Infrastructure

The following is up to date as of: Jan 7th, 2025

Overview

        architecture-beta

    service fxa(cloud)[FXA]
    service tbaccounts(server)[TB Accounts]
    service cache(database)[Token Cache]
    service tbservice(server)[Service]


    fxa:L -- R:tbaccounts
    cache:B -- T:tbaccounts
    tbaccounts:L -- R:tbservice
    cache:L -- B:tbservice
    
Definitions

Service

Description

FXA

Mozilla Accounts used for the actual authentication

TB Accounts

This service. Allows for easy sharing of session, user information, payment information, etc between Thunderbird Services

Service

A generic stand-in for one of our service offerings (Appointment, Send, etc…)

Token Cache

A caching server (like redis or memcache) storing authentication session and user profile data

Authentication Flow

The entire authentication flow:

        sequenceDiagram
  participant User
  participant Service
  participant Cache
  participant TB Accounts
  participant FXA

  User-->>TB Accounts: Lands on TB Accounts for authentication check

  alt If TB Accounts session auth is invalid or fxa creds are invalid
  TB Accounts-->>FXA: Sends user to OAuth
  FXA-->>TB Accounts: Callback to TB Accounts
  end

  #opt Infra note
  #Service->TB Accounts: Share Session Secret(?)
  #end

  TB Accounts-->>Cache: Stores session id & cached user data

  TB Accounts-->>Service: Passes TB Account's session id
  Service-->>User: Passes TB Account's session id
    

How A Service Would Validate User Authentication

        sequenceDiagram
  participant User
  participant Service
  participant Cache
  participant TB Accounts
  participant FXA

  User->>Service: Any auth-required request with session id
  Service->>Cache: Forward session id
  Cache->Cache: Ensure session id exists
  Service->Cache: Return latest user profile information if session is valid