Consent

If consent has been enabled for the local installation of Trust1Connector, a user will not be able to retrieve any data from the connector without first giving explicit consent, agreeing to give access to his/her card reader. Without this consent, all requests to the Trust1Connector will return a 401 Unauthorized response with a specific error code. The Trust1Connector Java library will automatically detect this and throw a NoConsentException. The application should anticipate this exception and use it as a cue to trigger the consent dialog. The consent request contains a code word (randomly generated by an algorithm of choce by the application) which will be shown in the dialog. The idea is that the application will show this code word on screen as well, and if both match, the user can be sure that he is granting consent for the correct application.

Requesting consent can be done as follows:

LibConfig conf = new LibConfig();

IT1cClient client = new T1cClient(conf);

// Execute some functions like reading data from an inserted card
// When a NoConsentException is thrown, get the consent like this:
try {
GclReader reader = client.getCore().pollCardInserted();
} catch (NoConsentException ex) {
    Boolean consent = client.getCore().getConsent("Consent required", "SWORDFISH", 1, GclConsent.AlertLevel.ERROR, GclConsent.AlertPosition.CENTER, GclConsent.Type.READER, 35);
}

This call has 2 required and 4 optional parameters:

1. Title (required): this is a string containing the title for the consent dialog that will be shown to the user
2. Code Word (required): a code word in string format that will be shown in the consent dialog.
3. Consent duration in days (optional): Allows the application the specify how long this consent is to be valid if granted. Defaults to 1; this can be overridden in the GCLConfig
4. Alert level (optional): Allows the "severity" of the popup to be set. Defaults to WARNING. Valid values are: INFORMATION, QUESTION, WARNING, ERROR.
5. Alert position (optional): Sets the positioning on screen of the consent popup. Defaults to STANDARD (exact meaning of this varies between OS's). Valid values are: STANDARD, CENTER, LEFT, RIGHT, TOP, TOP_LEFT, TOP_RIGHT, BOTTOM, BOTTOM_LEFT, BOTTOM_RIGHT.
6. Consent Type (optional): Specifies which type of consent is being requested. Valid values are READER and FILE_EXCHANGE. Defaults to READER.
7. Timeout (optional): Sets the timeout of the consent popup in seconds. If the user did not respond within this timeout, no consent will be granted. Default value is 30 seconds. In order to avoid socket timeouts, this value must not exceed the default value defined in the client configuration.

Response:

java.lang.Boolean

If the response is true, the application can retry the request for which it originally received the NoConsentException.

Consent components

Once consent is given, it will be valid for the consent duration specified in the request. However, the consent is only valid for a specific combination of parameters, which we call the consent components.

The components are the following:

• Username
• Client Identification Token
• Origin/Referer header

The username is derived from the OS, and client identification token is sent along with the consent request (automatically added by the library). The third component identifies the site that is requesting consent. As the Trust1Connector expects a header/origin header to be sent along with the request; the Java library automatically sets this to https://localhost

All three of the components need to match an existing consent for it to be considered valid. As soon as one of the components does not match, it will be considered a different user which will need to give consent, and a NoConsentException will be thrown.