Persist sign-in between browser restarts

RESOLVED FIXED

Status

Mozilla Developer Network
Sign-in
P2
enhancement
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: groovecoder, Unassigned)

Tracking

Details

(Whiteboard: [specification][type:change])

(Reporter)

Description

4 years ago
What feature should be changed? Please provide the URL of the feature if possible.
==================================================================================
Persona sign-in

What problems would this solve?
===============================
If we restart the browser, we have to go thru the process of signing in again.

Who would use this?
===================
Contributos

What would users see?
=====================
The same Persona sign-in button

What would users do? What would happen as a result?
===================================================
1. Sign into MDN with Persona as usual
2. Restart browser
3. Visit MDN
4. Still signed in

Is there anything else we should know?
======================================
Needs coordination with Persona team.

https://groups.google.com/forum/#!msg/mozilla.mdn.drivers/_kRgJlrnm1o/P0WEb39xi28J
(Reporter)

Updated

4 years ago
Severity: normal → enhancement
(Reporter)

Comment 1

4 years ago
You said in the mdn-drivers thread [1] that you'll need to change Persona to enable this? Can you file a corresponding Persona bug blocking this one?

[1] https://groups.google.com/forum/#!msg/mozilla.mdn.drivers/_kRgJlrnm1o/P0WEb39xi28J
Flags: needinfo?(dan.callahan)
Disclaimer: I haven't looked at Kuma's source yet, so I don't know how exactly you're using Persona. I'm going to write this as if you're using a hand-rolled Persona integration. I'm on PTO until July 5th, but I'm eager to jump in and review (or submit!) patches once I get back.

The Persona team generally feels like we went too far with the Observer API's state management, and we've been trying to walk back from that for the better part of the past year. As a result, you have two options for addressing this:

1. Switch to the currently beta "Goldilocks" API, which doesn't have any of this state management silliness.

2. Change your Persona onlogout callback so that it discards assertions that are sent automatically.

In both of these cases, your session duration becomes entirely managed by the lifetime of the cookies that you, MDN, set. So make sure those have the duration you want.

TO SWITCH TO GOLDILOCKS:

1. Remove the `onlogout` callback from `navigator.id.watch`.

2. Change your logout button to log the user out directly, rather than calling `navigator.id.logout`

The only downside is that cosmetic options (backgroundColor, siteName, siteLogo) are not yet supported in Goldilocks, but they should be fixed in the next 2 weeks. Follow https://github.com/mozilla/persona/issues/4134 for more info.

Work-in-progress docs for Goldilocks are here: http://mozilla.github.io/id-specs/docs/apis/rp/

Django-browserid should have an update to support Goldilocks in a few weeks, once we get those last bugs (Github 4134) ironed out.

TO IGNORE AUTOMATIC ONLOGOUT CALLS:

1. Wrap your call to `navigator.id.watch` in a closure and add a boolean variable (say, "readyCalled"), and set it to false.

2. Pass a new callback to `navigator.id.watch` called `onready`. Onready does not receive any arguments. It is invoked *after* Persona completes any automatic invocations of `onlogin` or `onlogout`.

3. In onready, set the "readyCalled" variable to "true".

4. In onlogout, abort if ready has not been called. For example, you could put something like `if (!readyCalled) { return; }` as the first line in the `onlogout` callback.

Hope this helps,
-Dan
Flags: needinfo?(dan.callahan)
(Reporter)

Updated

4 years ago
Component: General → Login
Priority: -- → P2
We've switched to using allauth for Persona signup, away from a custom browserid implementation which used a super old version of django-browserid.

Allauth uses a very simple JS approach but does the verification on the server side to be able to store the response in the database based account system: https://github.com/pennersr/django-allauth/blob/39d9def9940ccbec6961902a92abe1f2c5bacbf6/allauth/socialaccount/providers/persona/templates/persona/auth.html

Here is the view that is used to submit the form to:
https://github.com/pennersr/django-allauth/blob/39d9def9940ccbec6961902a92abe1f2c5bacbf6/allauth/socialaccount/providers/persona/views.py

I've restarted my browser after logging in with this code in production and the Django session sticked around, could you check if this effectively means that we can close this as fixed?
Flags: needinfo?(lcrouch)
Flags: needinfo?(dan.callahan)
(Reporter)

Comment 4

3 years ago
It looks fixed to me, but I'm going to needinfo? the folks on mdn-drivers who were asking for this. Maybe I didn't test the same Steps-to-Reproduce that they usually do?
Flags: needinfo?(lcrouch)
Flags: needinfo?(kdubost)
Flags: needinfo?(eshepherd)
Flags: needinfo?(cmills)

Comment 5

3 years ago
That seems to be working. I will see on the longterm. Thanks! Useful.
Flags: needinfo?(kdubost)
Looks to be working to me as well. Neat!
Flags: needinfo?(cmills)
Closing as fixed. Feel free to reopen if you find issues with it.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Please don't promote this to production yet. Filing a separate bug right now...
Status: RESOLVED → REOPENED
Flags: needinfo?(dan.callahan)
Resolution: FIXED → ---
Depends on: 1051025
1051025 was resolved, re-closing this bug and clearing needinfo.
Status: REOPENED → RESOLVED
Last Resolved: 3 years ago3 years ago
Flags: needinfo?(eshepherd)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.