Feature Summary

A categorized reference of capabilities provided by the Edge service. For implementation details and flow diagrams, follow the cross-references in each section.

Authentication

Authentication and user session management via the Auth worker.

Feature	Description
Username/Password Login	Authenticate a user with email and password. Validates credentials against Auth0, performs Castle pre-login risk assessment, and issues OAuth tokens. Supports MFA challenge if required.
Refresh Token	Exchange a refresh token for new access and ID tokens without requiring re-authentication.
Signup	Create a new user account in Auth0 and initialize their profile in the user service. Sets up MFA enrollment requirement metadata and issues initial session tokens.
Password Reset	Request a password reset email via Auth0. The email contains a link for the user to set a new password.
Session Token Creation	Exchange an OAuth token for a FloatMe session token that can be used to authenticate subsequent API requests within the mobile app.
Session Account Lookup	Retrieve the account info for a user given their session token.
Email Verification	Verify that an email address belongs to the user (used during signup or email change workflows).
Email Validation	Validate the format and deliverability of an email address before sending verification mail.

Feature

Description

Username/Password Login

Authenticate a user with email and password. Validates credentials against Auth0, performs Castle pre-login risk assessment, and issues OAuth tokens. Supports MFA challenge if required.

Refresh Token

Exchange a refresh token for new access and ID tokens without requiring re-authentication.

Signup

Create a new user account in Auth0 and initialize their profile in the user service. Sets up MFA enrollment requirement metadata and issues initial session tokens.

Password Reset

Request a password reset email via Auth0. The email contains a link for the user to set a new password.

Session Token Creation

Exchange an OAuth token for a FloatMe session token that can be used to authenticate subsequent API requests within the mobile app.

Session Account Lookup

Retrieve the account info for a user given their session token.

Email Verification

Verify that an email address belongs to the user (used during signup or email change workflows).

Email Validation

Validate the format and deliverability of an email address before sending verification mail.

See Auth Worker for handler details and Process Flows for login and signup diagrams.

Multi-Factor Authentication (MFA)

MFA enrollment, management, and challenge flows via the Auth worker and Auth0 actions.

Feature	Description
First-Time MFA Enrollment	Enroll an OOB (out-of-band) authenticator for a user during their first login. Initiates Auth0 enrollment and returns a challenge ID.
Additional MFA Enrollment	Enroll additional authenticators (e.g., a backup phone or authenticator app) after the user has already enrolled their primary method.
Get MFA Authenticators	List all enrolled authenticators for a user, including phone number and authenticator app status.
MFA Token Acquisition	Request an MFA challenge token after initial credential validation. Returns a token valid for submitting MFA responses.
MFA OOB Challenge	Initiate an out-of-band challenge (e.g., send an SMS code) to an enrolled authenticator for the user to respond to.
Submit MFA OOB Challenge	Submit the user’s response (e.g., SMS code) to verify their MFA challenge. Returns tokens on success.

Feature

Description

First-Time MFA Enrollment

Enroll an OOB (out-of-band) authenticator for a user during their first login. Initiates Auth0 enrollment and returns a challenge ID.

Additional MFA Enrollment

Enroll additional authenticators (e.g., a backup phone or authenticator app) after the user has already enrolled their primary method.

Get MFA Authenticators

List all enrolled authenticators for a user, including phone number and authenticator app status.

MFA Token Acquisition

Request an MFA challenge token after initial credential validation. Returns a token valid for submitting MFA responses.

MFA OOB Challenge

Initiate an out-of-band challenge (e.g., send an SMS code) to an enrolled authenticator for the user to respond to.

Submit MFA OOB Challenge

Submit the user’s response (e.g., SMS code) to verify their MFA challenge. Returns tokens on success.

See Auth Worker for handler implementation and Auth0 Actions for enrollment enforcement.

Social Login

Social identity provider authentication via the Auth worker.

Feature	Description
Social Sign-In	Initiate a social login flow by redirecting the user to their identity provider (e.g., Google, Apple). Returns the provider’s authorization endpoint URL.
Social Callback	Handle the OAuth callback from a social identity provider, exchange the authorization code for tokens, and create or link the user account in Auth0.

Feature

Description

Social Sign-In

Initiate a social login flow by redirecting the user to their identity provider (e.g., Google, Apple). Returns the provider’s authorization endpoint URL.

Social Callback

Handle the OAuth callback from a social identity provider, exchange the authorization code for tokens, and create or link the user account in Auth0.

See Auth Worker for handler details and Process Flows for social login flow.

Backoffice Authentication

Authentication for internal admin tools and dashboards.

Feature	Description
Admin Tool Login	Authenticate internal FloatMe staff for access to backoffice dashboards and admin consoles. Uses Auth0 admin tenant configuration and restricted access policies.

Feature

Description

Admin Tool Login

Authenticate internal FloatMe staff for access to backoffice dashboards and admin consoles. Uses Auth0 admin tenant configuration and restricted access policies.

See Backoffice Auth Worker for configuration and flow.

SMS (Text Me The App)

App download link distribution via SMS using the SMS worker.

Feature	Description
Send Download Link	Text a user a link to download the FloatMe mobile app. Supports different campaigns (TikTok, Instagram, Facebook, etc.) with tracking parameters. Validates phone number format and country whitelist.

Feature

Description

Send Download Link

Text a user a link to download the FloatMe mobile app. Supports different campaigns (TikTok, Instagram, Facebook, etc.) with tracking parameters. Validates phone number format and country whitelist.

See SMS Worker for implementation details.

Deeplinks & App Configuration

Native app deeplink routing and platform configuration via the Links worker.

Feature Description

Feature	Description
Deeplink Routing	Redirect requests to `links.floatme.io` with a deeplink path to corresponding native app URLs (e.g., `floatme://referral/ABC123`). Supports iOS and Android URL schemes.
Universal Links (iOS AASA)	Host the Apple App Site Association (`.well-known/apple-app-site-association`) file to enable universal link support on iOS.
App Links (Android)	Host the Android assetlinks.json (`.well-known/assetlinks.json`) file to enable app link support on Android.

Deeplink Routing

Redirect requests to links.floatme.io with a deeplink path to corresponding native app URLs (e.g., floatme://referral/ABC123). Supports iOS and Android URL schemes.

Universal Links (iOS AASA)

Host the Apple App Site Association (.well-known/apple-app-site-association) file to enable universal link support on iOS.

App Links (Android)

Host the Android assetlinks.json (.well-known/assetlinks.json) file to enable app link support on Android.

See Links Worker for URL patterns and configuration.

User Information

User profile and metadata queries via the Auth worker.

Feature	Description
Get User Info	Retrieve the authenticated user’s profile information, including email, name, and any custom claims from their Auth0 profile.

Feature

Description

Get User Info

Retrieve the authenticated user’s profile information, including email, name, and any custom claims from their Auth0 profile.

See Auth Worker for endpoint details.

Analytics

Event tracking and analytics integration via the Auth worker.

Feature	Description
Analytics Track	Submit authentication and user behavior events to FloatMetric for analytics aggregation. Supports anonymous tracking and user-identified events.

Feature

Description

Analytics Track

Submit authentication and user behavior events to FloatMetric for analytics aggregation. Supports anonymous tracking and user-identified events.

See Auth Worker for endpoint details.

Auth0 Policies

Automated policy enforcement via Auth0 actions.

Feature	Description
MFA Enforcement Action	Automatically require MFA for users on their second and subsequent logins (skip MFA for first-time signups). Includes test-environment bypass for integration testing.
New User MFA Enrollment	Flag new users with MFA enrollment requirement metadata during signup, triggering enrollment prompts in the mobile app.
IP Metadata Capture	Capture and store the user’s IP address on login for geolocation and fraud detection context.

Feature

Description

MFA Enforcement Action

Automatically require MFA for users on their second and subsequent logins (skip MFA for first-time signups). Includes test-environment bypass for integration testing.

New User MFA Enrollment

Flag new users with MFA enrollment requirement metadata during signup, triggering enrollment prompts in the mobile app.

IP Metadata Capture

Capture and store the user’s IP address on login for geolocation and fraud detection context.

See Auth0 Actions for action code and deployment details.