Cache reading list oauth tokens

RESOLVED FIXED in Firefox 38

Status

defect
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: nalexander, Assigned: nalexander)

Tracking

unspecified
Firefox 39
All
Android
Dependency tree / graph

Firefox Tracking Flags

(firefox38 fixed, firefox39 fixed)

Details

Attachments

(1 attachment)

Right now we:

1) ensure the Firefox Account is in a healthy state;
2) generate an FxA assertion;
3) exchange the assertion for an oauth token.

All before syncing the RL!  Oauth tokens are long lived.  We should invert the flow of control to just "ask for an oauth token", and push the FxA mangling out of the RL sync flow.
No longer blocks: 1117830
Depends on: 1147275
rnewman: over to you.

I elected to use the Android framework for this, mostly 'cuz I wanted to see how it worked in the case it was intended to handle.  It's fine, although having to maintain the oauth token in order to invalidate it is irritating.

Pay attention to the two layers of token invalidation (one at the oauth layer, one moving the account state backwards).  It's challenging to test the latter because "obviously bogus" certificates (like those produced by the debug helper I added) trigger a 400 from the oauth endpoint, not a 401.  (This is wrong, and rfkelly agrees, but c'est la vie for now.)

This yields a nice simplification of the RL Sync Adapter which suggests the token approach is reasonable.

The complete absence of automated tests is a function of the compressed schedule and the difficulty of testing the interactions across the full stack.  Manual testing with the debug utilities gives me some confidence in the mechanism, however; and it will get more testing as I implement the remaining follow-ups.
Assignee: nobody → nalexander
Status: NEW → ASSIGNED
Attachment #8582918 - Flags: review?(rnewman)
Depends on: 1147473
Comment on attachment 8582918 [details] [review]
Link to Github pull-request: https://github.com/mozilla-services/android-sync/pull/540

See GitHub comments.
Attachment #8582918 - Flags: review?(rnewman) → review+
Depends on: 1148094
Depends on: 1148504
https://hg.mozilla.org/mozilla-central/rev/91e52cfb333a
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 39
Comment on attachment 8582918 [details] [review]
Link to Github pull-request: https://github.com/mozilla-services/android-sync/pull/540

Batch uplift of Android RL to 38.
Attachment #8582918 - Flags: approval-mozilla-beta?
Attachment #8582918 - Flags: approval-mozilla-beta?
You need to log in before you can comment on or make changes to this bug.