Closed
Bug 1015423
Opened 10 years ago
Closed 10 years ago
Get FxA user's email to FMD
Categories
(Firefox OS Graveyard :: FxA, defect, P3)
Tracking
(blocking-b2g:-)
RESOLVED
WONTFIX
| blocking-b2g | - |
People
(Reporter: spenrose, Assigned: spenrose)
Details
(Whiteboard: [fxa4fxos2.0])
Attachments
(1 file)
|
1.78 KB,
patch
|
jedp
:
feedback-
|
Details | Diff | Splinter Review |
navigator.mozId returns a concatenated, byte-encoded blob to onlogin(). Provide a method to extract the underlying JSON.
|
Assignee | |
Comment 1•10 years ago
|
||
Jed, this gets stringified JSON to the RP. Do you remember if there is a way to send an object?
Attachment #8428169 -
Flags: feedback?(jparsons)
|
|
Assignee | |
Updated•10 years ago
|
Whiteboard: [fxa4fxos2.0]
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8428169 [details] [diff] [review] 1015423-decodeAssertion.patch I understand that it's useful to extract the underlying JSON for debugging, but I think we want to be careful about putting the methods to do this in our API, since we don't want people working with assertions in the client; verification and inspection should be done on the server. So my personal feedback is that we don't want to do this because I think it could encourage bad habits in client-side programming that could have dangerous consequences. If it helps, the code is pretty straightforward: https://mxr.mozilla.org/mozilla-central/source/dom/identity/tests/mochitest/test_declareAudience.html?force=1#229 Also, François has a nice set of tools for debugging with BrowserID: https://github.com/fmarier/browserid-tools
Attachment #8428169 -
Flags: feedback?(jparsons) → feedback-
|
|
Assignee | |
Comment 3•10 years ago
|
||
Jed, this is great feedback, thank you. I had neglected the very important question of verification. Here our old friend, the awkward question "to what extent is the device the user-agent, and to what extent is the app the user-agent?" rears its head. Insofar as the app is the user-agent, you are absolutely correct that FMD should simply send the assertion to its server and receive the email in return *if* the assertion is verified. But ... ... does it make really make sense to distrust the device's vouching for a *firefox account* ... ... in the context of this certified app? ... in general? I am changing the title of this bug to reflect FMD's actual request. Guilherme, given that FMD does send the assertion to the server: https://github.com/mozilla-b2g/gaia/blob/master/apps/findmydevice/js/findmydevice.js#L194 Can FMD simply get the email back from it? If not, is that a short term problem of deadlines, or something deeper?
Flags: needinfo?(ggoncalves)
Summary: Add decodeAssertion() to navigator.mozId() → Get FxA user's email to FMD
|
||
Comment 4•10 years ago
|
||
(In reply to Sam Penrose from comment #3) > Can FMD simply get the email back from it? Yes, we're going to do that.
Flags: needinfo?(ggoncalves)
|
|
||
Comment 5•10 years ago
|
||
Actually, sorry, I got ahead of myself there. There are two moments in which we need the logged in user's email: 1) When a user, logged into FxA, enables FMD. This is the client-server communication Sam linked to, and yes, it would be feasible to have the server unpack the assertion and return the email. 2) When someone attempts to disable FMD, so we can compare that email address to the one that had initially enabled it. We currently do not contact the server when FMD is being disabled, so the solution here is not as straightforward. In 2), it would be possible for the client to verify the assertion itself, for example. Or maybe even hit the server once again, just to get it to return the email address. However, I'd rather not do any network activity there if I can, as that would greatly increase the complexity of the disabling procedure. In light of this, perhaps we can reconsider making FxA provide this information to us somehow instead?
|
|
Assignee | |
Comment 6•10 years ago
|
||
Hhmm. I believe the state machine for your case 2) looks like this: 1) Manual disable triggers refreshAuth with same email: FMD verifies, no problem. Note that refreshAuth hits FxA server (or fails if offline). 2) FxA logout while enabled leaves enabled: FMD needs to have stored enabling email previously. 3) FxA login after 2): FMD verifies assertion, then: i. same email: no problem ii. different email: FMD is "locked on" In case 3)ii. FMD should surface language to the effect of "FMD has been enabled by user a@example.com. To disable FMD, log out of FxA and have a@example log back in to FxA and disable FMD." Is that the correct state machine?
|
|
||
Comment 7•10 years ago
|
||
Yes. Of course, step 3) takes place upon a disable attempt (just pointing it out for clarity). So, on a disable attempt, FMD should: 1- Trigger a refreshAuth 2- Get an assertion back, <hand wave>get it verified and extract the email from it</hand wave> 3- Compare the email to the one that was previously stored (a@example.com) i. If they match, disable FMD ii. If they don't, display an error message and keep FMD enabled We may want to skip the refreshAuth if we know beforehand that the currently logged-in user is not a@example.com, since we know that disabling will fail even if the assertion verifies, but that's outside the scope of this bug I think.
|
|
Assignee | |
Comment 8•10 years ago
|
||
Hhmm. In the case where the person holding the phone asks to disable, there are two possibilities: I. There has not been an FxA logout/login since FMD was first enabled. II. There has been, *in which case both of your callbacks to watch should have fired* Therefore, while your step 3. is possible, it will only occur rarely, and you will know when it occurs. Mostly when you get a refreshAuth you will be in my case I, and you will know that the emails will be the same (though of course it's worth checking). (In reply to Guilherme Gonçalves [:ggp] from comment #7) > Yes. Of course, step 3) takes place upon a disable attempt (just pointing it > out for clarity). So, on a disable attempt, FMD should: > > 1- Trigger a refreshAuth > 2- Get an assertion back, <hand wave>get it verified and extract the email > from it</hand wave> > 3- Compare the email to the one that was previously stored (a@example.com) > i. If they match, disable FMD > ii. If they don't, display an error message and keep FMD enabled > > We may want to skip the refreshAuth if we know beforehand that the currently > logged-in user is not a@example.com, since we know that disabling will fail > even if the assertion verifies, but that's outside the scope of this bug I > think.
|
||
Updated•10 years ago
|
blocking-b2g: --- → 2.0?
|
|
Assignee | |
Comment 9•10 years ago
|
||
Guilherme, can you let me know what the status of this bug should be? Thanks very much.
Flags: needinfo?(ggoncalves)
|
|
||
Comment 11•10 years ago
|
||
RESOLVED WONTFIX, since decodeAssertion is not going to be added to mozId after all? I think we'll just resort to verifying the assertion in the client in FMD.
Flags: needinfo?(ggoncalves)
|
|
Assignee | |
Comment 12•10 years ago
|
||
Thanks ggp, and sorry we couldn't do more.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•10 years ago
|
Resolution: FIXED → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•