Epic: SM-1816 - IAM: Offboard user Resolved
JIRA: SM-1839 - Offboard user - deny login Done
Priority:
Effort estimate:
Review status: in preparation/ready to review/approved
As a Customer I want to get my access denied as I am no longer customer so that I cannot use app functionality
Role: Customer
Objective:
Reason:
Functional requirements:
Customer data is stored indefinitely.
Customer cannot login using credentials that are stored and tagged as off-board, risky?, blacklisted?
Account lock/unlock mechanism – Customer service is responsible for locking and unlocking account. This decision is driven by another team e.g. Transactions. When account is locked Customer is restricted to take any actions within app, but it will be available in read-only view. Account disablement /closure is not part of MVP
UI requirements:
Process flow:
Execution steps:
Internal dependencies:
External dependencies: 3rd party prerequisites
Alternative scenarios: what would happen if not done (optional)
Acceptance criteria:
Pre-condition: BOFE or Slacker (Risk engine) initiate the offboarding procedure
Customer is unable to access the app using credentials, passcode or device biometry
Customer is (re)directed to the first time login page
Links to wireframes/UI:
Technical Assessment
VIDA supports the /api/v1/device/unregister-device
endpoint that makes the credential ID inactive.
Note that the VIDA API does not support to reactivate the credential ID later.
Note that currently only the IN_PROGRESS
state is used (COMPLETED
is not used) that is why lock/unlock is transitioning between LOCKED
and IN_PROGRESS
.
Implementation details:
irrevocably revoke a credential (key): create a new endpoint for
iam-manager
:POST credential/revoke-by-customer/{customerId}
:calls the VIDA endpoint above
updates in the local database the status of the
customer ID
-credential ID
pair toREVOKED
should be secured for service2service call only
lock a credential (key): create a new endpoint for
iam-manager
:POST credential/lock-by-customer/{customerId}
updates in the local database the status of the
customer ID
-credential ID
pair toLOCKED
only if the status isIN_PROGRESS
should be secured for service2service call only
unlock a credential (key): create a new endpoint for
iam-manager
:POST credential/unlock-by-customer/{customerId}
updates in the local database the status of the
customer ID
-credential ID
pair toIN_PROGRESS
only if the status isLOCKED
should be secured for service2service call only
update
iam-auth-lib
functionality to handle the new statuses above (where needed)(increase the API version - no breaking changes, no depreciations)
Sequence Diagram
This describes the flow for locking, unlocking and revoking credentials.
The following diagram shows the changes needed in the interceptor to check for the credentials state before further proceeding with the main authentication logic.
State Diagram
The diagram below illustrates the state transitions for the current and target flows:
Negative Scenarios
I. Timeouts or Service Crash During Unregister Call to VIDA
Solution A. Perform a status synch to VIDA when the credential state is IN_PROGRESS
Solution B. Continue revocation of credentials if VIDA http errors are encountered
In this solution, we will maintain our internal credential state as the source of truth. Thus, any unexpected technical errors encountered during call to VIDA to unregister the credentials won’t affect the revocation call. In this case, we will continue with tagging the credential as revoked in our database and just log the error. If needed, this may require at some point a synch between our internal credential states vs those of VIDA’s.
Solution C. Use Temporal to properly handle state management
Not needed to use temporal since this is only a simple workflow.
Attachments:
~drawio~557058:fbaec0fe-b197-42e4-bce4-93727edf7519~Signing Credentials State Diagram.tmp (application/vnd.jgraph.mxfile)
Signing Credentials State Diagram (application/vnd.jgraph.mxfile)
Signing Credentials State Diagram.png (image/png)
~drawio~557058:fbaec0fe-b197-42e4-bce4-93727edf7519~Signing Credentials State Diagram.tmp (application/vnd.jgraph.mxfile)
plantuml_1664988599029.svg (image/svg+xml)
plantuml_1664988599029 (text/plain)
plantuml_1664988599029.png (image/png)
plantuml_1664988717201.svg (image/svg+xml)
plantuml_1664988717201 (text/plain)
plantuml_1664988717201.png (image/png)
plantuml_1665379531032 (text/plain)
plantuml_1665379531032.svg (image/svg+xml)
plantuml_1665379531032.png (image/png)
plantuml_1665379665710.svg (image/svg+xml)
plantuml_1665379665710 (text/plain)
plantuml_1665379665710.png (image/png)
plantuml_1665379665710 (text/plain)
plantuml_1665379665710.svg (image/svg+xml)
plantuml_1665379665710.png (image/png)