LogoLogo
  • Technical Direction
  • Technical overview
    • Technical Implementation
    • API Design Guide
      • Data Definitions and Standards
      • Data Transfer Objects
      • Documentation
      • Environments
      • Error Handling
      • Example API Service
      • GraphQL Naming Conventions
      • Methods
      • Naming Conventions
      • Once Only Principle
      • Pagination
      • Resource Oriented Design
      • REST Request
      • REST Response
      • Security
      • Versioning
    • Ísland.is Public Web Data Flow
    • Code Reviews
    • Code Standards
    • Monorepo
    • Project Management
    • Teamwork
    • Architectural Decision Records
      • Use Markdown Architectural Decision Records
      • Use NX
      • Continuous Integration
      • CSS
      • Branching and Release Strategy
      • Error Tracking and Monitoring
      • What API Management Tool to Consider
      • Viskuausan Static Site Generator
      • Use OAuth 2.0 and OpenID Connect As Protocols for Authentication and Authorization
      • Unified Naming Strategy for Files and Directories
      • CMS
      • Open Source License
      • What Chart Library Should We Use Across Island.is?
      • What Feature Flag Service/application Should We Use at Island.is?
      • Logging, Monitoring and APM Platform
      • ADR Template
    • Log Management Policy
  • Products
    • Island.is Authentication Service
      • Terminology
      • Integration Options
      • Authentication Flows
      • Authorising API Endpoints
      • Session Lifecycle
      • Scopes and Tokens
      • Delegations
      • Configuration
      • Tools and Examples
      • Environments
      • Test IAS with Postman
    • Notifications / Hnipp
      • New Notification Setup Guide
      • Notifications service workflow overview
      • Email notifications
    • Pósthólfið
      • Security Checklist
      • Introduction
      • Skjalatilkynning API
      • Skjalaveita API
      • Sequence Diagram
      • Interfaces
    • Straumurinn (X-Road)
      • Architecture Guidelines for Service Providers and Consumers
      • Setting up an X-Road Security Server
        • Network Configuration
      • X-Road - Uppfærsla á öryggisþjónum
      • Straumurinn - Notkun og umsýsla
      • X-Road Central - current version
  • Development
    • Getting Started
    • Generating a New Project
    • Definition of done
    • Devops
      • Continuous Delivery
      • Database
      • Dockerizing
      • Environment Setup
      • Logging
      • Metrics
      • NextJS Custom Server
      • Observability
      • Operations Base Principles
      • Security
      • Service Configuration
      • Support
    • AWS Secrets
    • Feature Flags
    • Documentation Contributions
    • Defining Monorepo Boundaries With Tags
    • OpenAPI
    • Code Generation
    • Workspace Settings (Deprecated)
    • External Contributions
  • REFERENCE
    • Problems
      • 400 Validation Failed
      • 400 Attempt Failed
      • 403 Bad Subject
      • 400 500 Template API Error
    • Glossary
  • Misc
    • Guide: Adding a Payment Step to an Application
    • Guide: Enable Organisations to Make Requests to an Application
    • README Template
Powered by GitBook
On this page
  • Prerequisites
  • Orginization and Application Interaction
  • 1. Add and map a role for the Orginization
  • 2. Create an interaction state for the orginisation
  • 3. Originisation API requests

Was this helpful?

  1. Misc

Guide: Enable Organisations to Make Requests to an Application

PreviousGuide: Adding a Payment Step to an ApplicationNextREADME Template

Last updated 1 year ago

Was this helpful?

This document describes how you can go enable an orginization to interact with the application system.

Prerequisites

For an organisation to be able to able to read/update an application the setup is as follows

  1. Create a connection between their x-road server (handled by the institution) and our x-road server (handled by )

  2. Create a new client In the IDS with:

    • Machine Client type

    • client claims prefix: client_

    • relevant scopes application:read and/or application:write

    • claim with key: nationalId and The orginasation's national Id as value

This client can be created in the on dev using Gervimaður Útlönd 010-7789. For Staging and Prod a make request on #ids_changes

Orginization and Application Interaction

1. Add and map a role for the Orginization

In the Application template map the orginasation's nationalId like so

  mapUserToRole(
    id: string,
    application: Application,
  ): ApplicationRole | undefined {
    ...
    if (id === 'xxxxxx-xxxx') { // The nationalId added as claim in the Ids earlier.
      return Roles.ORGINISATION_REVIEWER
    }
    ...
  },

2. Create an interaction state for the orginisation

For the org to be able to interact we need to add the role permission to a relevant state for the them to interact with the application.

Add an entry action:

stateMachineOptions: {
  actions: {
    assignToInstitution: assign((context) => {
      const { application } = context
      const institution_ID = 'xxxxxx-xxxx'

      set(application, 'assignees', [institution_ID])

      return context
    })
  }
}

An example of an approve/reject state from an organisation. Add your state with entry and exit that handles the assign of the institution

  [States.ORGINISATION_APPROVAL]: {
    entry: 'assignToInstitution',
    exit: ['clearAssignees'], //ideally you would clear the assignees here
    meta: {
        name: States.ORGINISATION_APPROVAL,
        ...
        roles: [
        ...
        {
            id: Roles.ORGINISATION_REVIEWER,
            formLoader: () =>
            import('../forms/InReview').then((val) =>
                Promise.resolve(val.InReview),
            ),
            read: 'all',
            write: 'all',
        },
        ...
        ],
    },
    on: {
        [DefaultEvents.APPROVE]: { target: States.APPROVED },
        [DefaultEvents.REJECT]: { target: States.REJECT },
    },

3. Originisation API requests

To invoke a state change the machine client would for approving make a PUT request like so:

curl --location --request PUT '{{baseUrl}}/applications/{{applicationId}}/submit' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer xxx' \
--data-raw '{
  "event": "APPROVE",
  "answers": {},
  "message": ""
}'

Postman local testing setup

Choose Oauth 2.0 and use the settings below. Insert your Client id, client secret and the Scope should be @island.is/applications:read @island.is/applications:write press "Get New Access Token" and you have your token.

Log in to the on dev using Gervimaður Útlönd 010-7789. Find the client you created earlier, create a new secret and copy it to your clipboard:

Andes
IDS admin panel
IDS admin panel
image
image