Versions Compared

Old Version 4

changes.mady.by.user Manzarul Haque

Saved on

compared with

New Version 5

changes.mady.by.user Manzarul Haque

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
titleCreate user body
Create User api request body:
URI: v3/user/create
Method: POST
Request body:

{
 "request":
      {
       "firstName":"name of user",
       "email":"valid and unique email id",
       "phone":"valid phone number",
       "password":"user password",
       "username" : "unique user name"
         
    }
}

Note:
 * is username is auto generated unique value or user has to enter it
* Do we need to take orgId or channel in create user to associate user with another rootOrg,.
* How to do validation for Indian phone number. As per PRD only Indian phone number is valid.
* Are we taking country code as well from user , or always will associate user country code as "+91"

Storage of user data pre-user creation:

   Requirement is sunbird should not create user into system unless or until it's verified. 

Proposed solution 1:

          Consumer (portal/app) can hold user data in local cache , and  once OTP is verified then only they make create user api call.


ProsCons
  1. Junk data won't be in system.
  2. System will always has verified user account.
  1. if you refresh cache or clear cache that might clear user store data.


   

Proposed solution 2: 

  User Data can be stored under sunbird as some temp  table and once user verify OTP then , it will move data from temp table to different other places , from where they can used it.


ProsCons
  1. All attempted user data is in sunbird
  1. it will have lot of unverified profile in sunbird. 


Google sign In:

 When user come to sunbird via Google sign in , Caller will do following check.

  •  If user already exist in sunbird  , then allow that user to do login.
  •  If user does not exist in sunbird then make below api call 
Code Block
languagejs
URI: 
Method: POST
Request body: 

 {
  "request": {
       "firstName":"",
       "email":"",
       "loginType":"",
       "verificationKey":"id_token in case of Google",
      }
}

Response: 
  same as create user api

* This api will do following validation:
   1.  Make Google api call by appending verificationkey in URL  as follows:
 https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={verificationKey}
   2. once verified then it will make create user api call to create a user once user is created his/her email  verified field will be true.


** Open Questions:

  1. What should be userName in this case?
  2.  Does system need to generate password for Google signup user?
  3. Do we need to send any welcome email to user? if yes then what should be content?
  4. What will happen if some old Google user won't have firstName or name itself?