User,Scope and Consent Relation Technical Specification

## User,Scope and Consent Relation Technical Specification **1. Adding User to the System:** - The user is added to the system through core banking. - User's basic information, along with other details obtained from the CDC, is combined and stored in the system. **2. Creating User with Amorphie Token:** - A user profile is created using the Amorphie token. **3. Generating Temporary Password and Sharing via SMS:** - The user is sent temporary password details via SMS using the Amorphie token. - The user performs the first login to internet banking using this temporary password. **4. Defining Default Scope:** - Default scope for the user is defined based on the example table below: ```json { "id": "1324d72c-1408-4307-973c-bd74e3d8a185", "reference": 32452343, "name": "John De", "tags": [ "retail-customer" ], "consent": { "flows": [ { "client": "mobile", "workflow": "retail-user-consent", "role-group": "retail-customer", }, { "client": "edevlet", "workflow": "retail-user-consent-devlet", "role-group": "retail-customer" }, { "client": "fx", "workflow": "retail-user-consent-fx", "role-group": "retail-customer" } ] } } ``` **5. Creating Consent:** * Consent workflows are defined as subflows in the login flow, ensuring proper scope execution for the user. * Automatic consent assignments and whether they are assigned automatically are managed within the workflow. * A client can have multiple consent flows; for instance, "retail-user-consent" for accessing the user's account and "behalf-of-user-consent" for accessing another user's account. **6. Storing Consent Content:** The created consent information is stored with the following example content: ```json { "id": "a664d72c-1408-4307-973c-bd74e3d8a185", "user": "g664d72c-1408-4307-973c-bd74e3d8a185", "scope": "g664d72c-1408-4307-973c-bd74e3d8a185", "client": "c664d72c-1408-4307-973c-bd74e3d8a185", "role": "admin", "state": "K" } ``` **7. Consent States:** The state information in consent can take the following statuses: "B" (Authorization Pending) "K" (Authorization Used) "S" (Authorization Terminated) "I" (Authorization Canceled) **8. Sequence Diagrams:** * **First Login:** Shows temporary password generation, scope selection (potentially), consent recording, and token generation for access. ```plantuml title "First Login" actor User participant Token participant Scope participant Consent participant BFF participant CoreBanking CoreBanking->Token: "New User" Token->User: "Send temporary password" User->Token:"Login with temporary password" Token->Token:"User validated" Token->Scope:"Check scope" Scope->Scope:"Scope exist" Scope->User:"Ask for role" User->Scope:"Choose one" Scope->Consent:"Save role" Consent->Token:"Consent Ok" Token->Token:"Generate token" Token->User:"Return token" User->BFF:"Access with token" BFF->CoreBanking:"Connected" ``` * **Regular Login:** Highlights consent verification based on existing records, with the option for users to choose consent if multiple options exist. ```plantuml title "Regular Login" actor User participant Token participant Scope participant Consent participant BFF participant CoreBanking User->Token:"Login with password" Token->Token:"User validated" Token->Consent :"Check consent" alt multiple Consent->User:"Choose Consent" User->Token:"Consent Ok" else single Consent->Token:"Consent Ok" end Token->Token:"Generate token" Token->User:"Return token" User->BFF:"Access with token" BFF->CoreBanking:"Connected" ``` :::danger Additional Notes: The document emphasizes requesting scope if a user has multiple consents for the same client. :::