workspace extends ../models/models.dsl { name "Authentication System" description "Zoom in on the registration and login functionality of the Sweetgreen digital ordering platform." views { container digitalOrderingPlatformSoftwareSystem "Container_Auth" { title "Customer Account Management | System Diagram" include element.tag==functionalArea:Auth # Because of our unique situation with Gravy, Monograph and GravyDB, there are times where we might need to exclude # the monograph -> gravyDB relationship because it doesn't exist in that system view. exclude "monograph -> gravyDB" exclude "gravy -> olo" exclude "customer -> sweetgreenTeamMember" } dynamic digitalOrderingPlatformSoftwareSystem "Dynamic_Registration_Pre_OTP" "Code flow when the customer enters their email to register with Sweetgreen" { title "Customer Account Management | Registration Flow | Pre-OTP" customer -> orderApp "Enter email in" orderApp -> activeDirectoryB2C "Sends email to" activeDirectoryB2C -> maitreD "Send email details to" maitreD -> customer "Email sent with OTP to" } dynamic digitalOrderingPlatformSoftwareSystem "Dynamic_Registration_Post_OTP" "Code flow when a customer enters the OTP after registering with Sweetgreen" { title "Customer Account Management | Registration Flow | Post-OTP" customer -> orderApp "Enter valid OTP to" orderApp -> activeDirectoryB2C "Validate OTP and fetch refresh & access tokens with" orderApp -> monograph "Sign In to" monograph -> activeDirectoryB2C "Validate access token and fetch Azure profile with" monograph -> gravy "Sign in customer to" gravy -> gravyDB "Fetch customer data by customer id (customer does not exist)" orderApp -> customer "Customer does not exist. Show registration details screen." } dynamic digitalOrderingPlatformSoftwareSystem "Dynamic_Registration_Post_OTP_Personal_Info" "Code flow when the customer enters in the OTP to login" { title "Customer Account Management | Registration Flow | Post-OTP | Personal Info" customer -> orderApp "Enter personal information (first & last name, phone, birthday) to" orderApp -> monograph "Send personal information to fetch Sweetgreen session to" monograph -> activeDirectoryB2C "Validate access token with" monograph -> activeDirectoryB2C "Fetch customer email from" monograph -> gravy "Send personal information to create account with" gravy -> gravyDB "Fetch customer data by customer id" gravy -> olo "Create customer and fetch OLO token with" olo -> activeDirectoryB2C "Fetch customer information for OLO to create with" gravy -> olo "Update with contact details (phone number)" gravy -> gravyDB "Create customer in" gravy -> sg-id "Get or set UUID for customer" gravy -> gravyDB "Update customer with UUID" gravy -> sessionM "Create SessionM profile and fetch SessionM Customer ID with" gravy -> gravyDB "Create reward profile with Session M Customer ID in" gravy -> gravyDB "Set OLO token within Gravy Session in" gravy -> gravyDB "Add customer id to searched addresses in" monograph -> activeDirectoryB2C "Update Azure profile with Sweetgreen Customer ID with" } dynamic digitalOrderingPlatformSoftwareSystem "Dynamic_Login_Pre_OTP" "Code flow when the customer enters their email to get an OTP email for login" { title "Customer Account Management | Login Flow | Pre-OTP" customer -> orderApp "Enter email in" orderApp -> activeDirectoryB2C "Sends email to" activeDirectoryB2C -> maitreD "Send email details to" maitreD -> customer "Email sent with OTP to" } dynamic digitalOrderingPlatformSoftwareSystem "Dynamic_Login_Post_OTP" "Code flow when the customer enters in the OTP to login" { title "Customer Account Management | Login Flow | Post-OTP" customer -> orderApp "Enter OTP to" orderApp -> activeDirectoryB2C "Validate OTP and fetch refresh & access tokens with" # activeDirectoryB2C -> orderApp "Respond with refresh and access tokens" orderApp -> monograph "Login and fetch Sweetgreen Session to" monograph -> activeDirectoryB2C "Validate access token and fetch Azure profile with" # activeDirectoryB2C -> monograph "Validated" monograph -> gravy "Login customer and fetch Sweetgreen Session to" gravy -> gravyDB "Fetch customer data by Azure ID with" # gravyDB -> gravy "Return customer" gravy -> olo "Fetch OLO token from" olo -> activeDirectoryB2C "Get customer information from" # activeDirectoryB2C -> olo "Return customer information" # olo -> gravy "Return OLO token" # gravy -> monograph "Return Sweetgreen session" # monograph -> orderApp "Return Sweetgreen session" } dynamic digitalOrderingPlatformSoftwareSystem "Dynamic_Delete_User" "Code flow when the customer deletes their account" { title "Customer Account Management | Delete User Account Flow" customer -> orderApp "Request to delete account" orderApp -> monograph "Request account deletion" monograph -> kustomer "CCPE request account deletion" monograph -> oneTrust "Request account deletion" oneTrust -> gravy "Verify requested account is valid" oneTrust -> customer "Email sent with account deletion details" customer -> oneTrust "Confirm account deletion" oneTrust -> gravy "Delete customer account (is_marked_for_deletion = true)" oneTrust -> sessionM "Forget customer request" oneTrust -> olo "Delete customer" sweetgreenSupportCenter -> gravy "Delete customer (PII -> null and ccpa_delete = true)" } } }