* not sending token

Author: levhitaIncode

README.md

@@ -20,58 +20,42 @@ sequenceDiagram
     participant Frontend
     participant Backend
     participant IncodeAPI
-    participant IndexedDB
 
-    Note over Frontend: Enter hint:<br> identityId
+    Note over Frontend: Enter hint:<br>identityId
     Note over Frontend: WebSDK: create()
     Frontend->>Backend: Start Session in Backend<br>{identityId}
     Backend->>IncodeAPI: Create new session<br>{configurationId, apikey}
     Note over IncodeAPI: /omni/start
-    IncodeAPI-->>Backend: Returns Session<br>{token, interviewId}
-    Backend->>IndexedDB: Store session<br>{key: interviewId, backToken: token, status: pending, identityId)
-    Backend-->>Frontend: Return Session<br>{token, interviewId}
+    IncodeAPI-->>Backend: Returns Session<br>{token}
+    Backend-->>Frontend: Return Session<br>{token}
 
     Note over Frontend: WebSDK: renderAuthFace(token, hint)
     Note over Frontend: User completes face authentication
     Note over Frontend:Returns:<br>{candidate}
 
-    Frontend->>Backend: Validate Authentication<br>{interviewId, token, candidate}
-    Backend->>IndexedDB: Get Session Info:<br>{key:interviewId}
-    IndexedDB-->>Backend:  {backToken, status}
-    alt interviewId doesn't exist in DB
-      Backend->>Frontend: {"interviewId doesn't exists", valid:false}
-    end
-    alt status != pending
-      Backend->>Frontend: { "Session was already verified", valid:false}
-    end
-    alt candidate != session.identityId
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"Stored identityId doesn't match candidate", valid:false}
-    end
-    alt token != backToken
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"Stored token doesn't match token", valid:false}
-    end
-   
+    Frontend->>Backend: Get Results<br>{token, candidate}
+  
     Backend->>IncodeAPI: Mark session as completed
     Note over IncodeAPI: /0/omni/finish-status
     IncodeAPI-->>Backend: Return:<br>{redirectionUrl, action}//Unused
 
+    Backend->>IncodeAPI: Close Session
+    Note over IncodeAPI: /0/omni/set/status?action=Closed
+    IncodeAPI-->>Backend: Return:<br>{sessionStatus}//Unused
+
     Backend->>IncodeAPI: Get Authentication Score<br>{token:backToken}
     Note over IncodeAPI: /0/omni/get/score
-    IncodeAPI-->>Backend: {status, identityId}
+    IncodeAPI-->>Backend: {score, identityId}
     alt identityId != candidate
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"candidate doesn't matches score identityId", valid:false}
+      Backend->>Frontend: {"candidate doesn't matches score identityId", isVvalid:false}
     end
+    
     alt score.status != "OK"
-      Backend->>IndexedDB: Mark session as Rejected<br>{interviewId, status:rejected}
-      Backend->>Frontend: {"Score for this session is not OK", valid:false}
+      Backend->>Frontend: {"Score for this session is not OK", isValid:false}
     end
 
     Note over Backend: Success
-    Backend->>IndexedDB: Mark session as approved<br>{interviewId, status:approved}
-    Backend-->>Frontend: Return validation result<br>{"Succesful validation", valid:true, identityId}
+    Backend-->>Frontend: Return validation result<br>{"Succesful validation", isValid:true, identityId}
     Note over Frontend: Show validation results
 ```
 

example_backend.js

@@ -31,47 +31,30 @@ const start = async function (identityId) {
 
   // The session response has many values, but you should only pass the token to the frontend.
   const responseData = await response.json();
-  const { token, interviewId } = responseData;
+  const { token } = responseData;
 
-  // Store session in local DB, session will be created as used: false.
-  await addSession(interviewId, token, identityId);
-
-  return { token, interviewId };
+  return { token };
 };
 
 // Public: Verify the authentication by checking the score and session data
-const getResults = async function (interviewId, token, candidate) {
-
-  // Prevents usage of candidate that doesn't match the identityId stored in session.
-  if (session.identityId !== candidate) {
-    // Mark the session as rejected.
-    await updateSession(interviewId, "rejected");
-    return {
-      // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "identityId and candidate mismatch for interviewId " + interviewId,
-      isValid: false,
-    };
-  }
+const getResults = async function (token, candidate) {
 
   // Finishing the session triggers score calculation and business rules.
   await finishStatus(token); // Mark session as finished in Incode backend
+  
   // Closing the session stop it from being changed, all /add/ endpoints will be rejected after this, and the score will be frozen.
   await setStatusClosed(token); // Mark session as closed in Incode backend
 
-  
   let identityId, scoreStatus;
   try {
-    // At this point we already verified that the token matches, but
-    // to be clear about our intentions, we use the token stored in the
-    // database to get the identityId and compare it with the candidate.
     const scoreResponse = await getScore(token);
     identityId = scoreResponse.authentication.identityId;
     scoreStatus = scoreResponse.overall.status;
   } catch (e) {
     // If there is an error communicating with API, we consider validation failed.
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "Error validating authentication for interviewId " + interviewId + ": " + e.message,
+      message: "Error validating authentication: " + e.message,
       isValid: false,
     };
   }
@@ -81,7 +64,7 @@ const getResults = async function (interviewId, token, candidate) {
   if (identityId !== candidate) {
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "Session data doesn't match for interviewId " + interviewId,
+      message: "candidate " + candidate + " does not match identityId " + identityId + " from score",
       isValid: false,
     };
   }
@@ -90,15 +73,15 @@ const getResults = async function (interviewId, token, candidate) {
   if (scoreStatus !== "OK") {
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "Face Validation failed for interviewId " + interviewId,
+      message: "Face Validation failed for candidate " + candidate,
       isValid: false,
     };
   }
 
   // Only valid if all checks passed, we return the identityId that was validated.
   return {
     // Detailed debug message, in production you might want to avoid exposing internal details.
-    message: "Face Validation succeeded for interviewId " + interviewId,
+    message: "Face Validation succeeded for candidate " + candidate,
     isValid: true,
     identityId: identityId,
   };
@@ -140,9 +123,17 @@ const setStatusClosed = async function (token) {
   } catch (e) {
     throw new Error("HTTP Post Error: " + e.message);
   }
-  const results = await response.json();
-  console.log({results});
-  return results;
+  const {sessionStatus} = await response.json();
+  /* Example response
+    {
+      "_id": "69c5c01ac40764536244ac3b",
+      "_createdAt": 1774567450715,
+      "_updatedAt": 1774567469629,
+      "closedAt": 1774567469629,
+      "sessionStatus": "Closed"
+    }
+  */
+  return {sessionStatus};
 };
 
 // Private: Call Incode's `omni/get/score` API to retrieve the score for the session

index.html

@@ -6,13 +6,13 @@
   <script src="%VITE_SDK_URL%"></script>
   <script type="module" src="/main.js"></script>
   <link href="/style.css" rel="stylesheet" />
-  <title>Vite WebSDK Example</title>
+  <title>Incode Authentication Example</title>
 </head>
 <body>
   <main id="app">
     <div id="user-hint-container">
       <label for="user-hint-input">User Hint (identityId):</label>
-      <input type="text" id="user-hint-input" placeholder="Enter identityId" />
+      <input type="text" id="user-hint-input" placeholder="Enter identityId" value="69c5bf1b95cfc94c5fa1f038"/>
       <button id="continue-btn">Continue</button>
     </div>
     <div id="camera-container"></div>

main.js

@@ -70,17 +70,15 @@ async function getResults() {
   console.log("Getting results of the authentication");
   try {
     const results = await exampleBackend.getResults(
-      incodeSession.interviewId,
       incodeSession.token,
-      candidate,
+      candidate
     );
     console.log("Result:", results);
 
     const container = document.getElementById("finish-container");
     container.innerHTML += `
       <hr>
       <h2>Authentication Verification</h2>
-      <p><strong>Interview ID:</strong> ${incodeSession.interviewId}</p>
       <p><strong>Candidate:</strong> ${candidate}</p>
       <p><strong>Identity ID:</strong> ${results.identityId || "N/A"}</p>
       <p><strong>Message:</strong> ${results.message}</p>