Person pre creation process

Person pre creation process feature allows you to:

  • block person creation
  • update person's attributes during creation process
  • delete person's attributes during creation process

In order to be able to use this feature Extension needs to implement the PersonCreationPreProcessExtension. Person pre creation process is enabled by default and to disable it set environmental variable IDP_EXTENSION_PERSON_CREATION_PRE_PROCESS_ENABLED to false on the extension.

Pre processing extension point will receive following data:

  • expected_profile - profile of a person that is about to be created.
  • external_idp_attributes - all attributes coming from external identity provider that is used to create person.
  • identities - list of identities that will be created during person creation. This list in most cases will contain one element, but can also be empty in case external person id is unknown.

Pre processing extension point returns object with following fields:

  • person_creation_interrupted
  • prevent_person_creation_reason_code
  • update_profile_attributes
  • delete_profile_attributes

Extension point usage

Person pre creation processing is executed when person is created:

  • via Person API
  • when inviting person
  • during person migration
  • during automatic sign-up

Blocking person creation

Person creation will be blocked in case person_creation_interrupted is true. Additionally if prevent_person_creation_reason_code is set person will receive custom error message (in API flow) or will be redirected back to login page where custom error will be displayed. Such custom message should have key defined in following format:

personal.person.pre.creation.error.custom.CODE where CODE is the value that is coming from extension when person creation is being blocked.

Those error messages can be specified in multiple languages. If user is created with preferred locale and error message with given code exists for that locale it will be used for that user in both API and web flows. Otherwise default locale will be chosen.

Updating person attributes

Person pre creation process allows you to modify or add person attributes before person is created. In order to update attributes provide new or updated values in update_profile_attributes. The only attribute that change will be ignored is the reference_id.

Providing following attributes

  • name
  • gender
  • date_of_birth
  • preferred_locale
  • migration_code
  • addresses

in update_profile_attributes will result in replacing old attribute properties with new ones.

Changing following attributes

  • custom_attributes
  • phone_numbers
  • email_addresses

will result in a merge with original values. Attributes with the same value identifier as in expected_profile, i.e.

  • name for custom attribute
  • value for email and phone number

will be updated, values with identifiers that were added to update_profile_attributes will also be added to person profile during person creation and identifiers that were provided in expected_profile and are missing in update_profile_attributes will not be removed.

Example. Custom attributes sent to PersonCreationPreProcessExtension:

"custom_attributes": [
  {
    "name": "keyA",
    "value": "valueA"
  },
  {
    "name": "keyB",
    "value": "valueB"
  }
]

Custom attributes sent in the extension's response in update_profile_attributes:

"custom_attributes": [
  {
    "name": "keyA",
    "value": "newValueA"
  },
  {
    "name": "keyC",
    "value": "valueC"
  }
]

Will result in saving 3 elements:

"custom_attributes": [
  {
    "name": "keyA",
    "value": "newValueA"
  },
  {
    "name": "keyB",
    "value": "valueB"
  },
  {
    "name": "keyC",
    "value": "valueC"
  }
]

Please note that merged profile has to respect current configuration. All mandatory fields have to be provided and all fields have to be consistent. In case merged profile validation fails (e.g. because of changing email that is already used by another person), person creation will still be blocked despite setting person_creation_interrupted to false.

Deleting person attributes

Currently it is impossible to delete person attributes and values in delete_profile_attributes are ignored.