UC-SEC-301: Zero-Trust Authentication (OAuth2/OIDC)
1. Metadata
| Property | Value |
|---|---|
| ID | UC-SEC-301 |
| Actor | All User Roles |
| Trigger | App launch or session expiry |
| Pre-conditions | User registered in Identity Provider (IdP); Device has active internet |
| Post-conditions | JWT Access & Refresh tokens stored in secure enclave; User profile cached |
| Side Effects | Log successful login with IP and Device Fingerprint |
2. Description
Implements a robust, industry-standard authentication flow using OAuth2.0 and OpenID Connect to ensure secure and verifiable access to health data.
3. Success Scenario
- Request: User clicks "Login" on the mobile or web interface.
- Redirect: System redirects the user to the central Identity Provider (e.g., Auth0 or self-hosted Keycloak).
- Challenge: User provides credentials (email/password) or OTP.
- Token Generation: IdP validates credentials and issues a signed JSON Web Token (JWT).
- Exchange: Client app receives the Authorization Code and exchanges it for an Access Token and Identity Token.
- Validation: App validates the JWT signature and 'Audience' field against the Public Key.
- Session Start: App stores the Access Token in the Encrypted Shared Preferences (Android) or Keychain (iOS).
4. Acceptance Criteria
- [ ] Encryption: Tokens must never be stored in plain text or browser LocalStorage.
- [ ] Auto-Revoke: Compromised sessions must be revokable from the Admin Console in < 5 seconds.
- [ ] MFA: System must support Multi-Factor Authentication for Admin and Coordinator roles.
- [ ] Protocol: TLS 1.3 is enforced for all authentication traffic.
5. Security Logic (Auth Flow)
sequenceDiagram
participant U as User
participant A as Client App
participant I as IdP (Auth0/Keycloak)
participant K as Secure Enclave
U->>A: Login Request
A->>I: Redirect to OAuth2 Flow
I->>U: Challenge (Creds/OTP)
U->>I: Provide Credentials
I->>A: Issue Auth Code
A->>I: Exchange for JWT
A->>A: Validate Signature
A->>K: Store Token (Encrypted)