Add User
In environments with IDP, the app is connecting to the IDP server in a web view to do the user registration with project specific user authentication and getting some IDP token. With this token the MC can activate the user account for this app installation with the Security Server. Activation code/pin as in Digitanium is not needed. In addition userId and tenantId is needed as in Digitanium solutions. See EventList for IDP activation. Note that in the KOBIL Shift Lite environment, you can choose between several authentication modes during activation.
Proceed with such an add user if you receive a StartResultEvent with LOGIN_REQUIRED as sdkState.
Add user event flow diagram for KOBIL Shift Lite
Here is an event flow diagram to detail what the event flow looks like for this process:
This diagram and its description demonstrate a series of steps in a complex authentication and authorization flow, showcasing the interactions between various components within the system.
-
UI Interaction: The User Interface (UI) checks the sdkState of the StartResult Event. If any user has already activated it, the state should be LOGIN_REQUIRED.
-
Opening Login Page: The UI opens the "KOBIL Shift Lite system's" login page in the browser.
-
Requesting Client Data: The UI requests AST client data from the "MC" (a certain component) by providing the tenant ID.
// Get AstClientdata
public func getAstClientData(userIdentifer: KsUserIdentifier, completion: @escaping((KSMGetAstClientDataResultEvent) -> Void)){
let astClientData = KSMGetAstClientDataEvent(tenantId: userIdentifer.tenantId)
self.masterControllerAdapter.sendEvent2MasterController(astClientData) { event in
guard let macroEvent = event as? KsMacroEvent else {return}
guard let resultEvent = macroEvent as? KSMGetAstClientDataResultEvent else{return}
completion(resultEvent)
}
}
- Providing Headers: Within the login browser session, the UI provides the client ID as the value of the
X-KOBIL-ASTCLIENTIDheader and the AST client data as the value of theX-KOBIL-ASTCLIENTDATAheader to the IAM (Identity and Access Management) component.
// Compose HTTP headers
static func getUrlRequest(userType: MaverickUserType, url:String, astData: KSMGetAstClientDataResultEvent) -> URLRequest?{
guard let webPageUrl = URL(string: url) else{return nil}
var request = URLRequest(url: webPageUrl)
switch userType {
case .newUser:
request.setValue(astData.clientData, forHTTPHeaderField: Constant.HeadersKey.kAstClientData)
case .existingUser,.loginUser:
request.setValue(astData.astClientId, forHTTPHeaderField: Constant.HeadersKey.kAstClientId)
request.setValue(astData.clientData, forHTTPHeaderField: Constant.HeadersKey.kAstClientData)
default:
break
}
return request
}
-
IAM Authentication: IAM authenticates the request and communicates with "Maverick" (AST-Services) for the AST login process.
-
Return of Authorization Code: Maverick returns a login response to the IAM, including an authorization code.
-
Returning to UI: IAM returns a login response containing the authorization code back to the UI.
-
Setting Authorization Code: The UI sets the previously retrieved authorization code in the "MC" component.
//Set authorization code
public func setAuthorizationCode(userType: MaverickUserType, authorizationCode: String, userIdentifer: KsUserIdentifier, completion:@escaping((KSMSetAuthorisationCodeResultEvent) -> Void?)) {
let authMode = GlobalConstant.const.authenticationMode
let setAuthorizationCodeEvent = KSMSetAuthorisationCodeEvent(tenantId: userIdentifer.tenantId, authenticationMode: authMode, authorisationCode: authorizationCode, clientId: userType.clientId)
self.masterControllerAdapter.sendEvent2MasterController(setAuthorizationCodeEvent) { event in
guard let macroEvent = event as? KsMacroEvent else {return}
guard let resultEvent = macroEvent as? KSMSetAuthorisationCodeResultEvent else{return}
completion(resultEvent)
}
}
-
Token Retrieval: The "MC" makes a REST call to obtain tokens from the KOBIL Shift Lite system. The system returns refresh and access tokens along with response data, which includes the server part of the key exchange within a JSON response body.
-
Key Exchange Response: IAM responds to the "MC" with the result of the key exchange, which includes the IAM token in the case of a successful exchange.
-
Result Analysis: The UI receives the SetAuthorisationCodeResultEvent and checks the StatusType of the event.
-
User Login Verification: If the StatusType is OK, the UI confirms that the new user is logged in and can start using the MC (presumably the related services or features).
clientId parameter explanation
During the activation and login process, developers use the clientId parameter in the URL. This parameter is responsible for different flows that will be used in IDP.
Here are a couple of basic parameters that are used in Kobil.
- `IDPRegistration
- `IDPLogin
- `IDPSubsequienLogin
IDPRegistration is used for a new user registration. IDPLogin is needed for a login with an already existing user. IDPSubsequienLogin is needed for a login already activated user on a device.
Please note in add user flow you sould use clientId = IDPLogin. Other clientId make IDP do additional checks and your flow will fail.
Checking result
As a result the user adding StartEvent should return a user list with two activated users.
start_result_event.png
Delete user
To delete a user please follow these steps.