Marks & Spencer: Auth0 Authentication Scalability In Action
How did Marks & Spencer engage over 1.5 million people in a viral, wildly popular holiday game in just one week? Auth0 authentication scalability, of course!
About Marks & Spencer
We hold ourselves to a very high standard here at M&S. That much has never changed. Our attention to detail, forward thinking and passion for improvement has led to the creation of some of the nation’s most loved products. But a rapidly changing world demands that we change along with it. M&S has been at the forefront of social change for the past 134 years, and we’re determined to keep it that way. Setting bolder goals and giving our people the space and resources to achieve them.
Marks and Spencer, the famous U.K. department store founded in 1884 is on the vanguard of digital marketing. Seeking to drive massive engagement for the 2015 holiday season, they brought back their popular and well-known online game, “Pass the Parcel” for its fifth year, to push the Marks and Spencer brand to the forefront of awareness and associate M&S with the spirit of holiday giving.
M&S partnered with AKQA, a creative agency in London with substantial experience in building digital campaigns to roll out the 2015 version of the game. Running between December 8 and December 14, participants registered by logging in with Facebook or Twitter, or by creating a username/password account. Once registered, players could unwrap up to 5 presents per day – driving repeat traffic and excitement. If they won a prize, they could redeem it through an SMS code at their local store or online. Win or lose, participants could Pass the Parcel to a friend, who after registering, had their own chance to unwrap the present and win, garnering an additional unwrap opportunity for the player passing the parcel.
This viral engagement feature along with over 100,000 prizes to win, including a grand prize of a £2,500 holiday shopping spree delivered in just 7 days:
1.5 million user registrations
2.5 million visits
3.9 million unwraps
3.2 million parcel passes
94,147 prizes awarded
AKQA needed a login method that was fast, reliable, social, and above all, massively scalable. They turned to Auth0 to incorporate a high-performance, custom instance of the service able to easily handle this load.
Pre-Planning Pays Off
M&S had seen unprecedented demand for Pass the Parcel during the 2014 holiday season, and so had first-hand experience with overwhelming authentication scale requirements. AKQA, wanting to make certain that there would be no issues in handling the expected millions of players, worked with Auth0 to specify requirements well in excess of anticipated maximum demand, and then work with the Auth0 Customer Success team to perform full-load tests of the designed configuration.
Authentication is ordinarily very critical to application availability, but because users typically log in but once per session, and identity tokens usually remain valid across a large number of user transactions, identity systems rarely see the kind of scalability demands typical of databases and application servers, which might handle 1000s of operations per second for web-scale use cases. An exception to this rule is found with online games such as Pass the Parcel. With a big marketing budget and extensive promotion before the game went live, coupled with a game design that drives explosive user growth through viral engagement, AKQA was expecting a massive spike in authentication events right at the start of the game.
Based on past experience and expected load, and wanting to insure plenty of headroom for unprecedented demand, AKQA determined that they needed to demonstrate a test system able to handle a peak load of 500 authentication events per second. This is huge authentication scalability – and as was proven in production, even more than this viral game required. Auth0’s architecture, relying on industry-standard scalability best practices such as a stateless RESTful API, sophisticated caching, careful database design for Auth0’s MongoDB and ElasticSearch clusters and strategic use of solid-state disks meant that the system could be directly scaled up by adding more servers. Load testing with performance profiling uncovered several optimizations that could be applied to achieve even more authentication scalability, including sharding document collections into distinct MongoDB instances.
In a few weeks’ time, Auth0 delivered a proof of concept load test that demonstrated performance exceeding AKQA’s specified 500 operations per second.
Authentication Scalability in Spades
The M&S Pass the Parcel campaign was deployed on the Auth0 nodes running on c3.xl instances and BaaS (Backend-as-a-Service) nodes running on AWS t2.micro instances.
During the period December 8 to December 14:
Auth0 handled 19,735,216 authentication operations.
The maximum peak load was 140 operations per second. The system had been tested at over 3x this load during proof of concept.
99th percentile response time was < 200ms for username/password logins during the campaign.
Total users registered: 1,556,494
As was expected, the first day saw a massive and sustained load on the system. The following chart shows requests across all endpoints for the first day.
Throughout the day, the 95th percentile (green line) response time for username/password login events was consistently around 125ms, and the 99th percentile (blue line) less than 200ms.
Total number of requests over the entire campaign:
Just under half of the authentication endpoint requests made of Auth0 were to retrieve user profile data based on the user’s identity token. Most of the remaining requests were to perform authentications – either through social identity providers or through username/password. You can find more information about these endpoints in Auth0’s extensive, dynamic documentation.
An online game such as Marks and Spencer’s holiday Pass the Parcel campaign is in many ways, the worst case authentication scalability demand. The viral nature of the game generates massive numbers of registration and login events through both social providers and through username/password as eager players open presents and engage their friends to play. The game builds a huge audience of active players that remain active for the entire promotion while recruiting even more players, each of whom must register and then login to play, often multiple times per day.
Auth0 proved its authentication scalability mettle with this extremely demanding production test, coming through with flying colors. Pass the Parcel brought smiles to over 1.5 million participants in just 7 days of web-scale, rewarding fun. The campaign was a huge success, with over 95% favorable social sentiment, driving sales, engendering goodwill, and powering digital engagement of a massive audience with a venerable, famous brand.
If it can handle something as demanding as Pass the Parcel, imagine how Auth0 can scale to handle your business’s authentication workloads. Built by developers, for developers, Auth0’s super simple API, comprehensive support for identity providers, and flexible deployment options can speed your time to market, no matter how big the opportunity.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.For more information, visit https://auth0.com or follow @auth0 on Twitter.