# Auth0 - Mobile App Backend Implementation ## Notes ### Today * Login return CRM token * Used for further communication/information ### Future * Login returns success * We need to request an AuthO token * Refresh AuthO token if expired * Straight string replacement? * Where all are we using CRM/AuthO tokens? #### CustomersInfo APIs * Consumer Mobile team created backend CustomersInfo service * Deployed in prod, not taking traffic. Still need to validate end-to-end in QA. * This will be integrated into user-service. #### Device Registration * This is already complete and live in production. * If client is sending CRM token then it can be removed. ## APIs ### ESB Calls * GET_CUSTOMER * GET_POINT_LIST * GET_POINT_SUMMARIES * GET_REWARDS_LIST * GET_ATTRIBUTES ## Architecture ### Overview * Implement replacement calls in existing user-service (running in PCF) * User service will call modernized (Auth0-based) calls provided by My Account team. * When call comes in, if it has Auth0 authorization header and bearer token then we will call Auth0. If it has CRM token then we call legacy. * We can get migration metrics directly from user-service. * Pivot Akamai calls from ESB to Apigee * Create new Akamai property? * Implement API proxies in Apigee #### Calls to be implemented in User Service * CustomersInfo `https://gateway.dcsg.com/ws/v1/crm/customersinfo` ⁽⁰⁾ * CustomersMe `https://crmprod.api.dcsg.com/customerapi/mkt/crm/v1/customers/me` ⁽¹⁾ * Rewards ⁽²⁾ `https://gateway.dcsg.com/ws/vl/crm/customers/me/rewards` * ~~Offers (this is no longer required)~~ * Attributes ⁽²⁾ - scorecard gold `https://gateway.dcsg.com/ws/vl/crm/customers/me/attributes` * Points ⁽³⁾`https://gateway.dcsg.com/ws/vl/crm/customers/me/points` * Point Summaries ⁽³⁾ `https://gateway.dcsg.com/ws/v1/crm/customers/1/B22YK2XG/points/summaries` * PUT /customers/me * Actions - first time login 50 bonus pts `https://gateway.dcsg.com/ws/v1/crm/customers/me/actions` * Apple Wallet (a.k.a. Passbook): `https://www.MyScoreCardAccount.com/crmcdn/getloyaltycardpassbook.ashx?sub_account=&account_type_id=1&token=` * ~~Forgot Username (Android only?) `https://gateway.dcsg.com/ws/v1/crm/accounts/send/username` (via Nate: The Accounts/send/username will not exist going forward because the username is the email address)~~ * Reward Grace Period? ⁽⁰⁾ Coarse-grained call that makes five sub-calls ⁽¹⁾ Called by customersinfo logic ⁽²⁾ Called only as part of CustomersInfo ⁽³⁾ Called as part of CustomersInfo, and dedicated client calls. ## Architecture Diagram ### Miro <https://miro.com/app/board/o9J_kyHJQyc=/?moveToWidget=3074457348038709112&cot=13> ### Sequence Diagrams #### Current Call Flow (a.k.a. Old Route) ```sequence DSG App-->Akamai: Client Request Akamai-->ESB: Client Request ESB-->CRM (token): Client Request CRM (token)-->ESB: Response ESB-->Akamai: Response Akamai-->DSG App: Response ``` #### Modernized Call Flow (a.k.a. New Route) ```sequence DSG App-->Akamai: Client Request Akamai-->Apigee: Client Request Apigee-->User Service: Client Request User Service-->User Service: check headers User Service-->CRM (token): Client Request (token) User Service-->CRM (Auth0): Client Request (Authorization header) User Service-->User Service: transform response User Service-->Apigee: Response Apigee-->Akamai: Response Akamai-->DSG App: Response ``` #### CustomersInfo (old route) ```sequence DSG App-->Akamai: gateway.dcsg.com Akamai-->ESB: /customersinfo ESB-->CRM: /customers/me CRM-->ESB: CustomersMeResponse ESB-->CRM: GET_POINT_LIST ESB-->CRM: GET_POINT_SUMMARIES ESB-->CRM: GET_REWARDS_LIST ESB-->CRM: GET_ATTRIBUTES ESB-->ESB: combine responses ESB-->Akamai: CustomersInfoResponse Akamai-->DSG App: CustomersInfoResponse ``` #### CustomersInfo (new route) ```sequence DSG App-->Akamai: /customersinfo Akamai-->Apigee: /customersinfo Apigee-->User Service: /customersinfo User Service-->CRM (Auth0): /customers/me CRM (Auth0)-->User Service: CustomersMeResponse User Service-->CRM (Auth0): GET_POINT_LIST User Service-->CRM (Auth0): GET_POINT_SUMMARIES User Service-->CRM (Auth0): GET_REWARDS_LIST User Service-->CRM (Auth0): GET_ATTRIBUTES User Service-->User Service: combine responses User Service-->Apigee: CustomersInfoResponse Apigee-->Akamai: CustomersInfoResponse Akamai-->DSG App: CustomersInfoResponse ``` ## Open Questions - [x] Nate to check if attributes call is working properly * sub-call of customersinfo * determines if user is a gold member - [x] Nate to share Get_Rewards_List replacement * (part of customersinfo call replacements) - [x] Nate will provide URLs to replace customer APIs (including "me" APIs) - [x] Opt-Ins need fixed/moved (who owns this?) * SMS, e-rewards, etc. * My Prefs * this is part of /customers/me * there is also a PUT for saving prefs - [x] Need to get passbook separately (best approach for this?) * Apple Wallet * customersinfo returns passbook url * they will no longer return url * short term fix possible * work with Nate - [x] Need to align with Whitney on API to get reward grace period * app has 10 day grace period hardcoded * should get it from crm via some call - [x] Nate and Trevor to figure out network level (public vs private and network hops) * they use AP01 and VP01 * implement circuit breaker in our services (common lib) - [x] Check with Whitney on Get_Point_List MOVE points * New call only shows transaction-based points - [ ] Need to align on sunset date (based on app migration?) - [x] Get API documentation * swagger - [ ] Close the loop on Certona call * uses master customer id ## Legacy User Migration * Credentials populated in Auth0 since holiday 2020. * Legacy users (not in Auth0) will be signed out. * Forgot Password flow will migrate. ## Auth0 Frontend Stories * Sign In * Sign Out * Points Summary * Call MyAccount API directly * Will be part of customer info too * Refresh Access Token * Customer Info (will be pivoted to backend service in PCF) * Get Account Tier (Loyalty Info) * Will be part of customer info, no separate call required from client * My Preferences Page (will be pivoted to backend service in PCF) * Get Points List * Call MyAccount API directly * Will be part of customer info too * Create Account * No longer need to call login after Create Account * Auto Shop Sign In * more info needed from ecomm teams * Legacy User Migration * Forgot password * Related to legacy user migration * Will be used to silently migrate logged-in users ## Raw Notes from Alignment Meeting (5/22) URLs and Swagger for new calls in QA and Prod Jordan walked us through examples using the MyAccount page and Chrome Dev Tools. Attributes call working properly? Jordan showed us the loyaltyinformation call which provides us the gold status. Passbook Apple Wallet. Consumer Mobile team will investigate level of effort to take this over. Opt-Ins Jordan showed us the Account Settings page. We will call directly to External Comms for the Opt-Ins. Reward Grace Period (Whitney) This might become a Firebase config. Get_Point_List MOVE points (Whitney) Not a high priority but Whitney expects it to be picked up in time for Fathers Day. Actions Call - 50 Bonus Points New work for account team to create this call. More Notes /identity - main user info call /loyaltyinformation - scorecard gold Rewards (past and active, activeonly=true) Points summary - Reward amount is the current reward balance Points List - Move Points is missing (expected in time for Fathers Day) Order History - use customer order My Prefs -- identity service for addresses,etc. And calls into athlete service. VP01 is primary for most services, Identity Service primary AP01. ## Enums Reward Status ```c# public enum RewardStatusEnum { Available = 0, Redeemed, Expired } ``` Phone Type ```c# 0 NotFound 1 Mobile 2 Home 3 Work ``` Subscriptions (Mail, Email, Text) ```c# public enum SubscriptionFrequencyEnum { OptOut = 1, All = 2, Monthly = 3, Weekly = 4 } ``` Reward Delivery Method ```c# public enum RewardDeliveryMethodEnum { Mail = 1, Email = 2, } ``` ## Waiting on Implementation from MyAccount Team Updated 6/8/2020 11:30 AM * Replacement for /actions endpoint (first-time sign in bonus points) - in QA * Include MOVE points in /PointsHistory response - in QA * Include master_customer_id in /loyaltyinformation response (for Certona) - need to switch to athlete_ID * Include pointsToNextReward and currentRewardTierin /pointSummary response - in Staging and Gamma