Healthcare - Identity Verification and Managed Credential Issuance with Biometric Binding - Subflow

The Healthcare - Identity Verification and Managed Credential Issuance with Biometric Binding - Subflow uses PingOne Verify to verify the user and issue credentials.

Purpose

The Healthcare - Identity Verification and Managed Credential Issuance with Biometric Binding - Subflow lets users supply email and phone number information, then verifies their identity using PingOne Verify. It uses the Healthcare - Pair A Digital Wallet - Subflow to pair a digital wallet and issues relevant credentials to that wallet.

Structure

This flow is divided into sections using teleport nodes:

Registration using Identity Verification + Managed Credential Issuance

Uses a hidden HTML node and function nodes to gather user information and set variables, then presents the user with a consent form.

If the user consents, an HTML node gathers the user’s email and phone number. A function node discards any modifications to the user’s email, then a PingOne node looks for existing users with a matching email. If no user exists with a matching email, a new user is created:

If the new user creation succeeds, a PingOne node disables the new user and the flow progresses to the Verify And Issue Credentials To Wallet section.
If the new user creation fails, a function node evaluates the phone number and displays a targeted error message if the phone number isn’t valid.

Verify And Issue Credentials To Wallet

The flow progresses to the Initiate Verification section.

When this section completes, a function node increments the number of verification attempts, then the flow progresses to the Process Verification section.

When this section completes, a function node checks whether the verification was successful:

If the verification was successful, a function node checks whether credentials should be issued to a digital wallet:
- If credentials shouldn’t be issued to a digital wallet, the flow progresses to the Return Success Response section.
- If credentials should be issued to a digital wallet, the Healthcare - Pair A Digital Wallet - Subflow is invoked. If the subflow completes successfully, HTTP nodes get an access token and issue credentials to the user’s wallet, then a PingOne node reads the updated user information. The flow then progresses to the Return Success Response section.
If the verification wasn’t successful, a function node checks if the verification limit has been exceeded. If not, an error page lets the user choose an action, and the flow progresses to the beginning of the Verify And Issue Credentials To Wallet section if the user retries or to the Return Success Response section if the user cancels.

Initiate Verification

Uses a PingOne Verify node to create a transaction:

If the transaction creation succeeds, a verification QR code is displayed, then a PingOne Verify node reads the transaction. A function node confirms that the verification has begun, then the flow progresses to the Process Verification section.
If the transaction creation fails, a function node checks if the user email or phone number was invalid. If so, a PingOne node deletes the user and an error message is displayed.

Process Verification

Displays an HTML node indicating that verification is in progress, then uses a PingOne Verify node to read the verification transaction. A function node then checks the verification status:

If the verification succeeded, PingOne Verify nodes retrieve the user’s selfie, user data, and transaction metadata. An HTML node requests that the user verify the data, then custom functions package the data and a PingOne node updates the user information. The flow then returns to the Verify And Issue Credentials To Wallet section.
If the verification failed, the flow returns to the Verify And Issue Credentials To Wallet section.
If the verification has no status yet, polling continues.

Return Success Response

Uses a PingOne node to delete the user entry if the user canceled and the user ID is known, then ends a success JSON response, indicating that the flow completed successfully.

Return Error Response

Uses a PingOne node to delete the user entry if the user ID is known. The flow then uses a function node to enrich the error details, then sends an error JSON response indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs:

Input name Required Description

Input name	Required	Description
`emailAddress`	No	The user’s email address.
`verifyPolicyId`	Yes	The PingOne Verify policy ID.
`verificationLimit`	No	The maximum number of times the user can attempt verification.
`issueCredentialsToWallet`	No	A Boolean that controls whether credentials are issued to the user’s wallet. If it is set to `false`, the flow only performs verification using PingOne Verify.
`digitalWalletApplicationId`	No	The ID of the user’s digital wallet application.
`verifiedIdentityCredentialTypeId`	No	The ID of the user’s credential type.
`companyLogo`	No	The company logo. Used only when the main flow was launched using a redirect.

emailAddress

The user’s email address.

verifyPolicyId

Yes

The PingOne Verify policy ID.

verificationLimit

The maximum number of times the user can attempt verification.

issueCredentialsToWallet

A Boolean that controls whether credentials are issued to the user’s wallet. If it is set to false, the flow only performs verification using PingOne Verify.

digitalWalletApplicationId

The ID of the user’s digital wallet application.

verifiedIdentityCredentialTypeId

The ID of the user’s credential type.

companyLogo

The company logo.

Used only when the main flow was launched using a redirect.

Output schema

This flow has the following outputs:

Output name Description

Output name	Description
`subflowResult`	The result status of the flow.
`p1UserId`	The user’s PingOne user ID.
`email`	The user’s email address.
`firstName`	The user’s first name.
`isEmailVerified`	A Boolean indicating whether the user’s email address has been verified.
`errorMessage`	The error message to display in the parent flow.
`errorDetails`	The details of the error that occurred in this flow.

subflowResult

The result status of the flow.

p1UserId

The user’s PingOne user ID.

email

The user’s email address.

firstName

The user’s first name.

isEmailVerified

A Boolean indicating whether the user’s email address has been verified.

errorMessage

The error message to display in the parent flow.

errorDetails

The details of the error that occurred in this flow.

Variables and parameters

This flow uses the following variable or parameter values:

Variable name Description

Variable name	Description
`p1VerifyPolicyId`	The PingOne Verify policy ID.
`digitalWalletApplicationId`	The ID of the user’s digital wallet application.
`pingOneAPIBaseUrl`	The URL of the PingOne APIs for the user’s region.
`verifiedIdentityCredentialTypeId`	The ID of the user’s credential type.
`authPath`	The authorization URL using the user’s region and the company ID.
`verificationValidationAttempts`	The number of times the user has attempted to verify their identity.

p1VerifyPolicyId

The PingOne Verify policy ID.

digitalWalletApplicationId

The ID of the user’s digital wallet application.

pingOneAPIBaseUrl

The URL of the PingOne APIs for the user’s region.

verifiedIdentityCredentialTypeId

The ID of the user’s credential type.

authPath

The authorization URL using the user’s region and the company ID.

verificationValidationAttempts

The number of times the user has attempted to verify their identity.

PingOne Solution Packs