Login Alias
Background
Best practices
- Instagram allows users to change their username multiple times
Principles
- 🏡Instead of changing the login we are creating an alias, so old login is kept and can be used to log in
- Rationale: Login value is used extensively in the data, so it is hard to change the value
- 🏡Login table keeps workspace ID of the aliased login in the AliasedLoginWSID field
- Rationale: This is the only way to route the request from the Alias workspace to the Login workspace since we do not keep actual Login value, only hash
- Alias can be changed
- Previous alias is deactivated and can be re-used
Architecture
Create Login Alias
-
User calls
c.CreateLoginAliasin registry.AppWorkspaceWS[Alias] to create an alias for their Login -
c.CreateLoginAliasinserts a record intocdoc.Login, setting theAliasedLoginWSID,AliasedLoginHashfields- Update of the
cdoc.Login.AliasedLoginWSIDtriggersap.ApplyCreateLoginAlias
- Update of the
-
ap.ApplyCreateLoginAlias- Invokes
c.RegisterCreatedAliasin registry.AppWorkspaceWS[Login]
- Invokes
-
c.RegisterCreatedAliasupdatescdoc.Logintable, setting theAliasWSIDandAliasHashfields- Update of the
cdoc.Login.Alias*fields triggersap.RegisterCreatedAlias - calls
c.DeactivateAliasin registry.AppWorkspaceWS[OldLoginAlias] - calls
c.CreateAliasin registry.AppWorkspaceWS[NewLoginAlias]
- Update of the
-
User calls
q.IssuePrincipalTokenin registry.AppWorkspaceWS[Alias] multiple times until it succeeds -
q.IssuePrincipalToken in registry.AppWorkspaceWS[Alias]
- Reads
cdoc.Loginand routes the request to the q.IssuePrincipalToken in registry.AppWorkspaceWS[Login]
- Reads
-
User calls
c.CreateLoginAliasin registry.AppWorkspaceWS[Login] to create an alias for their Login -
c.CreateLoginAliasinserts a record intocdoc.Loginsetting theAliasedLoginWSIDfield -
Update of the
cdoc.Logintriggersap.ApplyCreateLoginAlias -
ap.ApplyCreateLoginAlias- calls
c.DeactivateAliasin registry.AppWorkspaceWS[OldLoginAlias] - calls
c.CreateAliasin registry.AppWorkspaceWS[NewLoginAlias]
- calls
-
User calls
q.IssuePrincipalTokenin registry.AppWorkspaceWS[Alias] multiple times until it succeeds -
q.IssuePrincipalToken in registry.AppWorkspaceWS[Alias]
- Reads
cdoc.Loginand routes the request to the q.IssuePrincipalToken in registry.AppWorkspaceWS[Login]
- Reads
IssuePrincipalToken for Alias
- User calls
q.IssuePrincipalTokenin registry.AppWorkspaceWS[Alias] q.IssuePrincipalTokenreadscdoc.LoginAliasand routes the request to the Login workspace
Components
cdoc.LoginAlias
cdoc.LoginAlias: Keeps the alias for the Login- Fields:
Login: the Login of the userAlias: the alias for the LoginPreviousAlias: the previous alias, if existsCreatedAt: timestamp when the alias was createdExpiresAt: timestamp when the alias expires (if applicable)
c.IssueCreateAliasToken
c.IssueCreateAliasToken: Called by the user to issue a CreateAliasToken- Workspace: registry.AppWorkspaceWS[Login]
- AuthZ: ??? How to name the role for authenticated user
- Parameters:
- LoginAsEmail: verified, must match the Login
- Alias: the new alias to be created
- Errors:
- LoginAsEmail does not match the Login
- Workspace is not the Login workspace
- Behavior:
- Creates a
cmp.LoginAliasTokenwith TTL of 1 minute - PreviousAlias (may be empty)
- NewAlias
- Creates a
registry.AppWorkspaceWS:
~c.IssueCreateAliasToken~uncvrd1❓: Called by the user to issue a CreateAliasToken- AuthZ: ??? How to name the role for authenticated user
- Parameters:
- LoginAsEmail: verified, must match the Login
- Alias: the new alias to be created
cmp.LoginAliasToken:- TTL is 1 minute
- PreviousAlias (may be empty)
- NewAlias
c.CreateAlias: Called by the user to create an alias for their Login- Workspace: Alias pseudo-workspace
- Bevarior:
- Creates an alias for the Login
- Triggers ap.ApplyCreateAlias
ap.ApplyCreateAlias: Triggered by CreateAlias- Workspace: same as CreateAlias
- Invokes DeactivateAlias in the workspace of the PreviousAlias
c.DeactivateAlias: Invoked by ApplyCreateAlias- Called by the system only to deactivate the alias