| Table of Contents |
|---|
...
- Inform our users of the risks in the email invitation widget.
- Require the user to type the recipient email address a second time for confirmation.
- Allow the user to invalidate pending invitations.
- Make all invitation links single-use. Also, make them expire after a certain period of time. This prevents a malicious person from using an invitation link they found in an email inbox they hacked.
- Require the consumer of the invitation link to prove that they are the owner of the email address to which Alice sent the email invitation, i.e. prove that they are Bob.
We can do this by sending a verification email to Bob's email address when the invitation link is used.
Proposal
Option 1
Models to implement or modify
| New models | Existing models (modified) | ||||
|---|---|---|---|---|---|
| EmailMembershipInvitationEmailMembershipInvitationId | EmailMembershipInvitationsResponse | EmailValidationSignedToken | InviteeVerificationSignedToken | AccountSetupInfo | NewUser |
emailAddressinviteeEmail teamId createdBy idemailMembershipInvitationId | results - ARRAY<EmailMembershipInvitation> nextPageToken | timestamp hmac | inviteeId emailMembershipInvitationId timestamp hmac | firstName lastName
emailValidationSignedToken username password |
|
Services to implement or modify
| Existing or new | Description | Intended User | URI | Method | Request Parameters | Request Body | Response Body | |||
|---|---|---|---|---|---|---|---|---|---|---|
| New | Create an email membership invitation. Send an email containing an invitation link to the invitee. The link will contain a serialized EmailMembershipInvitationIdEmailMembershipInvitation. | team administrator | /emailMembershipInvitation | POST | portalEndpoint | EmailMembershipInvitation | EmailMembershipInvitation | |||
| Retrieve a pending email membership invitation. The emailAddress field of the response body object will be null. | authenticated user | /emailMembershipInvitation/{id} | GET | -- | -- | EmailMembershipInvitation | ||||
New | Retrieve all the pending email membership invitations from a Team. | team administrator | /team/{id}/emailMembershipInvitations | GET | nextPageToken | -- | EmailMembershipInvitationsResponse | |||
| New | Delete a pending an email membership invitation. | team administrator | /emailMembershipInvitation/{id} | DELETE | -- | -- | -- | |||
| Existing | Start the process of creating a new account, similarly to POST /account/emailValidation, but also the process of associating a membership invitation to the new account. Send a 'validation email' message to the provided email address. The email will contain a link to complete the registration process. The link will contain a serialized EmailValidationSignedToken (used for new account registration) and a serialized EmailMembershipInvitationId EmailMembershipInvitation (used to create membership invitation). Intended to be used in conjunction with POST /account. | public | /emailMembershipInvitation/{id}/account/emailValidation | POST | portalEndpoint, (or extend the existing /account/emailValidation service with an optional parameter emailMembershipInvitationId) | POST | portalEndpoint | emailMembershipInvitationId (optional) | NewUser | -- |
| New | Verify whether the authenticated user is the invitee inviteeEmail of the indicated EmailMembershipInvitation is associated with the authenticated user. If they areit is, the response body will contain an InviteeVerificationSignedToken. If they are it is not, the response body will be null and an identity verification email containing a link will be sent to the address associated with inviteeEmail of the indicated EmailMembershipInvitation. The link will contain a serialized InviteeVerificationSignedToken. | authenticated user | /emailMembershipInvitation/{id}/verification | POST | portalEndpoint | -- | InviteeVerificationSignedToken | |||
| New | Create a MembershipInvitation. The invitation is created from the team associated with the given email membership invitation to the currently authenticated user. A valid InviteeVerificationSignedToken must have an inviteeId equal to the id of the authenticated user and an emailInvitationId emailMembershipInvitationId equal to the id in the URI. Doesn't send any email notifications. | authenticated user | /emailMembershipInvitation/{id}/membershipInvitation | POST | -- | InviteeVerificationSignedToken | MembershipInvtnSubmission |
Related services: POST /account, POST /session
Option 2
Models to implement or modify
| New models | Existing models | |||
|---|---|---|---|---|
| EmailValidationSignedToken | InviteeVerificationSignedToken | MembershipInvtnSubmission | AccountSetupInfo | NewUser |
timestamp hmac | inviteeId membershipInvitationId timestamp hmac | createdOn message id createdBy expiresOn inviteeId teamId inviteeEmail | firstName lastName
emailValidationSignedToken username password |
|
Services to implement or modify
| Existing or new | Description | Intended User | URI | Method | Request Parameters | Request Body | Response Body |
|---|---|---|---|---|---|---|---|
| Existing | Create a membership invitation. The team must be specified. Either an inviteeId or an inviteeEmail must be specified.Existing service If an inviteeEmail is specified, send an email containing an invitation link to the invitee. The link will contain a serialized MembershipInvtnSubmission. | team administrator | /membershipInvitation | POST | acceptInvitationEndpoint (optional) notificationUnsubscribeEndpoint (optional) | MembershipInvtnSubmission | MembershipInvtnSubmission |
Existing | Start the process of creating a new account, and optionally also the process of associating a membership invitation to the new account.Existing service Send a 'validation email' message to the provided email address. The email will contain a link to complete the registration process. The link will contain a serialized EmailValidationSignedToken (used for new account registration) and optionally, a serialized EmailMembershipInvitation (used to associate membership invitation). Intended to be used in conjunction with POST /account. | public | /account/emailValidation | POST | portalEndpoint, membershipInvitationId (optional) | NewUser | -- |
| New | Verify whether the inviteeEmail of the indicated MembershipInvitation is associated with the authenticated user. If it is, the response body will contain an InviteeVerificationSignedToken. If it is not, the response body will be null and an identity verification email containing a link will be sent to the inviteeEmail of the indicated MembershipInvitation. The link will contain a serialized InviteeVerificationSignedToken. This call will only succeed if the indicated MembershipInvitation has a null inviteeId and a non null inviteeEmail. | authenticated user | /membershipInvitation/{id}/verification | POST | portalEndpoint | -- | InviteeVerificationSignedToken |
New | Set the inviteeId of a MembershipInvitation. A valid InviteeVerificationSignedToken must have an inviteeId equal to the id of the authenticated user and an membershipInvitationId equal to the id in the URI. This call will only succeed if the indicated MembershipInvitation has a null inviteeId and a non null inviteeEmail. | authenticated user | /membershipInvitation/{id}/inviteeId | PUT | -- | InviteeVerificationSignedToken | MembershipInvtnSubmission |
Related services: POST /account, POST /session
...