yoti 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +37 -0
- data/CHANGELOG.md +13 -0
- data/CONTRIBUTING.md +119 -0
- data/Gemfile +9 -0
- data/Guardfile +11 -0
- data/LICENSE.txt +202 -0
- data/README.md +222 -0
- data/Rakefile +46 -0
- data/lib/generators/yoti/install/install_generator.rb +13 -0
- data/lib/generators/yoti/install/templates/yoti.rb +4 -0
- data/lib/yoti/activity_details.rb +31 -0
- data/lib/yoti/client.rb +17 -0
- data/lib/yoti/configuration.rb +84 -0
- data/lib/yoti/errors.rb +13 -0
- data/lib/yoti/protobuf/v1/attribute_public_api/attribute.pb.rb +45 -0
- data/lib/yoti/protobuf/v1/attribute_public_api/list.pb.rb +33 -0
- data/lib/yoti/protobuf/v1/attribute_public_api/signing.pb.rb +27 -0
- data/lib/yoti/protobuf/v1/common_public_api/encrypted_data.pb.rb +22 -0
- data/lib/yoti/protobuf/v1/definitions/attribute-public-api/attrpubapi_v1/attribute.proto +52 -0
- data/lib/yoti/protobuf/v1/definitions/attribute-public-api/attrpubapi_v1/list.proto +27 -0
- data/lib/yoti/protobuf/v1/definitions/attribute-public-api/attrpubapi_v1/signing.proto +23 -0
- data/lib/yoti/protobuf/v1/definitions/common-public-api/compubapi_v1/encrypted_data.proto +15 -0
- data/lib/yoti/protobuf/v1/protobuf.rb +49 -0
- data/lib/yoti/request.rb +58 -0
- data/lib/yoti/ssl.rb +71 -0
- data/lib/yoti/version.rb +4 -0
- data/lib/yoti.rb +21 -0
- data/login_flow.png +0 -0
- data/rubocop.yml +27 -0
- data/yardstick.yml +9 -0
- data/yoti.gemspec +38 -0
- metadata +218 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 270442593767f8b4617061ac8ee2157e4622200f
|
4
|
+
data.tar.gz: f3741b80610654a97991e4152373875f044d0bf4
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 9137c7fda0e3b07b02720f430dba9c2ab4996bf58865da4cd86b35284b59e2297c101d48d0323f2a61547362d0dedbe036f957e3b4ec2742beb7e04621991280
|
7
|
+
data.tar.gz: 846f95e71fa1bcb22f9056ed6fa8d5e1cfeee79d925693c9e7f63a206ae9678f4010dc8265811c4f6080b4fe4876a5b00858ac0ea08a13faee77e89f05d22634
|
data/.gitignore
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.config
|
4
|
+
/coverage/
|
5
|
+
/InstalledFiles
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/spec/examples.txt
|
9
|
+
/test/tmp/
|
10
|
+
/test/version_tmp/
|
11
|
+
/tmp/
|
12
|
+
|
13
|
+
# Used by dotenv library to load environment variables.
|
14
|
+
.env
|
15
|
+
|
16
|
+
## Documentation cache and generated files:
|
17
|
+
/.yardoc/
|
18
|
+
/_yardoc/
|
19
|
+
/doc/
|
20
|
+
/rdoc/
|
21
|
+
|
22
|
+
## Environment normalization:
|
23
|
+
/.bundle/
|
24
|
+
/vendor/bundle
|
25
|
+
/lib/bundler/man/
|
26
|
+
|
27
|
+
# for a library or gem, you might want to ignore these files since the code is
|
28
|
+
# intended to run in multiple environments; otherwise, check them in:
|
29
|
+
Gemfile.lock
|
30
|
+
.ruby-version
|
31
|
+
.ruby-gemset
|
32
|
+
|
33
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
34
|
+
.rvmrc
|
35
|
+
|
36
|
+
# Ignore Yardstick measurement files
|
37
|
+
/measurement
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
# Change Log
|
2
|
+
All notable changes to this project will be documented in this file.
|
3
|
+
|
4
|
+
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
5
|
+
and this project adheres to [Semantic Versioning](http://semver.org/).
|
6
|
+
|
7
|
+
## 1.0.0 - 2016-11-14
|
8
|
+
### Added
|
9
|
+
- This is an initial public release.
|
10
|
+
|
11
|
+
## 0.1.0 - 2016-09-14
|
12
|
+
### Added
|
13
|
+
- This is an initial private release.
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,119 @@
|
|
1
|
+
# Contributing
|
2
|
+
|
3
|
+
After checking out the repo, run `bundle install` to install dependencies. Then, run `bundle exec rake spec` to run the tests. To install this gem onto your local machine, run `bundle exec rake install`.
|
4
|
+
|
5
|
+
You can use [Guard][] to automatically run the tests every time a file in the `lib` or `spec` folder changes.
|
6
|
+
|
7
|
+
|
8
|
+
Run Guard through Bundler with:
|
9
|
+
|
10
|
+
```shell
|
11
|
+
$ bundle exec guard
|
12
|
+
```
|
13
|
+
|
14
|
+
[Guard]: https://github.com/guard/guard
|
15
|
+
|
16
|
+
## Dependencies
|
17
|
+
|
18
|
+
Although this gem supports Ruby 2.0.0, in order to use the latest development dependencies you have to use at least Ruby 2.2.2.
|
19
|
+
|
20
|
+
If you wish to compile `.proto` definitions to Ruby, you will need to install [Google's Protocol Buffers](http://code.google.com/p/protobuf).
|
21
|
+
|
22
|
+
### OSX
|
23
|
+
|
24
|
+
```shell
|
25
|
+
$ brew install protobuf
|
26
|
+
```
|
27
|
+
|
28
|
+
### Ubuntu
|
29
|
+
```shell
|
30
|
+
$ sudo apt-get install -y protobuf
|
31
|
+
```
|
32
|
+
|
33
|
+
This gem relies heavily on the [Ruby Protobuf][] gem. For more information on how Google Protobuf works, please see the [Wiki pages][].
|
34
|
+
|
35
|
+
Compiling the common and attribute `.proto` definitions can be done with the following commands:
|
36
|
+
|
37
|
+
```shell
|
38
|
+
$ cd lib/yoti/protobuf/v1
|
39
|
+
$ protoc -I definitions/attribute-public-api/attrpubapi_v1 --ruby_out ./attribute_public_api definitions/attribute-public-api/attrpubapi_v1/*.proto
|
40
|
+
$ protoc -I definitions/common-public-api/compubapi_v1/ --ruby_out ./common_public_api definitions/common-public-api/compubapi_v1/*.proto
|
41
|
+
```
|
42
|
+
|
43
|
+
These commands will overwrite the current protobuf Ruby modules, which have been modified. If the protobuf files have to be updated, a good idea would be to change them manually, or generate the files in a new location, and compare the content.
|
44
|
+
|
45
|
+
[Ruby Protobuf]: https://github.com/ruby-protobuf/protobuf/
|
46
|
+
[Wiki Pages]: https://github.com/ruby-protobuf/protobuf/wiki
|
47
|
+
|
48
|
+
## Requirements
|
49
|
+
|
50
|
+
### Code coverage
|
51
|
+
|
52
|
+
The 100% code coverage requirement must be met before submitting new code.
|
53
|
+
This can be checked by opening the generated [SimpleCov][] files:
|
54
|
+
|
55
|
+
```shell
|
56
|
+
$ open coverage/index.html
|
57
|
+
```
|
58
|
+
|
59
|
+
### Style guide
|
60
|
+
The Ruby style guide is configured in the [rubocop.yml](rubocop.yml) file and can be checked by running:
|
61
|
+
|
62
|
+
```shell
|
63
|
+
$ bundle exec rake rubocop
|
64
|
+
```
|
65
|
+
|
66
|
+
### Documentation
|
67
|
+
The documentation uses the [Yard][] format. Please ensure all new classes and methods are fully documented.
|
68
|
+
|
69
|
+
There are a few Rake tasks to handle documentation:
|
70
|
+
|
71
|
+
```shell
|
72
|
+
$ bundle exec rake measurement
|
73
|
+
```
|
74
|
+
|
75
|
+
Verifies the documentation with [Yardstick][] and generates the `measurement/report.txt` file, containing tips on how to improve the documentation coverage.
|
76
|
+
|
77
|
+
```shell
|
78
|
+
$ bundle exec rake verify_measurements
|
79
|
+
```
|
80
|
+
|
81
|
+
Verifies that the [Yardstick][] coverage matches the one set in the [Rakefile](Rakefile).
|
82
|
+
|
83
|
+
```shell
|
84
|
+
$ bundle exec rake yard
|
85
|
+
```
|
86
|
+
Generates [YARD][] documentation in the doc folder.
|
87
|
+
|
88
|
+
### Git
|
89
|
+
|
90
|
+
Commit messages should ideally start with one of the following verbs:
|
91
|
+
|
92
|
+
* Add
|
93
|
+
* Merge
|
94
|
+
* Fix
|
95
|
+
* Remove
|
96
|
+
* Improve
|
97
|
+
* Use
|
98
|
+
|
99
|
+
[SimpleCov]: https://github.com/colszowka/simplecov
|
100
|
+
[Yard]: http://yardoc.org/
|
101
|
+
[Yardstick]: https://github.com/dkubb/yardstick
|
102
|
+
|
103
|
+
## Submitting a pull request
|
104
|
+
1. [Fork the repository.][fork]
|
105
|
+
2. [Create a topic branch.][branch]
|
106
|
+
3. Add specs for your unimplemented feature or bug fix.
|
107
|
+
4. Run `bundle exec rake spec`. If your specs pass, return to step 3.
|
108
|
+
5. Implement your feature or bug fix.
|
109
|
+
6. Run `bundle exec rake`. If your specs fail, return to step 5.
|
110
|
+
7. Run `open coverage/index.html`. If your changes are not completely covered
|
111
|
+
by your tests, return to step 3.
|
112
|
+
8. If Rubocop warns you about styling errors, correct them based on the guidelines and run `bundle exec rake rubocop` to make sure all offences are gone.
|
113
|
+
9. Add documentation for your feature or bug fix.
|
114
|
+
10. Commit and push your changes.
|
115
|
+
11. [Submit a pull request.][pr]
|
116
|
+
|
117
|
+
[fork]: http://help.github.com/fork-a-repo/
|
118
|
+
[branch]: http://learn.github.com/p/branching.html
|
119
|
+
[pr]: http://help.github.com/send-pull-requests/
|
data/Gemfile
ADDED
data/Guardfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,202 @@
|
|
1
|
+
terms & conditions for DEVELOPERS
|
2
|
+
|
3
|
+
|
4
|
+
By downloading the Software (as defined below), you are accepting and agreeing to these terms and conditions (“Terms”) which constitute a legal agreement between us. If you (the Developer) do not agree with these Terms, you should not download the Software.
|
5
|
+
|
6
|
+
|
7
|
+
We are Yoti Limited (the “Provider”) a company registered in England and Wales. Our company registration number is 08998951 and our registered office is at 7-8 St. Martin’s Place, London WC2N 4JH. Our registered VAT number is 199947617. You can contact us by writing to us at: hello@yoti.com, or at our registered office.
|
8
|
+
|
9
|
+
|
10
|
+
1. Interpretation
|
11
|
+
1. Definitions:
|
12
|
+
Affiliate: in relation to a party, any entity that directly or indirectly controls, is controlled by, or is under common control with a party from time to time.
|
13
|
+
Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
|
14
|
+
Control: shall be as defined in section 1124 of the Corporation Tax Act 2010, and the expression change of Control shall be construed accordingly.
|
15
|
+
Dashboard: a web application provided by the Supplier for the benefit of an an individual or organisation, which allows those individuals or organisations to manage their Yoti accounts.
|
16
|
+
Developer: the individual or entity or which accepts these Terms with the Provider.
|
17
|
+
Intellectual Property Rights: patents, utility models, rights to inventions, copyright and related rights, trade marks and service marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets), and any other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
|
18
|
+
Maintenance Release: release of the Software that corrects faults, adds functionality or otherwise amends or upgrades the Software.
|
19
|
+
Software: the web software development kit(s) provided to the Developer by the Provider that allows individuals and entities to communicate with the Yoti Platform and which is managed through Dashboard.
|
20
|
+
Yoti: the Provider’s digital identity verification system for exchanging attributes.
|
21
|
+
1. Unless the context otherwise requires:
|
22
|
+
|
23
|
+
|
24
|
+
1. A reference to a statute or statutory provision is a reference to it as amended or re-enacted. A reference to a statute or statutory provision includes any subordinate legislation made under that statute or statutory provision, as amended or re-enacted.
|
25
|
+
|
26
|
+
|
27
|
+
1. Any phrase introduced by the terms including, include, in particular or any similar expression, shall be construed as illustrative and shall not limit the sense of the words preceding those terms.
|
28
|
+
|
29
|
+
|
30
|
+
1. A reference to writing or written includes email.
|
31
|
+
2. Basis of contract
|
32
|
+
2.1 These Terms apply to the exclusion of any other terms that the Developer seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
|
33
|
+
1. The parties agree that the provisions of Regulation 9 of the Electronic Commerce (EC Directive) Regulations 2002 shall not apply to these Terms.
|
34
|
+
3. LICENCE
|
35
|
+
1. In consideration of the sum of £1 paid by the Developer to the Provider, receipt and sufficiency of which the Provider hereby acknowledges, the Provider grants to the Developer a non-exclusive, royalty-free, revocable, worldwide licence to use the Software for the duration of these Terms.
|
36
|
+
|
37
|
+
|
38
|
+
1. In relation to scope of use:
|
39
|
+
|
40
|
+
|
41
|
+
1. for the purposes of clause 3.1, use of the Software shall be for the purpose only of developing applications for the exploitation of Yoti by customers of the Provider, or otherwise in accordance with the specific instructions of the Provider.
|
42
|
+
2. the Developer may not use the Software other than as specified in clause 3.1 and clause 3.2(a).
|
43
|
+
3. the Developer may make backup copies of the Software as may be necessary for its lawful use.
|
44
|
+
|
45
|
+
|
46
|
+
1. The Developer shall not:
|
47
|
+
|
48
|
+
1. sell, sub-license, assign or novate the benefit or burden of these Terms in whole or in part;
|
49
|
+
2. allow the Software to become the subject of any charge, lien or encumbrance; and
|
50
|
+
3. deal in any other manner with any or all of its rights and obligations under these Terms.
|
51
|
+
|
52
|
+
|
53
|
+
1. The Developer shall:
|
54
|
+
|
55
|
+
|
56
|
+
1. keep a complete and accurate record of the Developer's copying and disclosure of the Software (including any back up copies made pursuant to clause 3.2(c) above) and its users, and produce such record to the Provider on request from time to time;
|
57
|
+
2. take all reasonable steps to prevent unauthorised copying of the Software; and
|
58
|
+
3. notify the Provider as soon as it becomes aware of any unauthorised use of the Software by any person.
|
59
|
+
|
60
|
+
|
61
|
+
1. Developer’s Affiliates may make use of the Software, and Developer may grant access to the Software to such of its employees, or contractors and consultants under the direct control of the Developer (“Developer Personnel”), as necessary provided that the Developer:
|
62
|
+
|
63
|
+
|
64
|
+
1. procures that its Affiliates, and Developer Personnel are made aware of and at all times adhere to these Terms;
|
65
|
+
2. remains liable for the acts or omissions of its Affiliates and Developer Personnel as if they were its own; and
|
66
|
+
3. shall cease to make the Software available to any of its Affiliates immediately on that party ceasing to be an Affiliate, and to any of its Developer Personnel on that party ceasing to be employed or engaged by the Developer.
|
67
|
+
1. MAINTENANCE RELEASES
|
68
|
+
The Provider will provide the Developer with all Maintenance Releases generally made available to its customers.
|
69
|
+
1. Developer's obligations
|
70
|
+
|
71
|
+
1. The Developer represents, warrants and undertakes that it will use the Software in compliance with all applicable laws and shall not: (a) resell, sublicense, lease or otherwise make available to any third party the Software; (b) attempt to gain or gain unauthorised access to, or disrupt the integrity or performance of the Software; (c) modify, copy, translate or create derivative works based on the Software or attempt to discover the source code or underlying ideas or algorithms thereof; (d) reverse engineer, decompile or disassemble the Software; (e) use the Software for the purpose of building a competitive product or service or copying its features, technology or user interface; (f) use the Software, or permit the foregoing to be used, for purposes of product evaluation, benchmarking or other comparative analysis intended for publication without the Provider's prior written consent; (g) act or omit to act in any way that results in damage to the Provider's business or reputation; and (h) use or otherwise deal with the Provider’s logos, as notified to the Developer from time to time, other than in accordance with these Terms.
|
72
|
+
2. Any breach by the Developer of any of the provisions in clause 5.1 shall be a material breach of these Terms and, without prejudice to its other rights and remedies, shall entitle the Provider to terminate these Terms immediately on written notice to the Developer.
|
73
|
+
1. dashboard
|
74
|
+
|
75
|
+
|
76
|
+
1. The Developer may only invite, and grant access to, authorised Developer Personnel to use the Dashboard and shall procure that any such Developer Personnel only uses the Dashboard (and any information contained therein) for the purposes as specified in clause 3.1 and 3.2(a), and not for any other purpose whatsoever.
|
77
|
+
|
78
|
+
1. Intellectual property rights
|
79
|
+
1. The Developer acknowledges that all Intellectual Property Rights in or arising out of or in connection with the Software shall be owned by the Provider, and neither the Developer nor any of its Affiliates have any rights other than to use the Software in accordance with these Terms.
|
80
|
+
2. The Developer agrees that it will not, and will procure that its Affiliates will not, do anything which could infringe the Intellectual Property Rights of the Provider including any of the Intellectual Property Rights arising from or in connection with the Software or otherwise pursuant to the terms of these Terms. Any and all rights not expressly granted under these Terms shall be reserved by the Provider.
|
81
|
+
1. Limitation of liability and indemnities: THE DEVELOPER'S ATTENTION IS PARTICULARLY DRAWN TO THIS CLAUSE
|
82
|
+
1. Nothing in these Terms shall limit or exclude either party’s liability for:
|
83
|
+
(a) death or personal injury caused by its negligence, or the negligence of its employees, agents or subcontractors; or
|
84
|
+
1. fraud or fraudulent misrepresentation; or
|
85
|
+
2. any liability which cannot be limited or excluded by applicable law.
|
86
|
+
|
87
|
+
|
88
|
+
1. Subject to clause 9.1, the Provider shall not be liable to the Developer, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with these Terms for:
|
89
|
+
(a) loss of profits;
|
90
|
+
1. loss of sales or business;
|
91
|
+
2. loss of agreements or contracts;
|
92
|
+
3. loss of anticipated savings;
|
93
|
+
4. loss of use or corruption of software, data or information;
|
94
|
+
5. loss of damage to goodwill; and
|
95
|
+
6. any indirect or consequential loss.
|
96
|
+
|
97
|
+
|
98
|
+
1. Except as expressly provided herein, neither party makes any warranties of any kind, whether implied, statutory or otherwise which are, to the fullest extent permitted by law, excluded from these Terms. The Provider does not warrant that the use of the Software will be uninterrupted or error-free.
|
99
|
+
2. Subject to clauses 8.1, 8.2 and 8.3, the Provider shall indemnify on demand and hold harmless the Developer from and against any and all losses, demands, claims, damages, costs, expenses (including reasonable legal costs and expenses) and liabilities suffered or incurred, directly or indirectly, by the Developer and/or the Developer’s Affiliates as a result of or in connection with: (a) any third party claim brought against the Developer for infringement of a third party's rights (including any Intellectual Property Rights) arising out of, or in connection with, the receipt or use of the Software by the Developer strictly in accordance with the terms of these Terms; and (b) breach of clause 11.11 and 11.12.
|
100
|
+
3. Subject to clauses 9.1 and 9.2, the Developer shall indemnify on demand and hold harmless the Provider, directors, officers, employees, agents and shareholders from and against any and all losses, demands, claims, damages, costs, expenses (including reasonable legal costs and expenses) and liabilities suffered or incurred, directly or indirectly, by the Provider and/or the Provider’s Affiliates as a result of or in connection with breach of clauses 5.1, 10.11 and 10.12.
|
101
|
+
4. In the event of any claim under either of the indemnities in clauses 9.5 or 9.6, the indemnified party shall:
|
102
|
+
(a) notify the indemnifying party in writing of any such claim (stating in reasonable detail the nature of the matter and if practicable the amount claimed); and
|
103
|
+
1. give the indemnifying party (at the indemnifying party’s own cost) conduct of the defence of such claim and all related settlement negotiations; and
|
104
|
+
2. provide the indemnifying party with reasonable assistance, information, and authority necessary to act in accordance with clause 9.7(b), all out-of-pocket expenses incurred by the indemnified party in providing such assistance, information and authority to be reimbursed by the indemnifying party.
|
105
|
+
|
106
|
+
|
107
|
+
1. The indemnified party shall have a duty to mitigate any loss which it may incur as a result of a matter giving rise to a right of indemnification under this clause 9.
|
108
|
+
2. This clause 8 shall survive termination of these Terms.
|
109
|
+
1. TERM AND Termination
|
110
|
+
1. These Terms will continue in force from the date on which the Developer accepts these Terms until terminated in accordance with this clause.
|
111
|
+
2. Either party may terminate these Terms at any time without cause by giving the other party no less than 5 Business Days’ written notice.
|
112
|
+
3. Without limiting any other rights or remedy available to it, either party may terminate these Terms with immediate effect by giving written notice to the other party if:
|
113
|
+
(a) the other party commits a material breach of any term of these Terms which breach is irremediable or (if such a breach is remediable) fails to remedy that breach within 30 days after being notified to do so; or
|
114
|
+
(b) in the case of the Provider only: (i) if there is a change of Control of the Developer; or (ii) if the Developer suffers or incurs any form of insolvency or arrangement with its creditors.
|
115
|
+
1. Any provision of these Terms that expressly or by implication is intended to come into or continue in force on or after termination of these Terms shall remain in full force and effect.
|
116
|
+
|
117
|
+
|
118
|
+
1. Termination of these Terms shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of these Terms which existed at or before the date of termination.
|
119
|
+
|
120
|
+
|
121
|
+
1. On termination of these Terms for any reason, the Developer shall immediately cease to use the Software, and shall procure that any of its Affiliates and the Developer Personnel shall cease to use the Software, and shall permanently delete, destroy or return to the Provider (at the Provider’s option) all copies of the Software then in its possession, custody or control.
|
122
|
+
|
123
|
+
|
124
|
+
1. General
|
125
|
+
|
126
|
+
|
127
|
+
1. Waiver
|
128
|
+
|
129
|
+
|
130
|
+
No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
|
131
|
+
|
132
|
+
|
133
|
+
1. Rights and remedies
|
134
|
+
|
135
|
+
|
136
|
+
Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
|
137
|
+
|
138
|
+
|
139
|
+
1. Entire agreement
|
140
|
+
(a) The Agreement and the documents otherwise referred to therein contain the whole agreement between the parties relating to the subject matter hereof and supersede all prior agreements, arrangements and understandings between the parties relating to that subject matter.
|
141
|
+
|
142
|
+
1. Each party acknowledges that, in entering into these Terms, it does not rely on any statement, representation, assurance or warranty (whether it was made negligently or innocently) of any person (whether a party to these Terms or not) (Representation) other than as expressly set out in these Terms or those documents. Each party agrees that the only rights and remedies available to it arising out of or in connection with a Representation shall be for breach of contract as expressly provided in these Terms. Nothing in this clause shall limit or exclude any liability for fraud.
|
143
|
+
|
144
|
+
|
145
|
+
1. Variation
|
146
|
+
|
147
|
+
|
148
|
+
No variation of these Terms shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
|
149
|
+
|
150
|
+
|
151
|
+
1. Severance
|
152
|
+
|
153
|
+
|
154
|
+
If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of these Terms.
|
155
|
+
|
156
|
+
|
157
|
+
1. Third parties
|
158
|
+
|
159
|
+
|
160
|
+
A person who is not a party to these Terms shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms, but this does affect any right or remedy of a third party which exists, or is available, apart from that Act. Notwithstanding the foregoing, any of the Provider’s Affiliates may enforce the terms of these Terms subject to and in accordance with this clause 11.6, these Terms and the Contracts (Rights of Third Parties) Act 1999.
|
161
|
+
|
162
|
+
|
163
|
+
1. No partnership
|
164
|
+
|
165
|
+
|
166
|
+
Nothing in this agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party. Each party confirms it is acting on its own behalf and not for the benefit of any other person.
|
167
|
+
|
168
|
+
|
169
|
+
1. Force majeure
|
170
|
+
|
171
|
+
|
172
|
+
Neither party shall be in breach of these Terms nor liable for delay in performing, or failure to perform, any of its obligations under these Terms if such delay or failure result from events, circumstances or causes beyond its reasonable control, and the affected party shall be entitled to a reasonable extension of the time for performing such obligations. If the period of delay or non-performance continues for twelve weeks, the party not affected may terminate these Terms by giving 7 days’ written notice to the affected party.
|
173
|
+
|
174
|
+
|
175
|
+
1. Notices
|
176
|
+
|
177
|
+
|
178
|
+
(a) Any notice or other communication given to a party under or in connection with these Terms shall be in writing, addressed to that party at its registered office or such other address as that party may have specified to the other party in writing in accordance with this clause, and shall be delivered personally, or sent by pre-paid first class post or other next working day delivery service, commercial courier, or email.
|
179
|
+
1. A notice or other communication shall be deemed to have been received: if delivered personally, when left at the address referred to in clause 11.9(a); if sent by pre-paid first class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; if delivered by commercial courier, on the date and at the time that the courier's delivery receipt is signed; or, if sent by or email, one Business Day after transmission.
|
180
|
+
(c)The provisions of this clause shall not apply to the service of any proceedings or other documents in any legal action.
|
181
|
+
|
182
|
+
11.10 Assignment and other dealings
|
183
|
+
(a) The Provider may at any time assign, transfer, mortgage, charge, subcontract or deal in any other manner with all or any of its rights under these Terms and may subcontract or delegate in any manner any or all of its obligations under these Terms to any third party or agent.
|
184
|
+
1. The Developer shall not, without the prior written consent of the Provider, assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights or obligations under these Terms, other than as set out herein.
|
185
|
+
|
186
|
+
|
187
|
+
1. Data Protection
|
188
|
+
(a) Each party shall comply with all applicable data protection and data privacy laws and regulations applying to any Personal Data (as defined in the UK Data Protection Act 1998) exchanged in connection with these Terms, and each party shall have established privacy policies and processes or principles to ensure that it remains at all times in compliance with such laws and regulations.
|
189
|
+
(b) The Developer shall ensure data minimisation and follow the ICO guidance for app developers ‘Privacy in mobile apps’ as may be updated and replaced from time to time.
|
190
|
+
11.12 Confidentiality
|
191
|
+
1. Each party shall, during the term of these Terms and thereafter, keep confidential all information of a confidential nature (including trade secrets and information of commercial value) which may become known to such party from the other party and which relates to the other party or any of its Affiliates. Neither party shall use the other party’s confidential information for its own purposes (other than implementation of these Terms) nor, without the prior written consent of the other, disclose it to any third party (except its professional advisors or as may be required by any law or any legal or regulatory authority). The foregoing obligations shall not apply (or shall cease to apply) if that information: (a) is public knowledge or already known to such party at the time of disclosure; or (b) subsequently becomes public knowledge other than by breach of this licence; or (c) subsequently comes lawfully into the possession of such party from a third party. Each party shall use its reasonable endeavours to prevent the unauthorised disclosure of any such information.
|
192
|
+
|
193
|
+
|
194
|
+
1. No party shall make, or permit any person to make, any public announcement concerning this agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
|
195
|
+
|
196
|
+
|
197
|
+
|
198
|
+
|
199
|
+
1. Audit
|
200
|
+
The Developer acknowledges and agrees that the Provider may, at the reasonable request of the Provider, inspect and have access to such of the Developer’s personnel, facilities and books and records, relevant to the use of the Software, for the purposes of ensuring that the Developer is complying with the terms of these Terms, provided that the Provider provides reasonable advance notice to the Developer of such inspections, which shall take place at reasonable times, unless otherwise requested by any governmental or regulatory body having jurisdiction over the Provider.
|
201
|
+
1. Governing law and jurisdiction
|
202
|
+
The Agreement, and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with the law of England and Wales. The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with these Terms or its subject matter or formation (including non-contractual disputes or claims).
|
data/README.md
ADDED
@@ -0,0 +1,222 @@
|
|
1
|
+
# Yoti Ruby SDK
|
2
|
+
|
3
|
+
|
4
|
+
Welcome to the Yoti Ruby SDK. This repository contains the tools you need to quickly integrate your Ruby back-end with Yoti, so that your users can share their identity details with your application in a secure and trusted way.
|
5
|
+
|
6
|
+
## An architectural view
|
7
|
+
To integrate your application with Yoti, your back-end must expose a GET endpoint that Yoti will use to forward tokens.
|
8
|
+
The endpoint can be configured in your Yoti Dashboard when you create/update your application. It can be found in the Integration section under the Callback URL name.
|
9
|
+
|
10
|
+
The image below shows how your application back-end and Yoti integrate in the context of a Login flow.
|
11
|
+
Yoti SDK carries out for you steps 6, 7, 8 and the profile decryption in step 9.
|
12
|
+
|
13
|
+
![alt text](login_flow.png "Login flow")
|
14
|
+
|
15
|
+
|
16
|
+
Yoti also allows you to enable user details verification from your mobile app by means of the Android (TBA) and iOS (TBA) SDKs. In that scenario, your Yoti-enabled mobile app is playing both the role of the browser and the Yoti app. Your back-end doesn't need to handle these cases in a significantly different way, but you might decide to handle the `User-Agent` header in order to provide different responses for web and mobile clients.
|
17
|
+
|
18
|
+
## References
|
19
|
+
|
20
|
+
* [AES-256 symmetric encryption][]
|
21
|
+
* [RSA pkcs asymmetric encryption][]
|
22
|
+
* [Protocol buffers][]
|
23
|
+
* [Base64 data][]
|
24
|
+
|
25
|
+
[AES-256 symmetric encryption]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
26
|
+
[RSA pkcs asymmetric encryption]: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
|
27
|
+
[Protocol buffers]: https://en.wikipedia.org/wiki/Protocol_Buffers
|
28
|
+
[Base64 data]: https://en.wikipedia.org/wiki/Base64
|
29
|
+
|
30
|
+
## Requirements
|
31
|
+
|
32
|
+
The Yoti gem requires at least Ruby 2.0.0.
|
33
|
+
If you're using a version of Ruby lower than 2.2.2 you might encounter issues when [Bundler][] tries to install the [Active Support][] gem. This can be avoided by manually requiring activesupport 4.2.
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
gem activesupport '~> 4.2'
|
37
|
+
```
|
38
|
+
|
39
|
+
The 1.13 version of [Bundler][] (currently in release candidate stage) will sort this dependency issue automatically. More info in this [comment][] by André Arko.
|
40
|
+
|
41
|
+
[comment]: https://github.com/bundler/bundler-features/issues/120#issuecomment-214514847
|
42
|
+
[Bundler]: http://bundler.io/
|
43
|
+
[Active Support]: https://rubygems.org/gems/activesupport/
|
44
|
+
|
45
|
+
## Installation
|
46
|
+
|
47
|
+
Add this line to your application's Gemfile:
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
gem 'yoti'
|
51
|
+
```
|
52
|
+
|
53
|
+
And then execute:
|
54
|
+
|
55
|
+
```shell
|
56
|
+
$ bundle install
|
57
|
+
```
|
58
|
+
|
59
|
+
Or install it yourself as:
|
60
|
+
|
61
|
+
```shell
|
62
|
+
$ [sudo] gem install yoti
|
63
|
+
```
|
64
|
+
|
65
|
+
### Ruby on Rails
|
66
|
+
|
67
|
+
The gem provides a generator for the initialization file:
|
68
|
+
|
69
|
+
```shell
|
70
|
+
$ rails generate yoti:install
|
71
|
+
```
|
72
|
+
|
73
|
+
The generated initialisation file can be found in `config/initializers/yoti.rb`.
|
74
|
+
|
75
|
+
Make sure the following environment variables can be accessed by your app:
|
76
|
+
|
77
|
+
`YOTI_CLIENT_SDK_ID` - found on the *Integrations* settings page
|
78
|
+
|
79
|
+
`YOTI_KEY_FILE_PATH` - the full path to your security key downloaded from the *Keys* settings page (e.g. /Users/developer/access-security.pem)
|
80
|
+
|
81
|
+
## Configuration
|
82
|
+
|
83
|
+
A minimal Yoti client initialisation looks like this:
|
84
|
+
|
85
|
+
```ruby
|
86
|
+
Yoti.configure do |config|
|
87
|
+
config.client_sdk_id = ENV['YOTI_CLIENT_SDK_ID']
|
88
|
+
config.key_file_path = ENV['YOTI_KEY_FILE_PATH']
|
89
|
+
end
|
90
|
+
```
|
91
|
+
The following options are available:
|
92
|
+
|
93
|
+
Config | Required | Default | Note
|
94
|
+
---------------------|----------|----------------------|-----
|
95
|
+
`client_sdk_id` | Yes | | SDK identifier generated by when you publish your app
|
96
|
+
`key_file_path` | Yes | | Path to the pem file generated when you create your app
|
97
|
+
`api_url` | No | https://api.yoti.com |
|
98
|
+
`api_port` | No | 443 |
|
99
|
+
|
100
|
+
Keeping your settings and access keys outside your repository is highly recommended. You can use gems like [dotenv][] to manage environment variables more easily.
|
101
|
+
|
102
|
+
[dotenv]: https://github.com/bkeepers/dotenv
|
103
|
+
|
104
|
+
### Deploying to Heroku / AWS Elastic Beanstalk
|
105
|
+
|
106
|
+
Although we recommend using a pem file to store your secret key, and take advantage of the UNIX file permissions, your hosting provider might not allow access to the file system outside the deployment process.
|
107
|
+
|
108
|
+
If you're using Heroku or other alternative services, you can store the content of the secret key in an environment variable.
|
109
|
+
|
110
|
+
Your configuration should look like this:
|
111
|
+
|
112
|
+
```ruby
|
113
|
+
Yoti.configure do |config|
|
114
|
+
config.client_sdk_id = ENV['YOTI_CLIENT_SDK_ID']
|
115
|
+
config.key = ENV['YOTI_KEY']
|
116
|
+
end
|
117
|
+
```
|
118
|
+
|
119
|
+
Where `YOTI_KEY` is an environment variable with the following format:
|
120
|
+
|
121
|
+
```
|
122
|
+
YOTI_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIEp..."
|
123
|
+
```
|
124
|
+
|
125
|
+
An easier way of setting this on Heroku would be to use the [Heroku Command Line][]
|
126
|
+
|
127
|
+
```shell
|
128
|
+
heroku config:add YOTI_KEY ="$(cat your-access-security.pem)"
|
129
|
+
```
|
130
|
+
|
131
|
+
[Heroku Command Line]: https://devcenter.heroku.com/articles/heroku-command-line
|
132
|
+
|
133
|
+
## Usage
|
134
|
+
|
135
|
+
### Profile retrieval
|
136
|
+
|
137
|
+
When your application receives a token via the exposed endpoint (it will be assigned to a query string parameter named `token`), you can easily retrieve the user profile:
|
138
|
+
|
139
|
+
```ruby
|
140
|
+
yoti_activity_details = Yoti::Client.get_activity_details(params[:token])
|
141
|
+
```
|
142
|
+
|
143
|
+
Before you inspect the user profile, you might want to check whether the user validation was successful. This is done as follows:
|
144
|
+
|
145
|
+
```ruby
|
146
|
+
if yoti_activity_details.outcome == 'SUCCESS'
|
147
|
+
user_profile = yoti_activity_details.user_profile
|
148
|
+
else
|
149
|
+
# handle unhappy path
|
150
|
+
end
|
151
|
+
```
|
152
|
+
|
153
|
+
The `user_profile ` object provides a set of attributes corresponding to user attributes. Whether the attributes are present or not depends on the settings you have applied to your app on Yoti Dashboard.
|
154
|
+
|
155
|
+
### Handling users
|
156
|
+
|
157
|
+
When you retrieve the user profile, you receive a user ID generated by Yoti exclusively for your application. This means that if the same individual logs into another app, Yoti will assign them a different id. You can use such id to verify whether the retrieved profile identifies a new or an existing user. Here is an example of how this works:
|
158
|
+
|
159
|
+
```ruby
|
160
|
+
if yoti_activity_details.outcome == 'SUCCESS'
|
161
|
+
user = your_user_search_function(yoti_activity_details.user_id)
|
162
|
+
|
163
|
+
if user
|
164
|
+
# handle login
|
165
|
+
else
|
166
|
+
# handle registration
|
167
|
+
end
|
168
|
+
else
|
169
|
+
# handle unhappy path
|
170
|
+
end
|
171
|
+
```
|
172
|
+
|
173
|
+
Where `your_user_search_function` is a piece of logic in your app that is supposed to find a user, given a user_id. Regardless of wether the user is a new or an existing one, Yoti will always provide their profile, so you don't necessarily need to store it.
|
174
|
+
|
175
|
+
## Running the examples
|
176
|
+
|
177
|
+
The examples can be found in the [examples folder](examples).
|
178
|
+
For them to work you will need a working callback URL that your browser can redirect to. A good way of doing this is to use [ngrok][] to expose the local development URL. The callback URL for both examples will be: `http://your-local-url.domain/profile`.
|
179
|
+
|
180
|
+
The examples also use the `YOTI_APPLICATION_ID` environment variable to display the Yoti Connect button. This value can be found in your Yoti account, on the *Integrations* page, under the *Login button* section.
|
181
|
+
|
182
|
+
### Ruby on Rails
|
183
|
+
|
184
|
+
* rename the [.env.default](examples/rails/.env.default) file to `.env` and fill in the required configuration values
|
185
|
+
* install the dependencies with `bundle install`
|
186
|
+
* start the server `rails server`
|
187
|
+
|
188
|
+
Visiting the `http://your-local-url.domain` should show a Yoti Connect button
|
189
|
+
|
190
|
+
### Sinatra
|
191
|
+
|
192
|
+
* rename the [.env.default](examples/sinatra/.env.default) file to `.env` and fill in the required configuration values
|
193
|
+
* install the dependencies with `bundle install`
|
194
|
+
* start the server `dotenv ./app.rb`
|
195
|
+
|
196
|
+
Visiting the `http://your-local-url.domain` should show a Yoti Connect button
|
197
|
+
|
198
|
+
[ngrok]: https://ngrok.com/
|
199
|
+
|
200
|
+
## API coverage
|
201
|
+
|
202
|
+
* Activity Details
|
203
|
+
* [X] User ID
|
204
|
+
* [X] Profile
|
205
|
+
* [X] Photo `selfie`
|
206
|
+
* [X] Given Names `given_names`
|
207
|
+
* [X] Family Name `family_name`
|
208
|
+
* [X] Mobile Number `phone_number`
|
209
|
+
* [X] Date of Birth `date_of_birth`
|
210
|
+
* [X] Address `post_code`
|
211
|
+
* [X] Gender `gender`
|
212
|
+
* [X] Nationality `nationality`
|
213
|
+
|
214
|
+
## Changelog
|
215
|
+
|
216
|
+
See recent changes in the [release notes][release notes] or the [changelog](CHANGELOG.md).
|
217
|
+
|
218
|
+
[release notes]: https://github.com/getyoti/ruby/releases
|
219
|
+
|
220
|
+
## License
|
221
|
+
|
222
|
+
The gem is available under the following [terms](LICENSE.txt).
|