Update SequenceDiagram.FHIR-Directory.fdv.search.tim.puml

gematik · Dec 6, 2023 · b471325 · b471325
1 parent b5c4611
commit b471325
Showing 1 changed file with 36 additions and 48 deletions.
diff --git a/src/plantuml/SequenceDiagram.FHIR-Directory.fdv.search.tim.puml b/src/plantuml/SequenceDiagram.FHIR-Directory.fdv.search.tim.puml
@@ -2,7 +2,7 @@
 autonumber 1 1 "<b>[00]"
 title "FHIR-VZD Authentisierung für Versicherte"
 
-participant VClient as "Client Versicherter"
+participant VClient as "TIM-Client Versicherter"
 
 box VZD-FHIR-Directory #WhiteSmoke
     participant "OAuth-Server" as VzdOAuth
@@ -15,63 +15,51 @@ participant hs as "Matrix-Homeserver\n(Messenger-Proxy)"
 
 VClient-> VClient: prüfe ob noch gültiges search-ACCESS_TOKEN\nvom FHIR-Directory Auth-Service vorliegt
 
-alt kein gültiges search-ACCESS_TOKEN vorhanden - TIM Client
-VClient-> hs: POST /_matrix/client/r0/user/{userId}/openid/request_token
-activate hs
-hs --> VClient: HTTP 200 OK, Result body {"access_token": "Matrix-OpenID-Token",..., "matrix_server_name": "example.com",...}
-deactivate hs
- else kein gültiges search-ACCESS_TOKEN vorhanden - alle anderen Clients
-VClient->VzdOAuth++: POST /token (client_id, client_secret)
-VzdOAuth->VzdOAuth: prüfe client_id, client_secret
-VzdOAuth-->VClient: patient-accesstoken
-deactivate VzdOAuth
-end
-
-VClient->VzdAuth++: GET /patient-authenticate \n(Authorization: "Bearer patient-accesstoken ODER Matrix-OpenID-Token")
-
-alt kein gültiges search-ACCESS_TOKEN vorhanden - Authorization mit Matrix-OpenID-Token
-
-VzdAuth-> VzdAuth: Prüfe ob matrix_server_name\nin Föderationsliste enthalten
-VzdAuth-> hs: GET /openid/userinfo/\nrequest header, Authorization: Bearer Matrix-OpenID-Token
-activate hs
-hs --> VzdAuth: HTTP 200 OK\n(Result Body MXID des Nutzers)
-deactivate hs
-
- else kein gültiges search-ACCESS_TOKEN vorhanden - Authorization mit patient-accesstoken
+alt kein gültiges search-ACCESS_TOKEN vorhanden
+VClient->VClient: gültiges REFRESH_TOKEN vorhanden?
+alt kein gültiges REFRESH_TOKEN vorhanden
+   VClient-> hs: POST /_matrix/client/r0/user/{userId}/openid/request_token
+   activate hs
+   hs --> VClient: HTTP 200 OK, Result body {"access_token": "Matrix-OpenID-Token",..., "matrix_server_name": "example.com",...}
+   deactivate hs
+
+   VClient->VzdAuth++: GET /patient-authenticate \n(Authorization: "Bearer Matrix-OpenID-Token")
+
+   VzdAuth-> VzdAuth: Prüfe ob matrix_server_name\nin Föderationsliste enthalten
+   VzdAuth-> hs: GET /openid/userinfo/\nrequest header, Authorization: Bearer Matrix-OpenID-Token
+   activate hs
+   hs --> VzdAuth: HTTP 200 OK\n(Result Body MXID des Nutzers)
+   VzdAuth->VzdAuth: Erzeuge search-ACCESS_TOKEN & REFRESH_TOKEN
+   VzdAuth--> VClient: HTTP 200 OK, Result body mit search-ACCESS_TOKEN & REFRESH_TOKEN\n{"access_token"="search-ACCESS_TOKEN", "token_type":"bearer",\n"expires_in":86400\n"refresh_token"="REFRESH_TOKEN", "token_type":"refresh_token"}
+   deactivate VzdAuth
+   deactivate hs
+ else gültiges REFRESH_TOKEN vorhanden
+   VClient->VzdAuth++: GET /patient-authenticate \n(Authorization: "Bearer REFRESH_TOKEN")
+   VzdAuth->VzdAuth: Prüfe REFRESH_TOKEN
+   VzdAuth->VzdAuth: Erzeuge search-ACCESS_TOKEN & REFRESH_TOKEN
+   VzdAuth->VzdAuth: Deaktiviere altes REFRESH_TOKEN
+   VzdAuth--> VClient: HTTP 200 OK, Result body mit search-ACCESS_TOKEN & REFRESH_TOKEN\n{"access_token"="search-ACCESS_TOKEN", "token_type":"bearer",\n"expires_in":86400\n"refresh_token"="REFRESH_TOKEN", "token_type":"refresh_token"}
+   deactivate VzdAuth
 
-VzdAuth->VzdAuth: Prüfe patient-accesstoken
 end
 
-VzdAuth->VzdAuth: Erzeuge search-ACCESS_TOKEN & REFRESH_TOKEN
-VzdAuth--> VClient: HTTP 200 OK, Result body mit search-ACCESS_TOKEN & REFRESH_TOKEN\n{"access_token"="search-ACCESS_TOKEN", "token_type":"bearer",\n"expires_in":86400}
-deactivate VzdAuth
+end
 
 == ...Suche durch Versicherte im FHIR VZD... ==
 
-VClient -> fp: GET /search?... (Auth Header mit\nsearch-ACCESS_TOKEN)
+VClient -> fp: GET /fdv/search?... (Auth Header mit\nsearch-ACCESS_TOKEN)
 activate fp
 fp -> fp: prüfe search-ACCESS_TOKEN
 
 alt search-ACCESS_TOKEN is valid
-fp -> fd: GET /?...
-activate fd
-fd --> fp: HTTP 200 OK\n(Result Body json)
-deactivate fd
-fp --> VClient : HTTP 200 OK (Result Body json)
-else search-accesstoken is invalid
-fp --> VClient : HTTP 401
-deactivate fp
+   fp -> fd: GET /?...
+   activate fd
+   fd --> fp: HTTP 200 OK\n(Result Body json)
+   deactivate fd
+   fp --> VClient : HTTP 200 OK (Result Body json)
+ else search-accesstoken is invalid
+   fp --> VClient : HTTP 401
+   deactivate fp
 end
 
-== ...search-ACCESS_TOKEN abgelaufen... ==
-
-VClient->VzdAuth++: GET /patient-authenticate \n(Authorization: "Bearer REFRESH_TOKEN")
-VzdAuth->VzdAuth: Prüfe REFRESH_TOKEN
-VzdAuth->VzdAuth: Erzeuge search-ACCESS_TOKEN & REFRESH_TOKEN
-VzdAuth->VzdAuth: Deaktiviere altes REFRESH_TOKEN
-
-VzdAuth-->VClient: Response (search-ACCESS_TOKEN & REFRESH_TOKEN)
-deactivate VzdAuth
-deactivate VzdAuth
-
 @enduml