Closed Bug 1158875 Opened 5 years ago Closed 2 years ago
Expose an Android Intent for performing a web-based Firefox Account oauth referrer flow from third party Apps
Right now, Firefox for Android accounts use an oauth client ID with implicit grant so that the Android Firefox Account can produce oauth tokens as it sees fit. These tokens are produced transparently with neither user knowledge or intervention. This suits internal Firefox services just fine -- we trust these services -- but obviously breaks down with third party Apps. Like Pocket! We've always assumed we would deliver oauth tokens to third party Apps directly, using our Account Authenticator, but it may be better to make Firefox for Android itself do a web-based oauth flow. The advantage could be that the user is directly messaged by both FxA /and/ the relying service about what they're allowing. Otherwise, we need to inform the user about what's happening in native UI. The way this might work is that Firefox for Android launches a specific web-based activity in response to a particular Android Intent. It would be great to understand if Google's Chrome provides prior art here. Technically, Fennec is *terrible* at this flow, but maybe we can make it work.
> Otherwise, we need to inform the user about what's happening in native UI Given the speed at which we're tweaking this for pocket, introducing things like e.g. ToS links and custom continue-to-service links and maybe even a permissions screen, I have a strong preference for using web content over native UI.
5 years ago
Bulk edit: moving potentially relevant issues from disabled Android Background Services product to Firefox for Android. Removing priority to throw back to triage owners: please close these bugs if they're no longer relevant! Thanks!
Product: Android Background Services → Firefox for Android
At this point, we don't see the need for this. However we could be wrong, in which case we can re-open this bug.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.