LG-14813 default users requiring facial match to LN#11531
Conversation
changelog: Upcoming Features, IdV Socure, default users requiring facial match to LN
| # @returns[String] String identifying the vendor to use for doc auth. | ||
| def doc_auth_vendor | ||
| bucket = ab_test_bucket(:DOC_AUTH_VENDOR) | ||
| if resolved_authn_context_result.facial_match? && default_vendor_is_not_mock? |
There was a problem hiding this comment.
could we have mock, lexisnexis and socure enabled at the same time. what if a facial match is required and the default vendor is :mock? would a user be routed to a vendor that does not support facial match? 🤔
There was a problem hiding this comment.
yeah, say default is socure and facial match is requested. Maybe:
bucket = ab_test_bucket(:DOC_AUTH_VENDOR
if resolved_authn_context_result.facial_match? && bucket != :mock
bucket = :lexis_nexus
end
There was a problem hiding this comment.
furthering Doug's point ... this appears to assume that mock or lexis nexis is enabled as a doc auth vendor. It seems that we'd need to know whether a vendor is enabled before routing to that vendor. what happens if only socure is enabled, would we have a doc auth vendor when a facial match is req'd 🤔
There was a problem hiding this comment.
yeah, say default is socure and facial match is requested. Maybe:
bucket = ab_test_bucket(:DOC_AUTH_VENDOR if resolved_authn_context_result.facial_match? && bucket != :mock bucket = :lexis_nexus end
We want to bypass A/B test bucketing if facial match is required.
There was a problem hiding this comment.
furthering Doug's point ... this appears to assume that mock or lexis nexis is enabled as a doc auth vendor. It seems that we'd need to know whether a vendor is enabled before routing to that vendor. what happens if only socure is enabled, would we have a doc auth vendor when a facial match is req'd 🤔
If LN is not enabled should we just redirect them to an error page?
There was a problem hiding this comment.
furthering Doug's point ... this appears to assume that mock or lexis nexis is enabled as a doc auth vendor. It seems that we'd need to know whether a vendor is enabled before routing to that vendor. what happens if only socure is enabled, would we have a doc auth vendor when a facial match is req'd 🤔
If LN is not enabled should we just redirect them to an error page?
i tested the current behavior when a vendor is not defined, then the doc_auth_vendor defaults to (default_doc_auth_vendor which is nil). In the unlikely event there is a configuration error, if a user requires a facial match and only socure is configured, should we route the user to socure or standard document capture with a nil vendor (resulting in the screenshot below) @tahineemay?
There was a problem hiding this comment.
In this unlikely case, that a user requires facial match and only Socure is configured, we have to throw and error to help surface the misconfiguration. We cannot have the user go through a non-IAL2 IDV, if that is their requirement.
There was a problem hiding this comment.
as per @tahineemay response we should return the doc_auth_vendor should be nil which is inline with the current behavior when there is no vendor 👍🏿
There was a problem hiding this comment.
btw, when doc_auth_vendor is nil, this ticketed bug is throwing a 500. for your testing it maybe helpful to comment out the redirect_to_correct_vendor when testing doc_auth_vendor is nil 👍🏿
| let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } | ||
| context 'when doc_auth_vendor is Lexis Nexis' do | ||
| let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } |
amirbey
left a comment
amirbey
left a comment
There was a problem hiding this comment.
what if mock is default vendor and facial match is req'd? do we have testing for this?
| {} | ||
| end | ||
| let(:idv_vendor) { Idp::Constants::Vendors::MOCK } | ||
| let(:vot) { 'P1' } |
There was a problem hiding this comment.
Vectors of Trust is deprecated and slated to be removed. 😢
|
|
||
| def lexis_nexis_not_enabled? | ||
| (IdentityConfig.store.doc_auth_vendor_default == Idp::Constants::Vendors::SOCURE || | ||
| IdentityConfig.store.doc_auth_vendor_default.nil?) && | ||
| IdentityConfig.store.doc_auth_vendor_lexis_nexis_percent == 0 | ||
| end |
There was a problem hiding this comment.
| def lexis_nexis_not_enabled? | |
| (IdentityConfig.store.doc_auth_vendor_default == Idp::Constants::Vendors::SOCURE || | |
| IdentityConfig.store.doc_auth_vendor_default.nil?) && | |
| IdentityConfig.store.doc_auth_vendor_lexis_nexis_percent == 0 | |
| end |
Co-authored-by: Amir Reavis-Bey <amir.reavis-bey@gsa.gov>
Co-authored-by: Amir Reavis-Bey <amir.reavis-bey@gsa.gov>
| def default_vendor_is_not_mock? | ||
| IdentityConfig.store.doc_auth_vendor_default != Idp::Constants::Vendors::MOCK | ||
| end |
There was a problem hiding this comment.
| def default_vendor_is_not_mock? | |
| IdentityConfig.store.doc_auth_vendor_default != Idp::Constants::Vendors::MOCK | |
| end |
doesn't seem we're still using this 🤔
5 participants
🎫 Ticket
Link to the relevant ticket:
LG-14813
🛠 Summary of changes
If a user is going through IdV with a Service Provider requiring facial match, we want to default them to Lexis Nexis and not have them go through Socure.
📜 Testing Plan
Provide a checklist of steps to confirm the changes.
doc_auth_vendor_default: 'socure'in application.yml