yoti 1.7.0 → 1.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CONTRIBUTING.md +1 -1
- data/README.md +19 -224
- data/Rakefile +6 -2
- data/lib/yoti/http/request.rb +1 -0
- data/lib/yoti/version.rb +1 -1
- data/yoti.gemspec +3 -3
- metadata +4 -5
- data/login_flow.png +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f78d9caae30514cbb608f4156a54d6c8c2f7d82a3df8afbdf6295b8239e983a7
|
4
|
+
data.tar.gz: 59b9aad24b60db06445300441abfdf20203b52de713976d3a6815aca159b6579
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f656f156b49a6b96ed09271fcbb1fa312ef918195c184631481a9dee5e427c1c1866c58d43d97f09f7f38c7072b1bb9adb2de9acafa99d9c9f783845090d2eab
|
7
|
+
data.tar.gz: 601d9374b0320b4c59bf6c5378e50dbba524337ef28b2b6d74ba7eebbef4f30c029f187ce75f52a631343178e9281cd5d28c8b25e1c96c3531d1816bc67c0de8
|
data/.gitignore
CHANGED
data/CONTRIBUTING.md
CHANGED
data/README.md
CHANGED
@@ -10,39 +10,16 @@ Welcome to the Yoti Ruby SDK. This repository contains the tools you need to qui
|
|
10
10
|
|
11
11
|
## Table of Contents
|
12
12
|
|
13
|
-
1. [An Architectural view](#an-architectural-view) - High level overview of integration
|
14
13
|
1. [Requirements](#requirements) - Everything you need to get started
|
15
|
-
1. [Installing the SDK](#installing-the-sdk) - How to install our SDK
|
16
|
-
1. [Configuration](#configuration) - Configuring the SDK
|
17
|
-
1. [Profile Retrieval](#profile-retrieval) - How to retrieve a Yoti profile using the one time use token
|
18
|
-
1. [AML Integration](#aml-integration) - How to integrate with Yoti's AML (Anti Money Laundering) service
|
19
|
-
1. [Running the Examples](#running-the-examples) - How to run the example projects provided
|
20
|
-
1. [API Coverage](#api-coverage) - Attributes defined
|
21
|
-
1. [Support](#support) - Please feel free to reach out
|
22
|
-
|
23
|
-
## An Architectural view
|
24
|
-
|
25
|
-
To integrate your application with Yoti, your back-end must expose a GET endpoint that Yoti will use to forward tokens.
|
26
|
-
The endpoint is configured in the [Yoti Hub](https://hub.yoti.com) where you create/update your application. To see an example of how this is configured, see the [Running the Examples](#running-the-examples) section.
|
27
14
|
|
28
|
-
|
29
|
-
Yoti SDK carries out for you steps 6, 7, 8 and the profile decryption in step 9.
|
30
|
-
|
31
|
-
![alt text](login_flow.png "Login flow")
|
32
|
-
|
33
|
-
Yoti also allows you to enable user details verification from your mobile app by means of the Android (TBA) and iOS (TBA) SDKs. In that scenario, your Yoti-enabled mobile app is playing both the role of the browser and the Yoti app. Your back-end doesn't need to handle these cases in a significantly different way, but you might decide to handle the `User-Agent` header in order to provide different responses for desktop and mobile clients.
|
15
|
+
1. [Installing the SDK](#installing-the-sdk) - How to install our SDK
|
34
16
|
|
35
|
-
|
17
|
+
1. [Setup](#setup) - Setup required before using the Yoti services
|
36
18
|
|
37
|
-
|
38
|
-
|
39
|
-
* [Protocol buffers][]
|
40
|
-
* [Base64 data][]
|
19
|
+
1. [Products](#products) -
|
20
|
+
Links to more information about the products offered by the Yoti SDK
|
41
21
|
|
42
|
-
[
|
43
|
-
[RSA pkcs asymmetric encryption]: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
|
44
|
-
[Protocol buffers]: https://en.wikipedia.org/wiki/Protocol_Buffers
|
45
|
-
[Base64 data]: https://en.wikipedia.org/wiki/Base64
|
22
|
+
1. [Support](#support) - Please feel free to reach out
|
46
23
|
|
47
24
|
## Requirements
|
48
25
|
|
@@ -76,7 +53,7 @@ bundle install
|
|
76
53
|
Or simply run the following command from your terminal:
|
77
54
|
|
78
55
|
```shell
|
79
|
-
|
56
|
+
gem install yoti
|
80
57
|
```
|
81
58
|
|
82
59
|
## SDK Project Import
|
@@ -89,7 +66,12 @@ rails generate yoti:install
|
|
89
66
|
|
90
67
|
The generated initialisation file can be found in `config/initializers/yoti.rb`.
|
91
68
|
|
92
|
-
##
|
69
|
+
## Setup
|
70
|
+
|
71
|
+
For each service you will need:
|
72
|
+
|
73
|
+
* Your Client SDK ID, generated by [Yoti Hub](https://hub.yoti.com) when you create (and then publish) your app.
|
74
|
+
* Your .pem file. This is your own unique private key which your browser generates from the [Yoti Hub](https://hub.yoti.com) when you create an application.
|
93
75
|
|
94
76
|
A minimal Yoti client initialisation looks like this:
|
95
77
|
|
@@ -101,10 +83,8 @@ end
|
|
101
83
|
```
|
102
84
|
|
103
85
|
Make sure the following environment variables can be accessed by your app:
|
104
|
-
|
105
|
-
`
|
106
|
-
|
107
|
-
`YOTI_KEY_FILE_PATH` - the full path to your security key downloaded from the *Keys* settings page (e.g. /Users/developer/access-security.pem)
|
86
|
+
- `YOTI_CLIENT_SDK_ID`
|
87
|
+
- `YOTI_KEY_FILE_PATH`
|
108
88
|
|
109
89
|
The following options are available:
|
110
90
|
|
@@ -144,197 +124,12 @@ heroku config:add YOTI_KEY ="$(cat your-access-security.pem)"
|
|
144
124
|
|
145
125
|
[Heroku Command Line]: https://devcenter.heroku.com/articles/heroku-command-line
|
146
126
|
|
147
|
-
##
|
148
|
-
|
149
|
-
When your application receives a one time use token via the exposed endpoint (it will be assigned to a query string parameter named `token`), you can easily retrieve the user profile:
|
150
|
-
|
151
|
-
```ruby
|
152
|
-
one_time_use_token = params[:token]
|
153
|
-
yoti_activity_details = Yoti::Client.get_activity_details(one_time_use_token)
|
154
|
-
```
|
155
|
-
|
156
|
-
Before you inspect the user profile, you might want to check whether the user validation was successful. This is done as follows:
|
157
|
-
|
158
|
-
```ruby
|
159
|
-
if yoti_activity_details.outcome == 'SUCCESS'
|
160
|
-
profile = yoti_activity_details.profile
|
161
|
-
given_names = profile.given_names.value
|
162
|
-
family_name = profile.family_name.value
|
163
|
-
else
|
164
|
-
# handle unhappy path
|
165
|
-
end
|
166
|
-
```
|
167
|
-
|
168
|
-
The `profile` object provides a set of attributes corresponding to user attributes. Whether the attributes are present or not depends on the settings you have applied to your app on Yoti Hub.
|
169
|
-
|
170
|
-
### Handling Users
|
171
|
-
|
172
|
-
When you retrieve the user profile, you receive a user ID generated by Yoti exclusively for your application.
|
173
|
-
This means that if the same individual logs into another app, Yoti will assign her/him a different ID.
|
174
|
-
You can use this ID to verify whether (for your application) the retrieved profile identifies a new or an existing user.
|
175
|
-
Here is an example of how this works:
|
176
|
-
|
177
|
-
```ruby
|
178
|
-
if yoti_activity_details.outcome == 'SUCCESS'
|
179
|
-
user = your_user_search_function(yoti_activity_details.user_id)
|
180
|
-
profile = yoti_activity_details.profile
|
181
|
-
|
182
|
-
if user
|
183
|
-
# handle login
|
184
|
-
email = profile.email_address.value
|
185
|
-
else
|
186
|
-
# handle registration
|
187
|
-
given_names = profile.given_names.value
|
188
|
-
family_name = profile.family_name.value
|
189
|
-
email = profile.email_address.value
|
190
|
-
end
|
191
|
-
else
|
192
|
-
# handle unhappy path
|
193
|
-
end
|
194
|
-
```
|
195
|
-
|
196
|
-
Where `your_user_search_function` is a piece of logic in your app that is supposed to find a user, given a user_id. Regardless of whether the user is a new or an existing one, Yoti will always provide their profile, so you don't necessarily need to store it.
|
197
|
-
|
198
|
-
You can retrieve the sources and verifiers for each attribute as follows:
|
199
|
-
|
200
|
-
```ruby
|
201
|
-
given_names_sources = profile.given_names.sources # list of anchors
|
202
|
-
given_names_verifiers = profile.given_names.verifiers # list of anchors
|
203
|
-
given_names_anchors = profile.given_names.anchors # list of anchors
|
204
|
-
```
|
205
|
-
You can also retrieve further properties from these respective anchors in the following way:
|
206
|
-
|
207
|
-
```ruby
|
208
|
-
# Retrieving properties of the first anchor
|
209
|
-
type = given_names_sources[0].type # string
|
210
|
-
value = given_names_sources[0].value # string
|
211
|
-
sub_type = given_names_sources[0].sub_type # string
|
212
|
-
time_stamp = given_names_sources[0].signed_time_stamp.time_stamp # DateTime object
|
213
|
-
origin_server_certs = given_names_sources[0].origin_server_certs # list of X509 certificates
|
214
|
-
```
|
215
|
-
|
216
|
-
In case you want to prove the sources and verifiers of the helper`ActivityDetails.age_verified` on `Age Over 18` set as age derivation, please retrieve it's original attribute from the profile as follow:
|
217
|
-
|
218
|
-
```ruby
|
219
|
-
age_attribute = profile.get_attribute('age_over:18')
|
220
|
-
sources = age_attribute.sources
|
221
|
-
verifiers = age_attribute.verifiers
|
222
|
-
anchors = age_attribute.anchors
|
223
|
-
```
|
224
|
-
|
225
|
-
## AML Integration
|
226
|
-
|
227
|
-
Yoti provides an AML (Anti Money Laundering) check service to allow a deeper KYC process to prevent fraud. This is a chargeable service, so please contact [sdksupport@yoti.com](mailto:sdksupport@yoti.com) for more information.
|
228
|
-
|
229
|
-
Yoti will provide a boolean result on the following checks:
|
230
|
-
|
231
|
-
* PEP list - Verify against Politically Exposed Persons list
|
232
|
-
* Fraud list - Verify against US Social Security Administration Fraud (SSN Fraud) list
|
233
|
-
* Watch list - Verify against watch lists from the Office of Foreign Assets Control
|
234
|
-
|
235
|
-
To use this functionality you must ensure your application is assigned to your organisation in the Yoti Hub - please see [here](https://developers.yoti.com/yoti-app-integration/yoti-app-integration#step-1-creating-an-organisation) for further information.
|
236
|
-
|
237
|
-
For the AML check you will need to provide the following:
|
238
|
-
|
239
|
-
* Data provided by Yoti (please ensure you have selected the Given name(s) and Family name attributes for your scenario on the Yoti Hub)
|
240
|
-
* Given name(s)
|
241
|
-
* Family name
|
242
|
-
* Data that must be collected from the user:
|
243
|
-
* Country of residence (must be an ISO 3166 3-letter code)
|
244
|
-
* Social Security Number (US citizens only)
|
245
|
-
* Postcode/Zip code (US citizens only)
|
246
|
-
|
247
|
-
### Consent
|
248
|
-
|
249
|
-
Performing an AML check on a person *requires* their consent.
|
250
|
-
**You must ensure you have user consent *before* using this service.**
|
251
|
-
|
252
|
-
### Code Example
|
253
|
-
|
254
|
-
Given a YotiClient initialised with your SDK ID and KeyPair (see [Client Initialisation](#client-initialisation)) performing an AML check is a straightforward case of providing basic profile data.
|
255
|
-
|
256
|
-
```ruby
|
257
|
-
require 'yoti'
|
258
|
-
|
259
|
-
Yoti.configure do |config|
|
260
|
-
config.client_sdk_id = ENV['YOTI_CLIENT_SDK_ID']
|
261
|
-
config.key_file_path = ENV['YOTI_KEY_FILE_PATH']
|
262
|
-
end
|
263
|
-
|
264
|
-
aml_address = Yoti::AmlAddress.new('GBR')
|
265
|
-
aml_profile = Yoti::AmlProfile.new('Edward Richard George', 'Heath', aml_address)
|
266
|
-
|
267
|
-
puts Yoti::Client.aml_check(aml_profile)
|
268
|
-
```
|
127
|
+
## Products
|
269
128
|
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
### Ruby on Rails
|
275
|
-
|
276
|
-
1. Create your application in the [Yoti Hub](https://hub.yoti.com)
|
277
|
-
1. Set the application domain of your app to `localhost:3001`
|
278
|
-
1. Set the scenario callback URL to `/profile`
|
279
|
-
1. Rename the [.env.example](examples/rails/.env.example) file to `.env`
|
280
|
-
1. Fill in the environment variables in this file with the ones specific to your application (mentioned in the [Configuration](#configuration) section)
|
281
|
-
1. Install the dependencies by running the following commands
|
282
|
-
```ruby
|
283
|
-
$ bundle install
|
284
|
-
$ gem install foreman # We are doing this as it's not recommended to include foreman in your Gemfile
|
285
|
-
```
|
286
|
-
1. Start the server `foreman start`
|
287
|
-
|
288
|
-
Visiting `https://localhost:3001/` should show a Yoti Connect button
|
289
|
-
|
290
|
-
### Sinatra
|
291
|
-
|
292
|
-
1. Create your application in the [Yoti Hub](https://hub.yoti.com)
|
293
|
-
1. Set the application domain of your app to `localhost:4567`
|
294
|
-
1. Set the scenario callback URL to `/profile`
|
295
|
-
1. Rename the [.env.example](examples/sinatra/.env.example) file to `.env`
|
296
|
-
1. Fill in the environment variables in this file with the ones specific to your application (mentioned in the [Configuration](#configuration) section)
|
297
|
-
1. Install the dependencies by running the following commands
|
298
|
-
```ruby
|
299
|
-
$ bundle install
|
300
|
-
$ gem install foreman # We are doing this as it's not recommended to include foreman in your Gemfile
|
301
|
-
```
|
302
|
-
1. Start the server `foreman start`
|
303
|
-
|
304
|
-
Visiting `https://localhost:4567/` should show a Yoti Connect button
|
305
|
-
|
306
|
-
### AML Check
|
307
|
-
|
308
|
-
* rename the [.env.example](examples/aml_check/.env.example) file to `.env` and fill in the required configuration values
|
309
|
-
* install the dependencies with `bundle install`
|
310
|
-
* run the script with `ruby ./app.rb`
|
311
|
-
|
312
|
-
## API Coverage
|
313
|
-
|
314
|
-
* Activity Details
|
315
|
-
* [X] Remember Me ID `remember_me_id`
|
316
|
-
* [X] Parent Remember Me ID `parent_remember_me_id`
|
317
|
-
* [X] Receipt ID `receipt_id`
|
318
|
-
* [X] Timestamp `timestamp`
|
319
|
-
* [X] Base64 Selfie URI `base64_selfie_uri`
|
320
|
-
* [X] Age verified `age_verified`
|
321
|
-
* [X] Profile `profile`
|
322
|
-
* [X] Selfie `selfie`
|
323
|
-
* [X] Full Name `full_name`
|
324
|
-
* [X] Given Names `given_names`
|
325
|
-
* [X] Family Name `family_name`
|
326
|
-
* [X] Mobile Number `phone_number`
|
327
|
-
* [X] Email Address `email_address`
|
328
|
-
* [X] Age / Date of Birth `date_of_birth`
|
329
|
-
* [X] Address `postal_address`
|
330
|
-
* [X] Structured Postal Address `structured_postal_address`
|
331
|
-
* [X] Gender `gender`
|
332
|
-
* [X] Nationality `nationality`
|
333
|
-
* [X] Application Profile `application_profile`
|
334
|
-
* [X] Name `name`
|
335
|
-
* [X] URL `url`
|
336
|
-
* [X] Logo `logo`
|
337
|
-
* [X] Receipt Background Color `receipt_bgcolor`
|
129
|
+
The Yoti SDK can be used for the following products, follow the links for more information about each:
|
130
|
+
1) [Yoti app integration](/docs/PROFILE.md) - Connect with already-verified customers.
|
131
|
+
1) [Yoti Doc Scan](/docs/DOCSCAN.md) - Identity verification embedded in your website or app.
|
132
|
+
1) [Yoti AML](/docs/AML.md) - Anti-Money Laundering check service to allow a deeper KYC process, preventing fraud
|
338
133
|
|
339
134
|
## Support
|
340
135
|
|
data/Rakefile
CHANGED
@@ -6,7 +6,7 @@ require 'yaml'
|
|
6
6
|
# Tests #
|
7
7
|
################################
|
8
8
|
|
9
|
-
RSpec::Core::RakeTask.new(:
|
9
|
+
RSpec::Core::RakeTask.new(:test_yoti) do |t|
|
10
10
|
t.pattern = ['spec/yoti']
|
11
11
|
end
|
12
12
|
|
@@ -14,6 +14,8 @@ RSpec::Core::RakeTask.new(:test_generators) do |t|
|
|
14
14
|
t.pattern = ['spec/generators']
|
15
15
|
end
|
16
16
|
|
17
|
+
RSpec::Core::RakeTask.new(:spec)
|
18
|
+
|
17
19
|
################################
|
18
20
|
# Rubocop #
|
19
21
|
################################
|
@@ -29,6 +31,7 @@ end
|
|
29
31
|
|
30
32
|
require 'yard'
|
31
33
|
YARD::Rake::YardocTask.new do |t|
|
34
|
+
t.options = ['--output-dir', './yardoc']
|
32
35
|
t.stats_options = ['--list-undoc']
|
33
36
|
end
|
34
37
|
|
@@ -43,4 +46,5 @@ end
|
|
43
46
|
# Defaults #
|
44
47
|
################################
|
45
48
|
|
46
|
-
task default: %i[spec
|
49
|
+
task default: %i[spec rubocop]
|
50
|
+
task test: %i[test_yoti test_generators rubocop]
|
data/lib/yoti/http/request.rb
CHANGED
data/lib/yoti/version.rb
CHANGED
data/yoti.gemspec
CHANGED
@@ -5,8 +5,8 @@ require 'yoti/version'
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = 'yoti'
|
7
7
|
spec.version = Yoti::VERSION
|
8
|
-
spec.authors = ['
|
9
|
-
spec.email = ['
|
8
|
+
spec.authors = ['Yoti']
|
9
|
+
spec.email = ['websdk@yoti.com']
|
10
10
|
|
11
11
|
spec.summary = 'Yoti Ruby SDK for back-end integration.'
|
12
12
|
spec.description = <<-DESC
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.homepage = 'https://github.com/getyoti/yoti-ruby-sdk'
|
19
19
|
spec.license = 'MIT'
|
20
20
|
|
21
|
-
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|examples)/|^sonar-project.properties$|^.dependabot/config.yml$|^.travis.yml$}) }
|
21
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|examples|docs)/|^sonar-project.properties$|^.dependabot/config.yml$|^.travis.yml$}) }
|
22
22
|
spec.require_paths = ['lib']
|
23
23
|
|
24
24
|
spec.required_ruby_version = '>= 2.4'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yoti
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
7
|
+
- Yoti
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-06-
|
11
|
+
date: 2020-06-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-protobuf
|
@@ -155,7 +155,7 @@ description: |2
|
|
155
155
|
with Yoti, so that your users can share their identity details with your
|
156
156
|
application in a secure and trusted way.
|
157
157
|
email:
|
158
|
-
-
|
158
|
+
- websdk@yoti.com
|
159
159
|
executables: []
|
160
160
|
extensions: []
|
161
161
|
extra_rdoc_files: []
|
@@ -266,7 +266,6 @@ files:
|
|
266
266
|
- lib/yoti/util/log.rb
|
267
267
|
- lib/yoti/util/validation.rb
|
268
268
|
- lib/yoti/version.rb
|
269
|
-
- login_flow.png
|
270
269
|
- rubocop.yml
|
271
270
|
- yardstick.yml
|
272
271
|
- yoti.gemspec
|
data/login_flow.png
DELETED
Binary file
|