4.3. User - Manage user secrets [canceled]
| Id | 4.3. |
| Description | As a Generic User I want to be able to manage my secrets linked to the chosen authentication mechanism and to revoke consents given to external applications, So that I can grant and revoke access given to external applications to my account |
| Priority | High |
| Actors | User |
| API Calls | N/A |
| Linked Processes | |
| Status | Canceled - Each application will receive a dedicated user with the appropriate role and a dedicated access token |
Preconditions
- The User must be authenticated.
Postconditions
- The System returns a list of external application to which the user has granted access.
- The system updates the external application secrets / information as requested by the user.
- If the user choses to revoke the external application’s permissions, the system deletes that external application’s credentials and the application can no longer access the system on behalf of the user.
Main flow
- The User retrieves the list of external applications to which he has granted access (GET).
- The user performs the updates needed to the external applications grants (e.g. update secrets, change name, …) (PUT)
- If needed the user can revoke the access granted to an external application (DELETE)
- The system applies the instructions given by the user.
Exceptions
[400 Bad Request] Invalid input:
If mandatory fields are missing or invalid, the system returns an error message.
[500 Internal Server Error] System Error
If the system fails to save changes due to an internal error, it displays an appropriate message and logs the error for further investigation.
No comments to display
No comments to display