Closed
Bug 1141992
Opened 10 years ago
Closed 9 years ago
Support newly developed oauth flow for bugzilla login
Categories
(Firefox OS Graveyard :: Gaia::Bugzilla Lite, defect)
Firefox OS Graveyard
Gaia::Bugzilla Lite
Tracking
(feature-b2g:2.5+)
RESOLVED
FIXED
feature-b2g | 2.5+ |
People
(Reporter: daleharvey, Assigned: daleharvey)
References
Details
(Keywords: foxfood)
Attachments
(1 file)
No description provided.
Assignee | ||
Comment 1•10 years ago
|
||
Byron, did you mention that people logged in via persona (or in future github) wont be able to authenticate currently over the rest api?
Component: Gaia → Gaia::Feedback
Flags: needinfo?(glob)
(In reply to Dale Harvey (:daleharvey) from comment #1)
> Byron, did you mention that people logged in via persona (or in future
> github) wont be able to authenticate currently over the rest api?
persona's design and implementation requires a browser; it cannot be used for api/headless authentication.
users who use persona to authentication to bmo are able to use api-keys for api authentication. while not finalised, it's highly probable that fixing the copy+paste api-key dance will be a q2 goal for the bmo team.
Flags: needinfo?(glob)
Assignee | ||
Comment 3•10 years ago
|
||
> persona's design and implementation requires a browser; it cannot be used for api/headless authentication.
We arent using the API headlessly, its people using http://bzlite.com/ in a browser, I am going to give adding persona login a shot and hope the api works.
I am not sure why API keys are being used or that they can be fixed, QR codes certainly isnt much improvement. It seems like any login flow (persona / github oauth) we use on http://bugzilla.mozilla.org should also be able to authenticate REST api calls
Assignee | ||
Updated•10 years ago
|
Component: Gaia::Feedback → Bugzilla Lite
Assignee | ||
Comment 4•10 years ago
|
||
So for the short term I think the only solution is to support API key authentication for users who only use persona auth, long term I would really like to have 1st class support for authentication for REST clients
Summary: Support Persona Logins → Allow users to enter API key
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → dale
Assignee | ||
Comment 5•10 years ago
|
||
Hey Byron, sorry for all the bmo questions but thanks a lot for your help
Is there a good way to check that a token is valid, it would be extra ideal if I could figure out the username from the token
Flags: needinfo?(glob)
(In reply to Dale Harvey (:daleharvey) from comment #4)
> So for the short term I think the only solution is to support API key
> authentication for users who only use persona auth, long term I would really
> like to have 1st class support for authentication for REST clients
the bugzilla team agrees :) but it's likely this will require a rewrite of our authentication stack :(
(In reply to Dale Harvey (:daleharvey) from comment #5)
> Is there a good way to check that a token is valid, it would be extra ideal
> if I could figure out the username from the token
we have http://bugzilla.readthedocs.org/en/latest/api/core/v1/user.html#valid-login for the older login tokens, but nothing for api-keys. i've filed bug 1143533.
until that lands, trying to perform an action which requires authentication.
user matching is probably the best one to hit - you need to be logged in, and we ignore queries which are too short so the impact on bmo is minimal.
https://bugzilla.mozilla.org/rest/user?match=x&api_key=...
(that's literally a single "x" as the match)
Flags: needinfo?(glob)
Assignee | ||
Comment 7•10 years ago
|
||
Decided on the weekly meeting to not block on this, I think ideally I may be able to get familiar with the bugzilla codebase and see what I can do about getting full support for 3rd party auth.
In the meantime people will have to use their bugzilla credentials, we may still implement this but it wont block v1
Assignee: dale → nobody
No longer blocks: 1134701
Assignee | ||
Comment 8•10 years ago
|
||
> user matching is probably the best one to hit - you need to be logged in, and we
> ignore queries which are too short so the impact on bmo is minimal.
> https://bugzilla.mozilla.org/rest/user?match=x&api_key=...
Thanks a lot, will do it this way if / when we get to implementing API keys on bzlite
Comment 9•10 years ago
|
||
FTR, that is not blocking because a Persona logged-in user can still set a Bugzilla password and login with it on the app, and continue to use Persona on Desktop for instance.
Assignee | ||
Updated•10 years ago
|
Summary: Allow users to enter API key → Support newly developed outh flow for bugzilla login
Comment 11•9 years ago
|
||
(In reply to Dale Harvey (:daleharvey) from comment #7)
> In the meantime people will have to use their bugzilla credentials, we may
> still implement this but it wont block v1
FWIW, I don't know if it's the case for many people at Mozilla, but I think my account is a Persona-only one. I've never managed to log in with the default authentication system.
Keywords: dogfood
Comment 12•9 years ago
|
||
(In reply to Johan Lorenzo [:jlorenzo] (QA) from comment #11)
> FWIW, I don't know if it's the case for many people at Mozilla, but I think
> my account is a Persona-only one. I've never managed to log in with the
> default authentication system.
when you log in to bmo with persona you're actually creating a normal account without a usable password.. bugzilla hands off just the password verification phase to persona. as per comment 9 it's possible to use bugzilla's "password reset" mechanism to set a password on your account -- doing so won't prevent you from continuing to use persona for auth.
Assignee | ||
Comment 16•9 years ago
|
||
This has landed and almost ready to implement, documentation is @ https://bugzilla.readthedocs.org/en/latest/integrating/auth-delegation.html#auth-delegation, Dylan can you give me a ping when token api change and UI have landed? Cheers
Flags: needinfo?(dylan)
Updated•9 years ago
|
Updated•9 years ago
|
QA Whiteboard: [foxfood-triage]
Assignee | ||
Updated•9 years ago
|
Blocks: 2.5_BugzillaLite
Updated•9 years ago
|
feature-b2g: --- → 2.5+
Updated•9 years ago
|
feature-b2g: 2.5+ → ---
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → dale
Assignee | ||
Comment 18•9 years ago
|
||
So because this cant be tested against a test installation I have pushed the commit up to http://www.bzlite.com/ so it can be tested.
The bugzilla UX doesnt work great on mobile, I have filed a follow up for that @ https://bugzilla.mozilla.org/show_bug.cgi?id=1192538
It does however seem to work, tested persona login and it went good
Attachment #8645366 -
Flags: review?(dietrich)
Comment 19•9 years ago
|
||
Comment on attachment 8645366 [details] [review]
https://github.com/mozilla-b2g/bzlite/pull/34
r=me with a few comments on the PR to fix
Attachment #8645366 -
Flags: review?(dietrich) → review+
Assignee | ||
Comment 20•9 years ago
|
||
Thanks so much for these reviews, Fixed nits and filing follow up
Merged in https://github.com/mozilla-b2g/bzlite/commit/43e54fbb82a0454ad2f4d119e47cc1ef11305c3b
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Summary: Support newly developed outh flow for bugzilla login → Support newly developed oauth flow for bugzilla login
Updated•9 years ago
|
feature-b2g: --- → 2.5+
Keywords: verifyme
Comment 21•9 years ago
|
||
QA trying to verify this bug. Can we have an STR here? Is it just go to http://www.bzlite.com/ on DUT browser and try to log in there?
Updated•9 years ago
|
Flags: needinfo?(dylan)
Comment 22•9 years ago
|
||
NI Naoki since he's the one that put verifyme on there. Please address comment 21.
Flags: needinfo?(nhirata.bugzilla)
Yes, you would just try to login with your account.
Having said this, there's a UX flow bug when you tap the bugzilla login. There's no way you can go back to the regular login screen. Could you verify and file the bug please?
Flags: needinfo?(nhirata.bugzilla) → needinfo?(pcheng)
Comment 24•9 years ago
|
||
This issue is verified fixed. I was able to log in to bugzilla lite via app or via browser using my login.
Also filed bug 1214456 for the issue Naoki described at comment 23.
Verified via:
Device: Aries 2.5
BuildID: 20151013110851
Gaia: d400cda6bf0f8b30dcf7d7d71bfa61f29a3f1588
Gecko: 607a236c229994df99766c005f9ec729532d7747
Gonk: 2916e2368074b5383c80bf5a0fba3fc83ba310bd
Version: 44.0a1 (2.5)
Firmware Version: D5803_23.1.A.1.28_NCB.ftf
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0
Status: RESOLVED → VERIFIED
QA Whiteboard: [foxfood-triage] → [foxfood-triage][QAnalyst-Triage?]
Flags: needinfo?(pcheng) → needinfo?(jmercado)
Keywords: verifyme
Updated•9 years ago
|
QA Whiteboard: [foxfood-triage][QAnalyst-Triage?] → [foxfood-triage][QAnalyst-Triage+]
Flags: needinfo?(jmercado)
When I try to log in I get: 'Auth delegation received an HTTP response other than 200 OK from auth consumer. Code: 404"
STR:
Open bzlite
Enter bugzilla username and password, press Login - The following message displays: "API key authentication is required." - Press OK
Press 'Or login via Bugzilla'
Enter bugzilla username and password + 2FA token - The following displays (from bmo website): Auth Delegation Request ...
Press Accept
When I look at the API keys listed in my Bugzilla preferences, there is indeed 1 API key for Bugzilla Lite (created as a result of this process) and its status is "never used".
I have tried this flow several times, after a restart, and after logging in and out of Bugzilla.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 26•9 years ago
|
||
Yup seeing this too, not sure if something else has changed (or I forgot to push) checking now
Assignee | ||
Comment 27•9 years ago
|
||
There was a line missing in my last commit, r=me'd it, should all be working now, apologies
https://github.com/mozilla-b2g/bzlite/commit/149a995cc5a0fb97003b8dd8084a0c9fd3e0b2b2
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
Comment 28•8 years ago
|
||
$callback_uri may not be accessible from the bugzilla instance.
For example I can have an internal application which want to connect to external bugzilla instance on behalf of user. User can open callback uri (e.g. in browser), but bugzilla instance can not.
You need to log in
before you can comment on or make changes to this bug.
Description
•