- 16 Oct 2024
- 17 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
AccountService
- Updated on 16 Oct 2024
- 17 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
April 30th 2024
Header | Description |
---|---|
Simultaneous logout of multiple clients (RTL-6317) | User's can be logged out of all configured applications using AccountService, while logging out of one of them. All application's have to be part of the same loyalty program. |
November 30th 2023
AccountServiceIntegration job UserWithMemberMerger
(RTL-6270)
The new job "UserWithMemberMerger" imports external users and converts imported data into user accounts (processed by AccountService)
and member identities (processed by MemberService and CustomerService).
Support for organization membership type in AccountService
(RTL-6289)
AccountService supports registration of pre-existing organization membership types through custom registration form that requires password only.
On boarding messages (text or email) for organizations have templates separated from standard on boarding messages.
Management API for user lookup in Account Service
(RTL-6628)
The Account Service Management API was extended with a method to lookup users based on different identifiers such as Email, Mobile, SSN or subject.
More info can be found here.
June 30th 2023
Improvements
Header | Description |
---|---|
Change name of menu item in AccountManagement (RTL-5304) | Some minor text changes has been made to menu items leading to Account configuration and User accounts |
Changing mobile number (before reg is done) does not reonboard user in vipps (RTL-5557) | When changing a mobile number on a member in EG Loyalty, the on-boarding process in AccountService will be triggered. On-boarding a user can now be triggered again by changing mobile number in ChainWeb. |
Avoid Address lookup if the Member already exists (RTL-6230) | Added a control mechanism that checks for the origin of the member data to prevent double address lookup's. |
When creating a new member using BankID we send an invalid link (RTL-5866) | Events are now processed in the correct order, preventing sending of invalid links |
April 30th 2023
Support for configurable order of objects in the log in page
(RTL-5030)
New configuration makes it possible to decide if the provider section should be on top or at the bottom of the log-in page. It is also possible to change the order of the different providers within the provider section.
Improvements
Header | Description |
---|---|
Log-in button locked state (RTL-5029) | When choosing to log in without password the log-in button gets locked/disabled for 30 seconds. |
March 31st 2023
Perform phone number address lookup during registration
(RTL-4519)
The new Parameter 'Address Lookup' was added to the Mobile and SSN settings in Account Service Configuration. It introduced support for performing phone number lookups as a part of the prefetch step during registration.
Changes to provider buttons
(RTL-5637)
Changes has been made to all provider buttons, to make sure they align with the guidelines given by the providers
Improvements
Header | Description |
---|---|
Validation of mobile number (RTL-5356) | Mobile number field is validated during login and registration. |
Logo shouldnt redirect to root, if root is not configured (RTL-5665) | Logo on login page will only link to root if RootRedirectUrl is configured |
February 28th 2023
Added force identifier verification feature (on login) for unverified users
(RTL-2126)
We now force verification for logins on unverified identifiers.
Improvements
Header | Description |
---|---|
Improved logging (RTL-5373) | Fixed conflict when registering on different concepts with Swedish BankID. |
Improved error handling (RTL-4813) | Added error handling when the end users state cookie has expired for Swedish BankID. |
Block or Ignore POSTs on Root | Posting to the root address of Account Service does not throw/log internal server error 500 and the 404 Not Found status is displayed instead. |
January 31st 2023
Onboarding member through Vipps
(RTL-4435)
AccountService supports external authentication for Vipps phonenumber/CIBA flow.
Password requirements
(RTL-4945)
Password is not required for registration with all external authentication registration (Vipps, BankID,Facebook, AppleID).
Automatic check of communication flag
(RTL-5135)
Communication flag for SMS or email is only checked automatically if email address or mobile number is registered.
Improvements
Header | Description |
---|---|
Update default text for communication terms (RTL-5263) | The default text for communication description was changed to :
|
Improvements to alignment of default texts (RTL-4846) | All texts has been left aligned |
December 31st 2022
Update Default Text in Account Service
(RTL-4921)
The default text in Account Service was unified and updated in all three languages (EN, NO, SE)
Improvements
Header | Description |
---|---|
BankID registration (RTL-5132) | Optional configured email or mobile fields will not appear as "invalid format" if they are not filled out |
November 30th 2022
AccountService UI - Account's list view
(RTL-4750)
A view with information about all accounts in AccountService is available. And can be found in the Chain Web menu: System > Account > Accounts Access to the view is managed by using the 'View Accounts' permission stored in the 'AccountService' permission group.
Visibility of stores in Account Service registration
(RTL-4287)
It is possible to edit the list of stores displayed in user registration in AccountService.
Only stores that are active and that are not added in the section "Hidden stores" in AccountService management are displayed as possible home stores for new members
Improvements
Header | Description |
---|---|
Only the primary identifier (email/mobile) is used for on-boarding. On-boarding log is not modified with non-primary identifier, hence end users will no longer get both email and mobile confirmation messages. | |
Http failure response when fetching stores to the registration page (RTL-4605) | Account Service does not fetch stores to the registration page when the home store field is disabled. |
October 31st 2022
Implement Apple Id support
(RTL-4653)
Added support for apple ID external authentication.
Improvements
Header | Description |
---|---|
Terms config in AccountService Management UI (RTL-4463) | Added missing terms and translations to the Management UI |
September 30th 2022
Open Client (Webshops) Should be able to specify language for Account Service UI
(RTL-3739)
The .AspNetCore.Culture cookie that overrides the browser language was implemented. That means it is possible to specify one of the supported languages: (nb-NO, sv-SE, en-US) causing AccountService to display the UI content in the selected language.
Not specifying a language, specifying a none-supported language or any other value defaults the page to the browser language.
Support scale-out for SignalR
(RTL-3965)
Created provider structure for notifications and added Azure SignalR service, so we now Support Scale-out for SignalR.
Improvements
Header | Description |
---|---|
Shortened URL loose validity after swap (RTL-4507) | Verification links from e-mail or text message won't lose validity when swapping AccountService slots. |
Modify 'not valid before' parameter of Azure SignalR access tokens (RTL-4563) | The 'not valid before' parameter of Azure SignalR access token is set to current dateTime minus 5 minutes in order to make the integration between SignalR server and AccounService instance more reliable |
Changing identifier value to the current identifier (RTL-4456) | When sending a request to change user identifier via PUT api/external/user/{userIdentifier}/identifier the response returns '200 Ok' status code if request contains the same identifier as the current user's identifier. Since changing the identifier to an existing one requires no processing it is marked as a successful request. |
Invalid returnURL (RTL-4145) | Fixed invalid return URL's for bankid, it now returns the correct error message. |
Missing translations in AccountManagement module (RTL-4129) | Account permissions are translated into Norwegian and Swedish. |
Multiple concurrent requests to change identifiers (RTL-4006) |
|
Navigating between windows (RTL-3938) | A back arrow is displayed above the header allowing to go back to the previous window in Firefox, Chrome and Edge. |
Missing fields in AccountService Management (RTL-2578) | Account Service Management UI contains all configuration fields , which enable easier configuration by using the designed UI. |
April 28th 2022
Logo Should Always Redirect to Root(which in turn uses config)
(RTL-3558)
After pressing AccountService logo during BankID login option user is being redirected to the login session and has no more difficulty with the page being only refreshed.
AccountService added features
(RTL-3595)
Added functionality/config for looking up RP certificates by using thumbprint as opposed to common name.
(RTL-3586)
Added multi tenant support for BankID.
March 31st 2022
External Frontend Usage Leads to Missing SSN on Users
(RTL-2950)
Clients' data regarding SSN that are registered using external frontend are properly saved and stored in the Account Service database in dbo.User table, as well as, in the MemberInfoService database in Ident.Person table.
Update MergeUser Procedure to Fit Extended Identitynumber/Loyalty Index
(RTL-3396)
The MergeUser procedure was updated and it is possible to export users from MyPage to AccountService using the UserMerger job.
Only Login with BankID
(RTL-3531)
Added configuration to disable registration with BankID when BankID login is activated. The purpose here will be that our customers can choose one to have both, or one of the possibilitets with BankID
February 21st 2022
Update Npm packages
(RTL-3223)
Solution doesn't depend on npm packages with high or critical vulnerability - Npm packages were updated properly.
Failed Dependency Application Insights Logging
(RTL-3230)
The 404 dependency calls to MemberInfoService GET/api/MemberIdentity/[LoyaltyProgram][IdentifierType] are marked as succeeded instead of failed operations when the failure is a result of a normal part of the flow and should not confuse the user.
Config UI - Do not Serialize Enums to Numbers
(RTL-3238)
When setting the desired configuration for Account Service in specifically designed UI (System->Concepts->LoyaltyPrograms->Configuration) enums saved to json configuration stored in DB are serialized as strings. What is more, AccountService accepts json configuration where enums are serialized both as numbers and string.
Membership registration
(RTL-3257)
Membership registration works for members where email was already registered without SSN.
January 27th 2022
Loyalty program on identity
(RTL-2302)
It is possible to create and edit account in Account Service.
Exceptions for AccountService are Logged Three Times in AppInsight
(RTL-2548)
Exceptions for AccountService are not logged three times in AppInsignts anymore. Only one exception is being logged for errors.
What is more, 400 Bad Request Exception logged when trying to use unknown domains was simplified.
Register with social security number
(RTL-2760)
Fixed an issue that made it possible for users to register for any existing SSN (in MemberService).
AccountService checks if the email matches the email on the membership.
Logging
(RTL-2764)
AccountService will logs client side errors (exceptions) in AppInsight under the "Browser" (Server|Browser) category. This will make it easier to detect problems in the end users browser.
Autofill with saved password
(RTL-2804)
The "City" field is not automatically filled with the login saved in the browser.
Login with Facebook
(RTL-2956)
AccountService supports multiple external authentication providers.
To configure the Facebook integration you need a Facebook developer account, Facebook app registration and Facebook login product enabled.
Swagger is not being displayed
(RTL-3055)
Broken error handling was improved and Swagger page is available now.
Registration fails with 500 when registering only passwords (Marqet setup)
(RTL-3144)
Due to a bug in frontend, which caused users have empty phone number, MQ clients failed to complete user registration in AccountService. The bug originates from RTL-2620 and this hotfix restores MQ registration flow.
Fix for error logging related to verification page
(RTL-3172)
Open verification link in different browser does not generate client side error
Registration of members with SSN but missing email
(RTL-3179)
During registration if we find a member with correct SSN and missing email we assign this membership to the registering user.
Correctly initialize array
(RTL-3208)
It is possible to finish registration in Account Service from invitation link based on Member created in Chain Web.
December 21st 2021
Exceptions for AccountService are Logged Three Times in AppInsight
Exceptions for AccountService are not logged three times in AppInsignts anymore. Only one exception is being logged for errors.
What is more, 400 Bad Request Exception logged when trying to use unknown domains was simplified.
Login with BankID in Sweden
AccountService supports multiple external authentication providers.
In order to login with Accountservice the customer (tenant) needs it's own BankID agreement.
November 26th 2021
Login with Vipps
(RTL-2134)
Account service supports multiple external authentication providers. To configure the Vipps integration you will need an agreement with the Vipps corporation and and access to https://portal.vipps.no/ . A requirement for the agreement, is to have the company (corresponding to the tenant concept) organization number shown on the client application front page. This also includes the login page.
Automatic trim whitespaces of all identifier fields
(RTL-2441)
In order to avoid the validation error, it is not possible to put a space at the beginning and end of the identifier. Automatic trim works during registration (verification and registration step), login and password change for all types of identifiers (email, mobile, SSN).
Introduce SSN field (for bankid) in database
(RTL-2658)
Introduced SocialSecurityNumber (SSN) and SocialSecurityNumberConfirmed field to User data to support future BankId scenarios that requires user lookup based on SSN.
Unable to update MemberIdentity at GG due to missing address data
(RTL-2690)
From now on even members with incompleted address will be able to create user in AccountService.
Delete exception on fallback
(RTL-2691)
The fallback code was removed from delete method. That means, Account Service is not falling when it can not find user in Account Service that should have been deleted.
Wrong text on Swedish password validation length
(RTL-2769)
Corrected Swedish warning message in AccountService about incorrect password length.
Introduce age validation on ssn registration
(RTL-2826)
Registration with SSN valid new member's age. Minimal age is configurable.
In case of non-fulfillment of the registration conditions (under required age or invalid SSN) user get appropriate information.
Added fallback option for user in UI.
(RTL-2843)
If redirect does not work, user can click a button to navigate to the proper location.
October 29th 2021
Change texts in reset password view
(RTL-1538)
Swedish and Norwegian translations in change password view - header and description for:
email identification
mobile identification
email or mobile identification
were implemented.
AspNet identity performs unnecessary username lookup during registration validation
(RTL-2693)
In case of reserved email or mobile while register view is open user get appropriate message: 'The specified mobile number has already been reserved. Please try a different number.' or the specified email has already been reserved. Please try a different address.'
05 Oct 2021
Exception when email address is changed before confirmation
(RTL-2402)
Changing the e-mail address for recently created member in ChainWeb before confirming email, no longer results in Account Service 'PUT UserExternal/ForceChangeIdentifier' exception.
Forgot password show sent labels or error messages
(RTL-2440)
MyPage users will get 'resend email' message and feedback message displayed in AccountService UI, when clicking 'send' button in reset password view.
User is Able to Trigger Two Registration Calls Causing Index Collision
(RTL-2497)
Index collision caused by triggering two registration calls is not happening anymore.
That means, when user is trying to register, and click at 'Register' button, it becomes disabled to prevent from triggering the second registration within one process.
What is more, when registration fails, the appropriate error message is being displayed and user is informed about particular obstacle and able to continue or retry the registration process once again (Register button becomes enabled in such situations).
25 Aug 2021
Create Config UI for Account Service
(RTL-289)
The UI for all configuration fields in Account Service has been created and contains all recently existing fields in a form of checkboxes, drop-down lists or input fields. It can be found under system menu icon -> Account Management -> Concepts.
What is more, the configuration set in UI is correctly saved in dbo.LoyaltyProgram and displayed in Account Service page.
Important:
Loading apropriate configuration in Account Service page can varry between 1-30 min (cash = 30min) - waiting time depends on the moment user submits required changes.
Countdown removed
(RTL-2066)
Removed the countdown when registering by mobile, instead a message will appear stating that the user can send a new registration/login link in 30 seconds. Also did some minor text improvements.
Registration Fails in Account Service if Member has Empty Address Fields
(RTL-2108)
Registration of members that have partial (incorrect) address fields onpremise does not fail.
That means, if member has partial (incorrect) address and address is not configurable in AS, MemberIdentity with partial (incorrect) address is transformed before upserting to MemberInfoservice and invalid address is removed. However, if member has partial (incorrect) addres and address is configurable in AS (user can fill it), MemberIdentity with partial (incorrect) address is validate in UI before upserting to MemberInfoservice.
HEAD Requests
(RTL-2183)
Fixed so that HEAD requests with params now returns 200. If no params are present, 404 will be returned and logged.
Add Support for MemberIdentityOnBoardingReady
(RTL-1553)
It is possible to create account in AccountService for members created in store.
That means, when member is created in store, user receives email or SMS invitation message sent on defined email address or mobile number and is able to finish registration process that leads to creating account in AccountService.
30 Jun 2021
Loading of AccountService
(RTL-1974)
While confirming membership via email verification, the "enter SSN to register" field was briefly visible while the page was loading. This has been removed.
Conflict error message
(RTL-2039)
If a mobile number is in use on-premise and is configured to be unique, AccountService will correctly display an error message to the user stating that the number is in use. Previously, there was only an error message stating "something is wrong. Please contact administrator". The user is now able to see why the error occurred.
Countdown removed
(RTL-2066)
Removed the countdown when registering by mobile, instead a message will appear stating that the user can send a new registration/login link in 30 seconds. Also did some minor text improvements.
Fixed an issue with registration if a member had empty adress, name of mobile fields.
(RTL-2159)
AccountService does not reqiure most of this information but it would fail in MemberInfoService. We now ignore this failed validation and the member can be onboarded anyway as none of this information is required for AccountService.
31 May 2021
Cleanup in AccountService
(RTL-1871)
StagingCleanup job has been added to AccountServiceIntegration. Enable it to clean staging from old or processed items
Registering member with landline phonenumber
(RTL-2054)
Previously, landline numbers would fail validation in MemberInfoService when sending it to AccountService. This correction, nulls out the phonenumber for AccountService to allow the registration to finish.
30 Apr 2021
Import of store data
(RTL-48)
Store data is imported to AccountService from StoreService, which will allow members to add home store to the member during registration.
Add social security number in registration process
(RTL-61)
Social security number is implemented in member registration process. In AccountService webapp after confirming an email address, the user have to add social security number, which allow to fetch personal information, such as name and address which will later on be added to the member.
Add support for changing member email
(RTL-1508)
When member's email is changed in Chain Web, then it is properly updated in account service in both MemberOnboard and User tables.
Support for blank emails has been added. When member's email is changed in Chain Web to a blank one, then in account service it is saved as a hash.
LPMembers-Configuration of identifiers.
(RTL-1551)
MemberNumberAsIdentity identifier was added to MemberInfoService and AccountService to map identity and membership from on-premise to cloud correctly.
Now to modes of mapping are possible:
MemberNumberAsIdentity - Identity number be set to MemberId and Membership number is set to HouseholdId.
SocialSecurityNumberAsIdentity - Identity number is set to SocialId if it is defined otherwise to MemberId, and Membership number is be set to MemberId.
After creating a certain member through ChainWeb or API, it gets the appropriate identifier, is correctly onboarded in AccountService and loaded as a user after finishing registration in AccountService.
Requirements:
LpMemberIdentifierMode Parameter in MemberInfoService should be set to MemberNumberAsIdentity (or SocialSecurityNumberAsIdentity for existing customers) on integration package (package config) and service (tenant admin). MemberNumberAsIdentity is default value for new installations so configuration is not required then.
LpMemberIdentifierMode Parameter in AccountService should be set to MemberNumberAsIdentity (or SocialSecurityNumberAsIdentity for existing customers) on integration package (package config). MemberNumberAsIdentity is default value for new installations so configuration is not required then.
Add home store in registration process
(RTL-1761)
It is possible to register member with the home store - by using new component dropdown list. The dropdown list consists of stores which are presented in the dbo.Store table in AccountService database.
When changing configurationJson in dbo.LoyaltyProgram, it is possible to enable/disable the home store dropdown list or set to mandatory.
29 Mar 2021
Added deletion of memberships
(RTL-270)
Added deletion of memberships for AccountService and MemberInfoService. Deleting a member on-premise in Chain Web will export a message and delete the member in the cloud databases of AccountService and MemberInfoService.
Configuration:
The following LIP jobs have been added:
MemberServiceEventHandler - Default configuration
MemberInfoServiceEventHandler - Default configuration
MemberDeactivation - Default configuration, change CRON run times if needed. Every 1 - 5 minutes recommended.
Added support for older hashing algorithms
(RTL-1532)
Added support for the older type of password hashing algorithms used by MyPage. Both Bcrypt and pre-Bcrypt is supported. If a user is migrated to AccountService from MyPage, and has the old hashing algorithm, the "old" password will still work. And upon login or using "Forgot password" the hashing algorithm will be updated to the newer version used by AccountService, while maintaining the same password for the user.
Add Preferred Communication Channel in Registration Process.
(RTL-1537)
When creating a member in AccountService v.2 it is possible to select preferred communication channel in the registration. Whether or not this section is displayed in registration is configurable.
Required configuration:
In Lindbak AccountService db add "communicationTerms" parametr and set its mode to:
mode 0 = mandatory
mode 1 = visible
mode 2 = read only
mode 3 = disabled
in [dbo].[LoyaltyProgram] column [ConfigurationJson]
Module | Description |
---|---|
AccountServiceIntegration (RTL-1512) | Improve mass onboarding error handling If there is an already onboarded member in a loyalty program with an email, then another member with the same email will not be onboarded in this loyalty program. |
AccountServiceIntegration (RTL-1629) | Phone number validation error Corrected an issue where a user would register themselves via the forgot password link when they had no previous account. The issue would lead to the account being created, but the phone number being wrong and hence, the user was unable to log in. This only applied to tenants using mobile as primary identifier. |
28 Feb 2021
URL shortening for SMS links
(RTL-1387)
It is possible to shorten the verification URL sent on SMS to user when registering via AccountService. For this to be useable, AccountService should be configured for mobilenumber registration
29 Jan 2021
Birth date as a field in registration process
(RTL-215)
It is possible to add birth date as a field in registration process - it can be typed manually or picked by using calendar. It is configurable whether or not it is mandatory to be of a certain age to be allowed to register.
Improvements
Module | Description |
---|---|
Add support for data analysis terms in registration process | Support for data analysis terms in registration process has been implemented. Now by applying proper configuration, it is possible to:
|
WebApp: Add support for terms approval in registration process | Support for terms approval in registration process has been implemented. It is possible to add member terms checkBox with descriptions and link - which can be customizable by using configurationJson in dbo.loyaltyProgram table. If we don't add the configuration, then user will see member terms checkbox with descriptions and link - and during registration process user must accept member terms to register |