Skip to end of banner
Go to start of banner

BPLAT-7116: Kabelnoord BSS integration

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Introduction

We need a design confluence page for this KN BSS Integration.

1. Data flow diagrams for each of use cases.
2. Get it reviewed by leads
3. Get these flows accepted by customer and third-parties involved

Once these are done, development team can start working on the Epic

Ticket: BPLAT-7116 - Getting issue details... STATUS


Big picture

Provision a new user on Move

(info) The current API does not allow a password to be set when creating the user.  Therefore a new endpoint is proposed.

The API MUST implement the POST endpoint specified at Users

The API MUST support the client using a PSK sent in the Authorization header for this endpoint (eventually this will become an OAuth2 token)

The API MUST hash the password with the SHA-256 algorithm and then apply the bcrypt algorithm before persisting it

The API SHOULD have a configurable system hash configuration (for future support of password_needs_rehash)

The API MUST verify that the username conforms to the format [0-9]{5}@kabelnoord.nl

(info) Note: Hashing with SHA-256 prior to applying bcrypt is not intended to increase our system security (it doesn't add entropy so is not terribly effective at increasing security).  We're doing this to allow the STB to store a hashed password to make it harder for opponents to see the  password in the clear and try use it on other services belonging to the user.   See BPLAT-6013: Kabelnoord login - user / password option [Phase 1]

  • No labels