mGramSeva - User Service
Overview
User service is responsible for user data management and providing functionality to login and logout into Digit system
Pre-requisites
Before you proceed with the configuration, make sure the following pre-requisites are met -
Java 8
Kafka server is up and running
Encryption and MDMS services are running
PSQL server is running and database
Redis is running
Key Functionalities
Store, update and search user data
Provide authentication
Provide login,logout functionality into MgramSeva platform
Store user data PIIs in encrypted form
Interaction Diagram
Deployment Details
Setup latest version of egov-enc-service and egov-mdms- service
Deploy latest version of egov-user service
Add Role-Action mapping for API’s
Configuration Details
Following are the properties in application.properties file in user service which are configurable.
Property | Value | Remarks |
---|---|---|
| 10 | default search record number limit |
| true | whether citizen login otp based |
| false | whether employee login otp based |
| 123456 | fixed otp for citizen |
| false | allow fixed otp for citizen |
| true | whether otp compulsory for registration |
| 10080 | validity time of access token |
| 20160 | validity time of refresh token |
| 90 | expiry date of a password |
| 60 | unlock time |
| 30 | window size for counting attempts for lock |
| 5 | max failed login attempts before account is locked |
| pb |
|
Integration
Integration Scope
User data management and functionality to login and logout into Digit system using otp and password.
Integration Benefits
Providing following functionality to citizen and employee type users
Employee:
User registration
Search user
Update user details
Forgot password
Change password
User role mapping(Single ulb to multiple role)
Enable employee to login into DIGIT system based on password.
Citizen:
Create user
Update user
Search user
User registration using OTP
OTP based login
Steps to Integration
To integrate, host of egov-user should be overwritten in helm chart.
Use
/citizen/_create
endpoint for creating users into the system. This endpoint requires the user to validate his mobile Number using otp. First otp will be send to his mobile number and then that otp will be send asotpReference
in the request bodyUse
/v1/_search
and/_search
endpoints to search users in the system depending on various search parametersUse
/profile/_update
for updating the user profile. The user will be validated (either by otp based validation or password validation) when this API is called/users/_createnovalidate
and/users/_updatenovalidate
are endpoints to create user data into the system without any validations (no otp or password required). They should be strictly used only for creating/updating user’s internally and should not be exposed outsideForgot password: In case the user forgets password it can be reset by first calling
/user-otp/v1/_send
which will generate and send otp on employee’s mobile number, the password can then be updated using this otp by calling API/password/nologin/_update
in which new password along with the otp has to be sendUse
/password/_update
to update existing password by logging in. In request body both old and new password has to be sent. Details of the API can be found in the attached swagger documentationUse
/user/oauth/token
for generating token,/_logout
for logout and/_details
for getting user information from his tokenMulti Tenant User : The Multi tenant User functionality allows an user to perform actions across multiple ULB’s. For example an employee belonging to Amritsar can perform an role of say Trade License Approver for Jalandhar by assigning a tenant level role of tenantId pb.jalandhar to him. Following is an example of such user:
{ "id": 24226, "uuid": "11t0e02b-0145-4de2-bc42-c97b96264807", "userName": "xyz", "name": "abc", "mobileNumber": "9999999999", "emailId": "abc@gmail.com", "locale": null, "type": "EMPLOYEE", "roles": [ { "name": "GP Admin", "code": "GP_ADMIN", "tenantId": "pb.massewal" }, { "name": "Collector", "code": "COLLECTION_OPERATOR", "tenantId": "pb.lodhipur" } ], "active": true, "tenantId": "pb" }
If an employee has a role with stateleveltenantId
he can perform actions corresponding to that role across all tenantsRefresh Token : Whenever the
/user/oauth/token
is called to generate theaccess_token
, along with theaccess_token
one more token is generated calledrefresh_token
. The refresh token is used to generate newaccess_token
whenever the existing one expires. Till the time the refresh token is valid the user won’t have to login even if hisaccess_token
get’s expired, as it will be generated usingrefresh_token
. The validity time of the refresh token is configurable and can be configured using the property:refresh.token.validity.in.minutes
Reference Docs
Doc Links
Title | Link |
User Data encryption promotion details | |
Encryption Service |
API List
Title | Link |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
(Note: All the API’s are in the same postman collection therefore same link is added in each row)