Creating users in a project - rettersoft/rbs-docs GitHub Wiki

X-Rbs-Identity

Actions can be called by services or users. Users can be created by child services. In order to create a user a child service should declare its userRoles in its manifest file:

{
    "handler": "https://basicauth-beta.rettermobile.com/handle",
    "eventHandler": "https://basicauth-beta.rettermobile.com/handle",
    "id": "rbs.basicauth",
    "name": "Basic Auth Service",
    "actions": {
        "receives": [
            "rbs.basicauth.request.*"
        ],
        "sends": [
            "rbs.basicauth.event.BASIC_END_USER_CREATED",
            "rbs.core.request.GENERATE_CUSTOM_TOKEN"
        ]
    },
    "secretKey": "awesomesecretkey"
}

This service can send rbs.core.request.GENERATE_CUSTOM_TOKEN . Without this permission service cannot request a custom token from core service.

When a user sends an action to a service, X-Rbs-Identity header will be the role for that user.

For instance: rbs_anonymous_user for the manifest file above.

Anonymous Users

Anonymous users always have the role rbs_anonymous_user

A typical flow for creating logged in users

  1. A service receives an action from an anonymous user. For example: rbs.auth.request.LOGIN
  2. Service validates some kind of credentials sent in action payload. This could be a SMS authentication or a users email and password. Some kind of authentication mechanism only this service is familiar with.
  3. If the service is satisfied with credentials, it uses RBS SDK to send an ACTION to rbs.core service. This action is: rbs.core.request.GENERATE_CUSTOM_TOKEN.

userId and userRole should be sent.

rbs.send({
    action: 'rbs.core.request.GENERATE_CUSTOM_TOKEN',
    data: {
        userId,
        userRoleId: 'enduser'
    },
    onSuccess: (resp:any) => {

    },
    onError: (e:any) => {

    }
})

userId is an arbitrary user id created by this service.

userRoleId is the ID of the role. This role should be defined in RBS developer console to be able to send any actions.

  1. rbs.core.request.GENERATE_CUSTOM_TOKEN action returns a custom token with a 30 seconds expiration date. Service returns this token to the anonymous user who sent the action: rbs.basicauth.request.LOGIN in this example.
  2. Upon receiving this customToken this anonymous user uses RBS SDK authenticateWithCustomToken method. At that point this user is not an anonymous user anymore but is authenticated as the user with userId.