Skip to content
osvauld

Adding a User to a Group

Sequence Diagram

Sequence diagram for adding a user to a group

User Request

  1. The user sends a request to the server to add a user to a group.

Server Processing

  1. The server fetches all the credential fields accessible by the group.
  2. The server returns the credential fields to the user.

Background Service Processing

  1. The user sends the credential fields and the user to be added to the group to the background service.
  2. The background service sends the credential fields to the WASM service for decryption.
  3. The WASM service decrypts the credential fields.
  4. The WASM service returns the decrypted credential fields to the background service.
[
    {
        "credentialId": "credential_id",
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "decrypted_field_value"
            }
    ]
    }
]
  1. The background service sends the decrypted credential fields to the WASM service for encryption with the user’s public key.
  2. The WASM service encrypts the credential fields with the user’s public key.
  3. The WASM service returns the encrypted credential fields to the background service.
  4. The background service returns the encrypted credential fields to the user.
[{
    "userId": "user_id",
    "credentials":[
    {
        "credentialId": "credential_id",
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "encrypted_field_value"
            }
        ]
    }
]
}]
  1. The client then sends the whole payload to hash and then sign
  2. The client sends the payload to the server with signature in the header.

Server Processing

  1. The user sends the payload (encrypted credential fields, user ID, and group ID) to the server.
{
    "groupId": "group_id",
    "memberId": "user_id",
    "memberRole": "role",
    "credentials": [
        {
            "credentialId": "credential_id",
            "fields": [
                {
                    "fieldId": "field_id",
                    "fieldValue": "encrypted_field_value"
                }
            ]
        }
    ]
}
  1. The server processes the request after verifying the signature.
  2. For each credential:
    • The server infers the access type from the group.
    • The server adds entries to the credential_access table.
    • The server adds entries to the fields table.
  3. The server returns the response (success/failure) to the user.

Note: When a user is added to a group, they gain access to all the credentials that are accessible by the group. The server infers the access type for each credential based on the group’s access and adds the necessary entries to the credential_access and fields tables.