Problem statement:
Sunbird system will allow user on-boarding with following ways:
- Self sign up
- Google plus login
- State login
Problem will have during user profile merging. Migrating self sign up user profile with Google plus login or state login.
User attribute required during sign up:
| Attribute | Type | Required | purpose |
|---|---|---|---|
| name | string | true | name of user. can be combination of firstname , middle name and lastname |
| username | alphanumeric | false | unique identity to identify user. user name will be unique per installation |
| password | alphanumeric | true | |
| phone | number | conditional | either phone or email is mandatory . but during creation time user can't pass both. |
| alphanumeric | conditional | either phone or email is mandatory . but during creation time user can't pass both. | |
| userType | string | internal | To identify user is Teacher or Other , as of now there is only two types |
| phoneVerified | boolean | internal | will be true only when user verified phone otp |
| emailVerified | boolean | internal | will be true only when user verified email otp |
Self sign up work flow:
- User will enter all mandatory field (name, phone/email, username,password) on consumer portal/app
- Consumer will make call for generate OPT for either phone or email
- OTP Generation will be taken care by Design for One time password (OTP)
- Once User enter OTP, consumer will check OTP basic Validation and then it will call create user APi:
- System will check uniqueness of email/phone , username and OTP , if every thing is ok then it will create user under sunbird.
- if any validation fails then it will throw proper error
Create user body
Create User api request body:
URI: v3/user/create
Method: POST
Request body:
{
"request":
{
"firstName":"name of user",
"email":"valid and unique email id",
"phone":"valid phone number",
"password":"user password",
"username" : "unique user name"
}
}
Note:
* is username is auto generated unique value or user has to enter it
* Do we need to take orgId or channel in create user to associate user with another rootOrg,.
* How to do validation for Indian phone number. As per PRD only Indian phone number is valid.
* Are we taking country code as well from user , or always will associate user country code as "+91"
Storage of user data pre-user creation:
Requirement is sunbird should not create user into system unless or until it's verified.
Proposed solution 1:
Consumer (portal/app) can hold user data in local cache , and once OTP is verified then only they make create user api call.
| Pros | Cons |
|---|---|
|
|
Proposed solution 2:
User Data can be stored under sunbird as some temp table and once user verify OTP then , it will move data from temp table to different other places , from where they can used it.
| Pros | Cons |
|---|---|
|
|
Google sign In:
When user come to sunbird via Google sign in , Caller will do following check.
- If user already exist in sunbird , then allow that user to do login.
- If user does not exist in sunbird then make below api call
URI:
Method: POST
Request body:
{
"request": {
"firstName":"",
"email":"",
"loginType":"",
"verificationKey":"id_token in case of Google",
}
}
Response:
same as create user api
* This api will do following validation:
1. Make Google api call by appending verificationkey in URL as follows:
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={verificationKey}
2. once verified then it will make create user api call to create a user once user is created his/her email verified field will be true.
** Open Questions:
- What should be userName in this case?
- Does system need to generate password for Google signup user?
- Do we need to send any welcome email to user? if yes then what should be content?
- What will happen if some old Google user won't have firstName or name itself?
- There might be scenario user already exist but his status is deleted?
- Do we need to carry loginId as well?
- In Old implementation during user create we have to send phoneVerified as true?