Problem statement:
Sunbird system will allow user on-boarding with following ways:
- Self sign up
- Google plus login
- State login
Problem will have during user profile merging. Migrating self sign up user profile with Google plus login or state login.
User attribute required during sign up:
Attribute | Type | Required | purpose |
---|---|---|---|
name | string | true | name of user. can be combination of firstname , middle name and lastname |
username | alphanumeric | true | unique identity to identify user. user name will be unique per installation |
password | alphanumeric | true | |
phone | number | conditional | either phone or email is mandatory . but during creation time user can't pass both. |
alphanumeric | conditional | either phone or email is mandatory . but during creation time user can't pass both. | |
userType | string | internal | To identify user is Teacher or Other , as of now there is only two types |
signUpType | string | internal | To identify user came via selfsignUp, googleplus , statelogin or stateonboard |
phoneVerified | boolean | internal |
Self sign up work flow:
- User will enter all mandatory field (name, phone/email, username,password) on consumer portal/app
- Consumer will make call for generate OPT for either phone or email
- OTP Generation will be taken care by Design for One time password (OTP)
- Once User enter OTP, consumer will check OTP basic Validation and then it will call create user APi:
- System will check uniqueness of email/phone , username and OTP , if every thing is ok then it will create user under sunbird.
- if any validation fails then it will throw proper error
Create user body
Create User api request body: URI: v3/user/create Method: POST Request body: { "request": { "firstName":"name of user", "email":"valid and unique email id", "phone":"valid phone number", "password":"user password", "username" : "unique user name" } } Note: * is username is auto generated unique value or user has to enter it * Do we need to take orgId or channel in create user to associate user with another rootOrg,. * How to do validation for Indian phone number. As per PRD only Indian phone number is valid. * Are we taking country code as well from user , or always will associate user country code as "+91"
Storage of user data pre-user creation:
Requirement is sunbird should not create user into system unless or until it's verified.
Proposed solution 1:
Consumer (portal/app) can hold user data in local cache , and once OTP is verified then only they make create user api call.
Pros | Cons |
---|---|
|
|
Proposed solution 2:
User Data can be stored under sunbird as some temp table and once user verify OTP then , it will move data from temp table to different other places , from where they can used it.
Pros | Cons |
---|---|
|
|
Google sign In:
When user come to sunbird via Google sign in , Caller will do following check.
- If user already exist in sunbird , then allow that user to do login.
- If user does not exist in sunbird then make below api call
URI: Method: POST Request body: { "request": { "firstName":"", "email":"", "loginType":"", "verificationKey":"id_token in case of Google", } } Response: same as create user api * This api will do following validation: 1. Make Google api call by appending verificationkey in URL as follows: https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={verificationKey} 2. once verified then it will make create user api call to create a user once user is created his/her email verified field will be true.
** Open Questions:
- What should be userName in this case?
- Does system need to generate password for Google signup user?
- Do we need to send any welcome email to user? if yes then what should be content?
- What will happen if some old Google user won't have firstName or name itself?
- There might be scenario user already exist but his status is deleted?