Closed
Bug 1174812
Opened 9 years ago
Closed 9 years ago
Implement a client for the FxA device manager service
Categories
(Firefox :: Firefox Accounts, defect, P2)
Firefox
Firefox Accounts
Tracking
()
RESOLVED
DUPLICATE
of bug 1227527
People
(Reporter: lina, Unassigned)
References
Details
(Whiteboard: [fxsync])
Attachments
(1 file, 1 obsolete file)
|
36.81 KB,
patch
|
Details | Diff | Splinter Review |
The device manager is a service that maps a user's account to all her "Foxes." It exposes a RESTful API for devices to register and remove themselves, and update their information. Other backend services can also use the device manager to log a user out remotely, in case her device is lost or stolen. This ticket tracks the work needed to land a device manager client in Firefox. The server work will take place concurrently at https://github.com/mozilla-services/fxa-devmgr-server. Some background: * A vague plan outlining some of the scenarios: https://docs.google.com/a/mozilla.com/document/d/1kG3Zmpt_AYoZd1bqbcMwyZYd1OXMzZ0IlqoNdv9S4jM/edit?usp=sharing The implementation notes are out of date, but the use cases remain valid. * FxA mailing list thread: https://mail.mozilla.org/pipermail/dev-fxacct/2015-May/001514.html
|
Reporter | |
Comment 1•9 years ago
|
||
Work-in-progress sketch of the new API. This isn't actually useful yet, since we don't have a server to play with. Also, there are no tests. :-)
|
|
Reporter | |
Updated•9 years ago
|
Status: NEW → ASSIGNED
|
|
Reporter | |
Updated•9 years ago
|
|
||
Comment 3•9 years ago
|
||
Now that FxA has refresh tokens, we should consider whether the "revoke oauth tokens owned by this device" aspect of this service is still necessary. I assume that the device will not issue itself any long-lived refresh tokens, since they'd be a pointless indirection around the power it already has. Rather, the device will only issue itself short-lived access tokens. Perhaps we can make these short-lived enough that there's no point in revoking them if the device is lost/stolen?
|
||
Updated•9 years ago
|
Rank: 15
|
|
Reporter | |
Comment 4•9 years ago
|
||
(In reply to Ryan Kelly [:rfkelly] from comment #3) > Perhaps we can make these short-lived enough that there's no point in > revoking them if the device is lost/stolen? +1. I could see the device issuing long-lived refresh tokens, and refreshing on a timer, to avoid extra round-trips...but maybe that's not too bad, especially if we already cache responses from our services.
|
|
||
Comment 5•9 years ago
|
||
> I could see the device issuing long-lived refresh tokens, and refreshing on a timer,
> to avoid extra round-trips
This wouldn't really buy you anything. The only thing you can do with a refresh_token is to trade it for an access_token, and the browser already has the power to do that directly using assertions.|
|
||
Updated•9 years ago
|
Whiteboard: [fxsync]
|
||
Updated•9 years ago
|
Flags: firefox-backlog+
Priority: -- → P2
|
|
Reporter | |
Updated•9 years ago
|
Assignee: kcambridge → nobody
Status: ASSIGNED → NEW
|
|
||
Comment 6•9 years ago
|
||
(Adding Shane and Phil for context - this is Kit's initial work on implementing device registration inside Firefox)
|
|
Reporter | |
Comment 7•9 years ago
|
||
Subsumed by Phil's much cleaner (and tested!) patch.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
|
||
Updated•7 years ago
|
Product: Core → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•