You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User registers in admin interface, while in the facility
Someone from RTSL enters data in the admin interface
Backend sends a special SMS to a "registered" user's phone with a link
Link has special URL that opens the app (the app must be pre-installed on the user's device for the link to correctly work)
App picks up OTP that is part of the URL, and stores it temporarily
App shows the login screen and lets the user enter their phone number and PIN
App makes the login API call with phone number, PIN and OTP (that was part of SMS)
Server sends back the user "object" and an access token
App stores the access token for future use
From this point onward, every subsequent API call made by the app needs 2 headers...
-- X_USER_ID with value as the user ID that was returned in the login API call
-- HTTP_AUTHORIZATION with value as Bearer (insert access token from login API call)
App makes the facility API call to get the list of facilities
App starts the sync workers in the background, and shows the home screen to the user
Keep in mind
If any API call receives 401 as status in response, the user should be logged out.
When the app is closed and opened, login screen should appear.
Questions
Should the PIN entry screen appear every time the app goes into background? no, there should be a delay of 15 mins (configurable) after which user should be asked to enter the PIN again
Do sessions time out on the device? Is there a notion of sessions on the device? no, they shouldn't, at least for the MVP release
Server TODOs
Generate otp and otp_valid_until when user is created from admin console
Login user using phone number, pin and otp
Login responds with user record and access token
Respond to user with access-token. This token should be revocable from backend
Authenticate sync apis with user access token
Configure Twilio and ensure SMSs can be sent to Indian numbers
invalidate OTP after successful login (indicated by the first authenticated API call with given auth token)
Android TODOs
UI
Go through all the screens on zeplin and make layouts
API
Setup the API call in Paw
Study the responses and make models
Controller(s)
Read SMS, extract OTP from SMS and store it somewhere
Get phone number and PIN from the UI
Make API call using phone number, PIN and OTP
Store API results as the "user object"
Make the facility API call with X_USER_ID and HTTP_AUTHORIZATION headers
Store received facilities
Fix loggedInUser() in UserSession class
Update BP tests to do user login first, and use logged-in-user data
Retrofit
Make header interceptors that works on all API calls except login
Elsewhere
Don't start sync workers until login is successfully done
Complete facility sync before start other sync workers
The text was updated successfully, but these errors were encountered:
How it works
--
X_USER_ID
with value as the user ID that was returned in the login API call--
HTTP_AUTHORIZATION
with value asBearer (insert access token from login API call)
Keep in mind
Questions
no, there should be a delay of 15 mins (configurable) after which user should be asked to enter the PIN again
no, they shouldn't, at least for the MVP release
Server TODOs
Android TODOs
loggedInUser()
in UserSession classThe text was updated successfully, but these errors were encountered: