Overview :
...
| Existing request | New request |
|---|---|
| channel | State ID |
| userName | External User ID |
| firstName | External school (org) ID |
| lastName | Name |
| phone | Roles |
| phone/email |
...
New JWT token will have version as well, Based on incoming version it will be identified as old implementation or new implementation. Request body will be mapped as follow.separate endpoint see the design and description Single-Sign-On with DIKSHA for Partners.pdf
| Existing JWT | New JWT |
|---|---|
| { "jti": "261263cd-3a0e-4aee-8faf-6d9d9eb14bb1", "iss": "c4923f5285ff447cbf13805423a1e98a", "sub": "manzarul07+110332", "aud": "https://staging.ntp.net.in", "iat": 1499405029, "exp": 1599405029, "name": "Harish kumar Gangula", "email": "t4harishkumar16@test.com", "email_verified": true, "phone_number": "8884930864", "phone_number_verified": true, "redirect_url": "https://staging.ntp.net.in/profile" } | { "version":"v1" // added newly |
| Request key | Mapped |
|---|---|
| State ID | channel |
| External User ID | externalId (identify of user within state system) |
| External school (org) ID | org external id |
| Name | FirstName |
| externalIdProvider (Under which system it's unique. here it's state, so provider will be channel) | |
| externalIdType (Type of externalId, example: PAN Card) |
...
Once user is created using SSO , caller can make another api call to assign roles.
URI: /user/v1/role/assign
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"request": {
"userId": "",
"organisationId": "",
"roles": [
"CONTENTCREATOR",
"CONTENTREVIEWER",
"CONTENTCURATION",
"FLAGREVIEWER"
]
}
} |
...
* This api will return mask phone and mask email as well.
2. Mark all Old sso SSO user phone as phone verified.
3. IdType is optionalmandatory as of now.
4. later phone and email both need to be moved under user externalId table, so that any search via user externalId will be happen with this table only. (not in release-1.14 sprint 1)
...