Versions Compared

Old Version 16

changes.mady.by.user Manzarul Haque

Saved on

compared with

New Version 17

changes.mady.by.user Manzarul Haque

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
titleCreate user body
Create User api request body:
URI: v2/user/create
Method: POST
Request body:

{
 "request":
      {
       "firstName":"name of user",
       "email":"valid and unique email id",
       "phone":"valid phone number",
       "password":"user password",
       "username" : "unique user name. Optional",
       "channel" : "rootOrgchannel value (Optional)"// if user pass it , it must be valid and user will be associated with this as "PUBLIC" role.
       "organisationId": "",
       "OTP":"entered OTP by user(optional)", 
      "VerificationType":"it can be OTP
, Google , or some state"  
         
    }
}

Note:
* Now user creation won't ask user to enter phoneVerified, if user is providing phone number.
* is username is auto generated unique value or user has to enter it - it's optional for user , if user not providing then system will generate it.
* Do we need to take orgId or channel in create user to associate user with another rootOrg?
* How to do validation for Indian phone number. As per PRD only Indian phone number is valid.
* Are we taking country code as well from user , or always will associate user country code as "+91"
* Do we need to make OTP mandatory or optional based on introducing signupType?

...

  •  If user already exist in sunbird  and user status is not deleted , then allow that user to do login.
  •  If user does not exist in sunbird then make below api call 
Code Block
languagejs
URI: v1/user/verifyAndCreate
Method: POST
Request body: 

 {
  "request": {
       "firstName":"",
       "email":"",
       "phone":"valid phone number", 
       "loginTypeverificationCode":"can be OTP or google token",
       "verificationKeyverificationSource":"id_token in case of Google",
      }
}

Response: 
  same as create user api

* This api will do following validation:
   1.  Make request Googleverification api call by appending verificationkey in URL  as follows: based on verificationSource. In Case of OTP it will verify against generated OTP and in case of Google it will verify against below url.
 https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={verificationKey}
   2. once verified then it will make create user api call to create a user once user is created his/her email  verified field will be true.


 Open Question:
   What will happen if user is in sunbird but his/her status is inactive or deleted?


State sign-in

When user comes through state-portal, he/she will get a link to access Diksha portal.

  1. Once user clicks, internally user it will check existence of the user in the diksha.
  2. If found with status as active and isPhoneVerified as true then user will be directly taken to the Diksha portal, through trampoline updateas login user.
  3. If not found, then we portal will invoke the user sing-up process, by reading the data from existing JWT token.take user phone number by parsing JWT token and generate OTP,
  4. OTP will be generated and sent to user's mobile phone. OTP Generation will be taken care by Design for One time password (OTP)
  5. On diksha user will be redirected to Enter OTP - for first time login.OTP 
  6. On successful OTP validation, user will be created within Diksha and user will be logged into the platform.

...

languagejs
titleCreate user body

...

    

    Case 2:

      1.   User found with status as active and isPhoneVerified as false, then Caller need to generate OTP and ask user to verify it, once caller verified it, That user profile isPhoneVerified need to be marked as ture.

     2. User found with status as inactive/deleted then what need to be done? 


** Open Questions:

  1. What should be userName in this case? (As discussed username will be auto-generated - internally system will make sure that auto-generated username will be related to user and not very hard to remember.)
  2.  Does system need to generate password for Google signup user? (As per discussion , no need to generate password.)
  3. Do we need to send any welcome email to user? if yes then what should be content? (As per discussion, for Google user creation no need to send any email.)
  4. What will happen if some old Google user won't have firstName or name itself?
  5. There might be scenario user already exist but his status is deleted? (As per discussion, user creation will fail.)
  6. Do we need to carry loginId as well?
  7. In Old implementation during user create we have to send phoneVerified as true?

...