Closed bedilbek closed 4 years ago
The 2 functions actually serve distinct purposes:
getHandshakePin
is used to generate a user-specific pin so that users can verify any caller or sms sent to them, asking them to upload data. This protects users from spam calls/messages.getUploadToken
is used to generate a global upload code that any user can use to prove that the user has the right to upload data. This protects the server from spam uploads.@qtangs Thank you, now I understand the process fully
As I understood from the flow of the system, the
pin
that is generated fromgetHandshakePin
function is also used ingetUploadToken
to validate whether user has a right to upload his history data.I am curious about this flow. If it's the case that the same pin taken from then
getHandshakePin
process used as a token viagetUploadToken
, is't it a bad approach to save that pin in local storage of the device. And why backend should send that pin to the user atgetHandshakePin
process?Or if we look from different prespective, let's say we do not use the same
pin
generated fromgetHandshakePin
to store it as an UploadToken usingstoreUploadCodes
function, so that we will use different tokens generated by Health Authorities instead of those pins. Then, why we need that pin fromgetHandshakePin
?I understand that maybe I am not understanding the flow fully, so I ask for an advice to shed the light in this situation.
Thanks!