Versions Compared

Old Version 17

changes.mady.by.user Manzarul Haque

Saved on

compared with

New Version 18

changes.mady.by.user Manzarul Haque

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
titleCreate user body
Changes in Create User api request body:
URI: v2/user/create
Method: POST
Request body:

{
 "request":
      {
       "firstName":"name of user",
       "email":"valid and unique email id",
       "phone":"valid phone number",
       "password":"user password",
       "username" : "unique user name. Optional",
       "channel" : "rootOrgchannel value (Optional)"// if user pass it , it must be valid and user will be associated with this as "PUBLIC" role.
       "organisationId": ""
    }
}

- Changes in create user api:
  * username : field will be  }
}

Note:
* Now user creation won't ask user to enter phoneVerified, if user is providing phone number.
* is username is auto generated unique value or user has to enter it - it's optional for user , if user not providing then system will generate it.
* Do we need to take orgId or channel in create user to associate user with another rootOrg?optional (if user is passing it then system will verify uniqueness only, if user is not passing then system will generate unique username.)
  * channel : This field is optional .
        * if caller will pass it, then system will verify it's validity ( should be rootOrg and status as active) once it's verified then user will be associated with that rootOrg.
        * if channel is invalid or not active then creation will fail with proper error message.
 * organisationId : This field is optional.
       * if caller passes both channel and organisationId then , organisationId should be either suborg or rootOrg under same channel. it's status should be active. once it's verified then user will be associated with both as role "PUBLIC"
       * if channel and organisationId belongs to different rootOrg or channel is active but suborg(organisationId) is inactive then user creation will fail with proper error message.
       * if user will pass on organisationId , then system will check organisationId should be valid and active. if both condition satisfied then user will be associated with
       corresponding rootOrg and suborg with role "PUBLIC".  
      * User creation won't ask any phoneverified or emailVerified field.
      * Once Phone/email is verified by user in DB it will mark isPhoneVerified or isEmailVerified as true.
      * For Google signIn user email verified will be always true.       

Doubts:
* How to do validation for Indian phone number. As per PRD only Indian phone number is valid.
* Are we taking country code as well from user , or always will associate user country code as "+91"
* Do we need to make OTP mandatory or optional based on introducing signupType?

Storage of user data pre-user creation:

...

  Sunbird can introduce Redis service and all unverified user data can be stored under Redis.This service can be used for other centralized cache as well.

ProsCons
  1. Data lost issues can be resolved
  2. Sunbird will have all verified and un-verifed data.
  3. Redis cache can be used in other places as well. As of now sunbird is doing in-memory cache of some data , and that will vary from server to server.
  1. Implementation time will be more.
  2. Need to manage one more stack


Google sign In:

 When user come to sunbird via Google sign in , Caller will do following check.

  •  If user already exist in sunbird  and user status is not deleted , then allow that user to do login.
  •  If user does not exist in sunbird then make below api call 
  • User existence check will happen with provided email.(In user search request ,you can pass email inside filter.)
Code Block
languagejs
URI: v1/user/verifyAndCreate
Method: POST
Request body: 

 {
  "request": {
       "firstName":"",
       "email":"",
       "phone":"valid phone number", 
       "verificationCode":"can be OTP or google token",
       "verificationSource":"id_token in case of Google",
      }
}

Response: 
  same as create user api

* This api will do following validation:
   1.  Make request verification api call based on verificationSource. In Case of OTP it will verify against generated OTP and in case of Google it will verify against below url.
 https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={verificationKey}
   2. once verified then it will make create user api call to create a user once user is created his/her email  verified field will be true.


 Open Question:
   1. What will happen if user is in sunbird but his/her status is inactive or deleted?
   2. There is an old user in system whose emailVerified filed is false and same user trying to login with Google signin?


State sign-in

When user comes through state-portal, he/she will get a link to access Diksha portal.

...