Skip to main content

Mobile Login Flow

Below is our current view of the login flow for mobile. This does not identify any of the underlying architecture but we will go over them at each step.

Flow

  1. A customer logs in via one of our mobile clients.
  2. The mobile client sends an query to our mobile GraphQL server via a mutation. A mutation in GraphQL is an operation that allows you to insert new data or modify data on the server side. You can think of a GraphQL Mutation as the equivalent of POST, PUT, PATCH and DELETE requests in REST.
    1. The loginMutation first tries to login to Hybris. Detailed steps can be found below.
    2. It then extracts the access_token which is returned from login.
    3. Once it has the access_token it then performs a get to Hybris with the following fields DEFAULT,rccMembershipNumber,rccMemberShipEndDate,rccMemberShipStartDate,rccChapter. This is doing using the hybris access token rather than the users.
    4. The returned user objcet is then used to validate if the user has a valid RCC Membership based on todays date.
    5. The mutation then
      1. Checks if the user is existing RDS via Prisma
        1. If they don't then create them
        2. If they do update i migthem and create an Algolia user object. The user object is then added to the Algolia index. More about the Algolia indexes can be found below
    6. The mutation then creates a JWT. The token is signed by the prismaUser ID that was created or updated in the previous step.
    7. A user.login event is then send to the rides-service bus in Eventbridge. The detail includes the primsaUser object. This is used for analytics.
    8. Finally the mutation returns the token and user object back to the client.

Login Function

  1. The login function is called by the loginMutation. It tries to login to Hybris by
    1. Stripping illegal characters
    2. Converting an auth object containing client id and secret as well as the customers email and password into a query string
    3. Sending a POST to the token endpoint with the accompanied querystring
  2. If this fails it then tries to login without stripping the illegal characters
  3. If both of these fail it surfaces an error to the client. These can either be:
    1. Invalid email or password
    2. Hybris is unreachable

Algolia Index

There are currently three Algolia indexes in the mobile backend. These are Users, User Groups and Event Location.

  • The Users index is used to search for users.
  • The User Group index is used for searching which groups a user belongs to or to find new groups.
  • The Event Location allows customers to search for events.

Option 1

Resources