Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Problem statement:

   Sunbird system will allow user on-boarding with following ways:

  1.   Self sign up
  2.   Google plus login
  3.   State login    

Problem will have during user profile merging. Migrating self sign up user profile with Google plus login or state login.

User attribute required during sign up:

AttributeTypeRequiredpurpose
namestringtruename of user. can be combination of firstname , middle name and lastname
usernamealphanumerictrueunique identity to identify user. user name will be unique per installation
passwordalphanumerictrue
phonenumberconditionaleither phone or email is mandatory . but during creation time user can't pass both.
emailalphanumericconditionaleither phone or email is mandatory . but during creation time user can't pass both.
userTypestringinternalTo identify user is Teacher or Other , as of now there is only two types
signUpTypestringinternalTo identify user came via selfsignUp, googleplus , statelogin or stateonboard
phoneVerifiedbooleaninternalwill be true only when user verified phone otp
emailVerifiedbooleaninternalwill be true only when user verified email otp

Self sign up work flow:

  •  User will enter all mandatory field (name, phone/email, username,password) on consumer portal/app
  • Consumer will make call for generate OPT for either phone or email
  •  OTP Generation will be taken care by Design for One time password (OTP)
  • Once User enter OTP, consumer will check OTP basic Validation and then it will call create user APi:
  • System will check uniqueness of email/phone , username  and OTP , if every thing is ok then it will create user under sunbird.
  • if any validation fails then it will throw proper error
Create user body
Create User api request body:
URI: v3/user/create
Method: POST
Request body:

{
 "request":
      {
       "firstName":"name of user",
       "email":"valid and unique email id",
       "phone":"valid phone number",
       "password":"user password",
       "username" : "unique user name"
         
    }
}

Note:
 * is username is auto generated unique value or user has to enter it
* Do we need to take orgId or channel in create user to associate user with another rootOrg,.
* How to do validation for Indian phone number. As per PRD only Indian phone number is valid.
* Are we taking country code as well from user , or always will associate user country code as "+91"

Storage of user data pre-user creation:

   Requirement is sunbird should not create user into system unless or until it's verified. 

Proposed solution 1:

          Consumer (portal/app) can hold user data in local cache , and  once OTP is verified then only they make create user api call.


ProsCons
  1. Junk data won't be in system.
  2. System will always has verified user account.
  1. if you refresh cache or clear cache that might clear user store data.


   

Proposed solution 2: 

  User Data can be stored under sunbird as some temp  table and once user verify OTP then , it will move data from temp table to different other places , from where they can used it.

ProsCons
  1. All attempted user data is in sunbird
  1. it will have lot of unverified profile in sunbird. 

Google sign In:

 When user come to sunbird via Google sign in , Caller will do following check.

  •  If user already exist in sunbird  , then allow that user to do login.
  •  If user does not exist in sunbird then make below api call 
URI: 
Method: POST
Request body: 

 {
  "request": {
       "firstName":"",
       "email":"",
       "loginType":"",
       "verificationKey":"id_token in case of Google",
      }
}

Response: 
  same as create user api

* This api will do following validation:
   1.  Make Google api call by appending verificationkey in URL  as follows:
 https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={verificationKey}
   2. once verified then it will make create user api call to create a user once user is created his/her email  verified field will be true.


** Open Questions:

  1. What should be userName in this case?
  2.  Does system need to generate password for Google signup user?
  3. Do we need to send any welcome email to user? if yes then what should be content?
  4. What will happen if some old Google user won't have firstName or name itself?
  5. There might be scenario user already exist but his status is deleted?
  6. Do we need to carry loginId as well?
  7. In Old implementation during user create we have to send phoneVerified as true?
  • No labels