Uber recently introduced Unified Sign-up and Login (USL), an effort to consolidate sign-up and sign-in experiences across all Uber apps and services. USL reduces the engineering complexity and maintenance overhead associated with these flows and enables faster deployment of security policies and patches. Over the past two years, Uber has rolled out USL on Uber Rides, Uber Eats, and Uber Driver. Currently, more than 78% of Uber’s traffic has adopted USL.
Initially, an independent sign-up and login experience for each of Uber’s apps allowed Uber to innovate and move faster. However, as Uber evolved and added additional lines of business, experiences began to diverge, amplifying some inconsistencies. For example, these inconsistencies caused some users to create duplicate accounts:
In the old days, [Uber] Rides allowed users to create their account with social identities, but the login experience for Uber Eats did not allow users to log in using a social identity. Such incompatibilities between onboarding experiences result in millions of users being blocked from signing in or having to create duplicate accounts, resulting in a high volume of support tickets.
Different experiences of registering and logging in at Uber before USL
Source: https://eng.uber.com/usl-ubers-unified-signup-and-login-stack/
Additionally, cross-cutting security policies and patches and new growth features took significantly longer to implement. Because each team owned their signup and sign-in experiences, more than 15 product teams had to implement each of these features, which dramatically increased complexity and engineering costs.
USL is a web-based sign-up and login experience integrated into mobile and web apps. Since USL is web-based, any security updates or growth features are rolled out instantly to all users and require no mobile app upgrades, increasing developer speed.
USL unified registration and login flows
Source: https://eng.uber.com/usl-ubers-unified-signup-and-login-stack/
USL is implemented as a single page web application built using FusionJS. When a user opens registration and login flows, a series of middlewares built on top of Koa.js process the HTTP request. After browsing the plugins, FusionJS generates the HTML content and sends it to the browser. The JS and CSS are loaded from a CDN, and the React app is hydrated in the browser.
Front-end architecture for USL
Source: https://eng.uber.com/usl-ubers-unified-signup-and-login-stack/
Since performance in low-bandwidth situations is crucial for USL, Uber engineers use JS bundle splitting to ensure that the browser only downloads a fraction of the entire JS code on initial page load.
USL has complex product requirements that are also optimized regionally, resulting in over 100 different registration and login flows. The backend represents a user’s login and registration journey graphically. A node in the graph correlates with the screen the user sees and provides one or more challenges to the user. The challenge is validated based on user input. As a result, a state machine governing the graph is executed and determines the user’s next node (screen).
High-Level Architecture of the Signup and Login Service
Source: https://eng.uber.com/usl-ubers-unified-signup-and-login-stack/
Uber engineers created a custom tool that generates monitoring alerts. It internally uses Uber’s anomaly detection tool to automatically determine thresholds based on historical data. According to the engineers, “we have integration testing for all streams and black box testing for critical streams, which gives us the confidence to deploy backend/web code multiple times a day.”
