Remove User Attribute Process
Content
- Overview
- About AuthN IDs
- AuthN IDs are User Entity Attributes
- Process Flow
- App Settings
- Remove Attribute (Email/Mobile) User Journey
- API Walkthroughs
- Error Codes
- Revision History
Overview
This process defines how the user removes an existing attribute (e.g., email, mobile, alias) from their User ID.
About AuthN IDs
Here are a few basic things to remember about how authentication identifiers (authN IDs) work in ULM:
- AuthN IDs are commonly referred to as usernames. AuthN IDs include emails and mobile numbers.
- When a user registers an authN ID to their User ID, it is stored on the ULM User entity in ULM Cloud.
- Every ULM User ID requires at least one verified authN ID for the User ID to be activated.
- ULM supports the ability for a user to register, verify, and use multiple authN IDs for their User ID.
- ULM also supports the ability for users to add non-verifiable aliases to their User ID as authN IDs.
- AuthN IDs are stored on the ULM User entity as attributes. Specifically, each authN ID type is grouped under the attributes array. See the next section for a visual aid.
AuthN IDs are User Entity Attributes
ULM CLoud is built on top of a user-centric and entitlement-specific data model comprised of ULM data entities. Each entity type is defined by a set of default and extensible attributes. Some attributes are simple name/value pairs, and others are more complex arrays (i.e., an array objects that make up a single attribute value).
A user's authN IDs are stored as attributes on the ULM User entity, under the attributes array.
The Remove User Attribute Process removes a single email, mobile number, or alias from the User entity.
Process Flow
This table describes the Process functionality at a high level.
| Remove User Attribute | ||
|---|---|---|
| Actors | Frontend user, Client Application, ULM Cloud. | |
| Pre-Conditions | The user is currently authenticated in ULM. | |
| Basic Flow | 1 | The user selects to delete an email address, mobile number, or alias. |
| Notes: - The client application can retrieve a list of all the user's currently registered authN IDs with the GET /user API, and then display those authN IDs to the user on the relevant UI screen. - The client application then needs to supply the selected authN ID in the format specified by the Process. |
||
| 2 | ULM checks the status of the authN ID | |
| Notes: - The process can remove the selected attribute without issue if: - The authN ID has an activating or pending status (i.e., it is unverified). - The attribute is an activated authN ID, but the User entity has at least one other activated authN ID. - The attribute is the only activated authN ID, but the user has at least one associated social account. - The attribute is not the user's current preferred notification channel. - The process halts if the selected attribute does not meet the above criteria. |
||
| 3 | (Conditional) If the selected authN ID is the user's current preferred notification channel, then ULM prompts the user to first set a new preferred channel. The process then ends, and the user will need to retry. | |
| 4 | ULM then removes the attribute from the User ID. | |
| Notes: - If the notifyUser app setting is enabled, ULM sends a confirmation to the preferred notification channel. |
||
| Post-Conditions | The selected attribute is removed. | |
| If the attribute was an authN ID, the user can not longer use that value to sign into ULM. | ||
| Error Messages | The selected attribute is not valid for removal. | |
| The attribute value does not exist or was not found. | ||
| The selected attribute is the preferred notification channel. First set a new notification channel, and then try again. | ||
| The selected attribute is the user's only verified authN ID. | ||
| Multiple results found with the provided attribute value. | ||
App Settings
This Process currently has no relevant app settings to configure the Process behaviour.
Remove Attribute (Email/Mobile) User Journey
This flow diagram illustrates a standard Remove Email user journey using the Remove Attribute Process.
API Walkthroughs
This section provides guided walkthroughs of the Add/Update Email, Mobile, or Alias Process process, including demonstrations of the various branching paths the Process can take during its execution.
Remove Email Address/Mobile Number Scenario
A user removes an e-mail address that was previously added as an authN ID to their User ID.
Initial Request
The Process Start API initializes the Process:
| POST /process/start/userManagement.RemoveUserAttribute.v1.0 |
|---|
<no body>
|
Response: Prompt to Specify the Attribute (AuthN ID)
The API responds with a request to select which attribute to remove:
| Response Body |
|---|
{
"processId": "9d8a22f5-dee8-4661-95a0-51ac272d819e",
"processName": "userManagement.RemoveUserAttribute.v1.0",
"displayMessage": "Please provide the user attribute to be removed.",
"parameters": {
"attributeValue": "String",
"attributeProperty": "String",
"attributeName": "String"
},
"stepName": "RemoveUserAttributePrompt",
"lastStep": false
}
|
Response Parameters
| Parameters | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| processName | Full name of the Process, including the category and version number. | |
| stepName | The internal name of the step that the Process is currently on / just executed. | |
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | |
| parameters | Object that specifies the info this Process requires to continue its task. | |
| attributeName | The name of the overarching attribute from which to remove a value. Will be emails, mobiles, or aliases. | |
| attributeProperty | The name of the property. Used in conjunction with the attributeValue to specify the attribute to remove. | |
| attributeValue | The value of the attribute (i.e., the actual authN ID value). Used in conjunction with attributeProperty to specify the attribute to remove. | |
Note: A list of the available attributes on the user can be obtained by querying the GET /user REST API. The following sample excerpt from the API displays the attribute in question:
| Sample Excerpt |
|---|
attributes": [
{
"name": "emails",
"value": [
"status": "activated",
"id": 2,
"email": "ryan@example.com"
]
}
]
|
Final Request: User Specifies the AuthN ID
In order to determine the correct e-mail address to remove, the attribute name ("emails") must be provided, as well as qualifiers to derive the specific e-mail address, as the user may have multiple e-mail addresses registered to their ULM ID. In this example, we are searching for the attribute value "ryan@example.com" in the attribute's property "email". The client passes that info to the Process with the Process Step API:
| PUT /process/step |
|---|
{
"processId": "9d8a22f5-dee8-4661-95a0-51ac272d819e",
"parameters": {
"attributeValue": "ryan@example.com",
"attributeProperty": "email",
"attributeName": "emails"
}
}
|
Request Parameters
| Parameters | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| parameters | Object that specifies the info this Process requires to continue its task. | |
| attributeName | The name of the overarching attribute from which to remove a value. Will be emails, mobiles, or aliases. | |
| attributeProperty | The name of the property. Used in conjunction with the attributeValue to specify the attribute to remove. | |
| attributeValue | The value of the attribute (i.e., the actual authN ID value). Used in conjunction with attributeProperty to specify the attribute to remove. | |
Response: Success
If the target authN ID is valid, the Process completes its task and returns a 200 HTTP status code:
| Response Body |
|---|
{
"processId": "9d8a22f5-dee8-4661-95a0-51ac272d819e",
"processName": "userManagement.RemoveUserAttribute.v1.0",
"lastStep": true
}
|
The user can no longer use this authN ID for authentication purposes. It is removed entirely from the ULM Cloud data store.
Response Parameters
| Parameters | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| processName | Full name of the Process, including the category and version number. | |
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | |
Error Scenario: Cannot Remove Selected AuthN ID
Email addresses and phone numbers cannot be removed in cases where their removal would result in the user not having any remaining verified authN IDs. In these scenarios, the user must add and verify a second authentication identifier. Even if the user onboarded with their social account, that Process still involves the creation and verification of an authN ID attribute on the ULM User entity (i.e., either the user confirms the email/mobile returned by the social provider, or they change the email/mobile value and then verify it before they can complete their onboarding).
If the user does attempt to remove their only verified authN ID, the process returns the below error:
| Response Body |
|---|
{
"processId": "9d8a22f5-dee8-4661-95a0-51ac272d819e",
"stepName": "RemoveUserAttributePrompt",
"lastStep": false,
"processName": "userManagement.RemoveUserAttribute.v1.0",
"operationError": [
{
"code": "last-auth-identifier",
"type": "com.uxpsystems.mint.framework.ulm.process.service.ServiceStep.GeneralFailure",
"message": "The only authentication identifier cannot be removed",
"authorities": [
{
"authority": "ROLE_USER"
}
]
}
]
}
|
Error Scenario: Specified AuthN ID Does Not Exist
If the user/client UI attempts to specify an attribute that does not exist on the User entity, the process returns the below error:
| Response Body |
|---|
{
"processId": "9d8a22f5-dee8-4661-95a0-51ac272d819e",
"stepName": "RemoveUserAttributePrompt",
"lastStep": false,
"processName": "userManagement.RemoveUserAttribute.v1.0",
"operationError": [
{
"code": "invalid-attribute-value",
"type": "com.uxpsystems.mint.framework.ulm.process.service.ServiceStep.GeneralFailure",
"message": "Provided attribute value not found",
"authorities": [
{
"authority": "ROLE_USER"
}
]
}
]
}
|
Error Scenario: Cannot Remove User's Primacy Contact Channel
The user cannot remove an authN ID if it is currently their primary contact channel (for notifications). If the user attempts this, the Process responds with the following error:
| Response Body |
|---|
{
"processId": "9d8a22f5-dee8-4661-95a0-51ac272d819e",
"lastStep": false,
"processName": "userManagement.RemoveUserAttribute.v1.0",
"operationError": [
{
"code": "attribute-attached-notification-channel",
"type": "com.uxpsystems.mint.framework.ulm.process.service.ServiceStep.GeneralFailure",
"message": "Provided attribute is used as preferred notification channel",
"authorities": [
{
"authority": "ROLE_USER"
}
]
}
],
"stepName": "RemoveUserAttributePrompt"
}
|
| Parameters | Description | |
|---|---|---|
| processId | The unique identifier for this instance of the Process. | |
| processName | Full name of the Process, including the category and version number. | |
| stepName | The internal name of the step that the Process is currently on / just executed. | |
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | |
| operationError | Array of possible error objects. Each object describes a separate error condition. | |
| code | An error object's internal code name. | |
| type | Internal reference of the operation error type. | |
| message | Optional message that describes the error in a human readable format. | |
| authorities | The list of authority roles currently granted to the user. Can be used to help supply context to authorization errors (i.e. a process requires a user to be authenticated to ULM Cloud, however they are an "anonymous", or unauthenticated user). | |
| lastFailedStepAction | Object that repeats the previous Process step's details and required input. This allows the client to essentially retry the failed request. | |
The user must set a new primary contact channel before executing this Process.
Error Codes
Below is a comprehensive list of potential error codes that may be returned during the execution of this Process.
Common Error Codes
Process-Specific Error Codes
| HTTP Status | Format | ULM Error Code | Field | Description |
|---|---|---|---|---|
| 400 | validation error | NotEmpty | attributeName | When the provided attribute name is not a valid or empty. |
| 400 | validation error | ValidAttribute | attributeProperty | When the provided attribute property is not a valid. |
| 400 | validation error | ValidAttribute | attributeValue | When the provided path is a collection and no value was provided. |
| 400 | validation error | ValidAttribute | attributeName | When the attribute is not removable. |
| 400 | operation error | invalid-attribute-value | n/a | When the provided attribute value is not found. |
| 400 | operation error | attribute-attached-notification-channel | n/a | When the attribute to be removed is used as preferred notification channel. |
| 400 | operation error | last-auth-identifier | n/a | When this is the last authentication identifier (social included). |
| 400 | operation error | non-unique-attribute-value | n/a | When the provided attribute value is not unique. |
| 400 | operation error | non-verified-auth-identifier | n/a | When all authentication identifier are not verified. |
Revision History
| Version | Description |
|---|---|
| 2020.09 | Added this topic. |