Search code examples
tapkey

Creating users, and grants

I'm creating users and issuing grants to them. I have a limitation with token exchange since these users belong to a different ownerAccount.

I'm doing something similar to what is described here https://developers.tapkey.io/mobile/embedded/getting_started/#creating-a-user but on a server and not mobile. My challenge is that the ownerAccount to which the user should be created (the one which has the lock for which I want to make grants is different from my account(which has the identity provider) so I get an error, is it possible to create users using authorization code as a mode of authentication?

try {
  const user = await axios.put(
    `${this.baseUrl}/owners/${this.ownerAccountId}/identityproviders/${this.provider}/users`,
    {
      'ipUserId': details.userId
    },
    {
      headers: {
        'Authorization': `Bearer ${token}`
      }
    }
  )
  // create a new contact for the user created above
  const contact = await this.createContactForUser(token, user.data.ipUserId)
  // create grant for contact created above
  await this.createGrantForContact(token, contact.id, details.lockId)
  return user.data.ipUserId
Solution

  • As far as I understood from previous questions, you are using authorization code flow and not token exchange. In that case no identity provider is involved as you are using Tapkey credentials directly.

    If you have retrieved an access token from authorization code flow, then you use this one to create contacts and grants with default (= tapkey) identity provider.

    Contact or smartphone user works as a connector between owner account and an actual user, identified by an email. Grants are then created for the contact and not the user directly.

    For instance, if you create a contact for alvin@somedomain.com and assign the grant to him, it doesn't matter if the user with such an email already exists. He will receive an email about grants being assigned to him and it's up to the user to register the Tapkey account or not.

    So in your case, you should create a contact with required identifier (email address) https://developers.tapkey.io/openapi/tapkey_management_api_v1/#/Contacts/Contacts_Put

    and then create grants for this contact https://developers.tapkey.io/openapi/tapkey_management_api_v1/#/Grants/Grants_Put