Skip to content

chore(docs): Add accountAuthorizations ADR#20820

Open
LZoog wants to merge 1 commit into
mainfrom
FXA-13761
Open

chore(docs): Add accountAuthorizations ADR#20820
LZoog wants to merge 1 commit into
mainfrom
FXA-13761

Conversation

@LZoog

@LZoog LZoog commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Because:

  • Some decisions were made about this table that should be documented

This commit:

  • Adds ADR 0051 covering the table's purpose, schema, write/read paths, and related decisions

closes FXA-13761

Copilot AI review requested due to automatic review settings July 3, 2026 20:33
@LZoog LZoog requested a review from a team as a code owner July 3, 2026 20:33

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds ADR 0051 documenting the accountAuthorizations consent ledger introduced alongside the account-level authorization work, capturing the table’s purpose, schema, and the key write/read/delete paths and related product requirements (FXA-13761).

Changes:

  • Adds a new ADR describing the accountAuthorizations table and its intended semantics (e.g., firstAuthorizedTosAt vs lastAuthorizedTosAt).
  • Documents related requirements (token-exchange gating, ToS re-consent, Braze first-authorization signal) and explicit out-of-scope items (liveness tracking).
  • Records design decisions around deletion-based “pre-authorization” state and refresh-token backfill behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/adr/0051-account-authorization-table.md Outdated
Comment thread docs/adr/0051-account-authorization-table.md Outdated
Because:
* Some decisions were made about this table that should be documented

This commit:
* Adds ADR 0051 covering the table's purpose, schema, write/read paths, and related decisions

closes FXA-13761

@vbudhram vbudhram left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LZoog Thanks!


**Schema** — one row per `(uid, scope, service, clientId)`:

- `uid`, `scope`, `service`, `clientId` — primary key; all reads use the `(uid, scope, service)` left-prefix.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noting that not all queries use the uid, scope, service

- **Desktop gap.** Desktop calls `/destroy` on its sync refresh token right after sign-in, so it isn't in the scan source; sync and Desktop `service=` logins (Smart Window, etc.) are forward-filled by new logins, not backfilled.
- **Sync rows are benign.** Sync-scoped rows that do land (from mobile, or any browser flow that mints a Sync refresh token) are acceptable — the table gates silent token exchange, and Sync is never granted silently. This is expected to tidy up once Desktop moves to refresh tokens.

## Notes

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This table went through several iterations, it could be worthwhile to add a section on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants