Versions Compared

Old Version 42

changes.mady.by.user Hao Hu (Unlicensed)

Saved on

compared with

New Version 43

changes.mady.by.user Hao Hu (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Alice invites Bob to her team by entering his email address.
  2. Web client constructs an EmailInvitation using Bob's email address and Alice's team's id, then uses it to send a POST /emailInvitation request to the backend.
  3. Backend constructs a signed MembershipInvtnSignedToken with Bob's email address, Alice's team's id, Alice's id and a null inviteeId (because we don't know Bob's account's id yet).
  4. Backend serializes the MembershipInvtnSignedToken, embeds it into an invitation link to the web client and sends the link to Bob's email address.
  5. Bob clicks on the link and does one of the following:
    1. Registers a new Synapse account. [1]
      1. Web client checks that Bob's email address is a valid account alias through POST /principal/available.
      2. Web client constructs an AccountSetupInfo [2], then uses it to create Bob's account through POST /account and receives a session token.
    2. Signs in to his existing Synapse account.
      1. Web client retrieves a session token through POST /session.
  6. Web client deserializes and validates the MembershipInvtnSignedToken in the link, then sets the inviteeId to the id of the account Bob used (extracted from the session token).
  7. Web client re-signs the MembershipInvtnSignedToken, then uses it to send a POST /tokenMembershipInvitation request to the backend.
  8. Backend validates the MembershipInvtnSignedToken and uses it to create a MembershipInvitation from Alice's team to Bob's account.
  9. Web client receives backend's 201 response, then directs Bob to his profile's Team tab, where he has a pending MembershipInvitation to Alice's team.
  10. Bob accepts Alice's invitation (using the existing MembershipInvitation services).

Anchor
1
1
[1] Note  Note that this process is a bit different from the normal registration workflow because we are avoiding to have to validate Bob's email address. It'd be nonsensical to ask Bob to validate his email address because he reached this state by clicking a link sent to that very email address. Also note that this workflow only allows Bob to register the email address to which the invitation link was sent.

Anchor
2
2
[2] Note that the web client needs to construct a valid emailValidationToken, making up a timestamp in the process.