Closed
Bug 1117829
Opened 8 years ago
Closed 8 years ago
Expose FxA oauth tokens to Fennec
Categories
(Android Background Services Graveyard :: Firefox Accounts, defect)
Tracking
(firefox38 fixed)
RESOLVED
FIXED
Firefox 38
Tracking | Status | |
---|---|---|
firefox38 | --- | fixed |
People
(Reporter: nalexander, Assigned: nalexander)
References
Details
Attachments
(1 file)
A "full" Firefox Account, namely one with an "oauth client id", a session token, and the ability to sign assertions, can request oauth tokens for any oauth scope it desires. See implicit_grant and response_type='token' at [1]. The next generation of Firefox Account-attached services, including reading list, will be authenticated using such oauth tokens. This token model is what the Android Account system was designed to reflect, and as such we should decouple our services (reading list) from the backend (our Firefox Account AbstractAccountAuthenticator). Important: these tokens should only be exposed to Fennec! Don't expose this token type to a third party App under any circumstance. This is both a huge security issue and a reduction of work: if we only expose to Fennec, we can avoid surfacing most (all?) UI when a token is requested. Most of the oauth dance is already in place at Bug 1055264. The Account/token dance needs to be implemented. This is a much updated version of Bug 960880, I suppose. [1] https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1authorization
Assignee | ||
Comment 1•8 years ago
|
||
I rebased your RL stuff down to one commit for ease of reading. Then I added the (mostly old, mostly functional) oauth commits, reworked the tests, and added RL tests. Can I get review on the oauth commits?
Assignee | ||
Comment 2•8 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/4d10b6a2cd5f
Comment 3•8 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4d10b6a2cd5f
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox38:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 38
Updated•8 years ago
|
Attachment #8565740 -
Flags: review?(rnewman) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•