_person_limit - In table person_auth_methods with type = THIRD_PERSON > N, then error 422

• third_person_term

cURL example

curl -X GET \
  {:host}/prm/api/global_parameters

Validate request

if action = deactivate

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "deactivate",
  "authentication_methods": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744"
    }
  }
}

if action = insert

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "insert",
  "authentication_methods": {
    "type": "THIRD_PERSON",
    "value": "d12888c0-1159-4296-8f03-a592c136f673",
    "phone_number` : "f6d9a852-a339-44ac-a682-8f7a8da9cca0",
    "alias": "roksolana"
    }
  }
}

if action = update

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "update",
  "authentication_methods": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744",
    "alias": "roksolana",
    "default": "true"
    }
  }
}

Validate ids

Fiend value is person.id

• validate person.id UUID

  • in case error return 422

• search person by person.id in MPI 

  • in case error return 422, "Such person doesn't exist"

Validate

Use GET persom/{id}/ authentication_method to find authentication method' id of person

1. if action = deactivate

   1. Field type must be THIRD_PERSON. (where person_auth_method.id = $authentication_method.id)

   2. If person < 14, check that count(auth_method, where person.auth_methods.person_id = $.person_id) >=1 left

2. if action = insert

   1. if type = OTP or OFFLINE, phone_number is required and don’t set value . And field alias is optional.

   2. if type = THIRD_PERSON, value is required and don’t set phone_number. And field alias is required.

   3. validate value:

      1. validate person.id is UUID

         • in case error return 422

      2. search person by person.id in MPI 

         • in case error return 422, "such person doesn't exist"

3. if action = update

   1. validate authentication_methods.id belong to this person. Search auth method of this person where  MPI.person_authentication_method.person_id = $.person.id

      1. in case error return 422, "such authentication method does not belong to this person"

   2. if the transferred method is the main one (default = TRUE), method that had this flag default = TRUE now has default = FALSE

   3. if person>18 and auth_method.type=THIRD_PERSON can’t set default= TRUE

Generate verification code

If action = insert

Invoke Initialize OTP to generate one time password and send it to third_person number (that is added as a new auth method). At this stage, the patients receive an SMS message.

Phone_numbers: mpi.person_auth_method.value, where person_id = $.third_person.id and type = OTP

cURL example

curl -X POST \
  http://localhost:4000/verifications \
  -H 'content-type: application/json' \
  -d '{
  "phone_number": "+380936235985"
}'

Generate upload URL

If action = insert

1. Validate authentication_method. If authentication method.type = third_person (and this third_person.auth_method = OFFLINE) - 

   1. Generate URL's with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})