Closed Bug 1226094 Opened 9 years ago Closed 9 years ago

Notify tokenserver of password reset events in FxA

Categories

(Cloud Services Graveyard :: Server: Sync, defect)

Product:
Cloud Services Graveyard
Component:
Server: Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rfkelly, Assigned: dcoates)

References

Details

Via an elaborate series of cached credentials and long-lived tokens, it's possible for connected devices to keep syncing for several hours after they're technically disconnected by a password reset event. See e.g. Bug 1206325. There's *supposed* to be some magic with the "generation number" that shortens this window, as described in Bug 1206325 Comment 3, but it doesn't seem to be very reliable in practice. We could more reliably reduce this window by sending a notification from FxA to Sync whenever a user resets their password. It's a bit of an ugly hack, but we already have an FxA -> Sync backchannel for account deletions, and there's real user benefit to be had. This work would involve two parts: * Have FxA publish password-reset or similar event via SNS, and route it into the SQS queue for sync * Extend the tokenserver's existing SQS-event-processing script [1] to receive these new events, and increment the generation number in its local db :dcoates, if you're interested in taking this on, I'm happy to give a bit of guidance about the tokenserver codebase. [1] https://github.com/mozilla-services/tokenserver/blob/master/tokenserver/scripts/process_account_deletions.py
Assignee: nobody → dcoates
Fixed in https://github.com/mozilla-services/tokenserver/commit/54dd63f1d46190f9fedb39ef851fe2cdc5306f7d
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Blocks: 1247736
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.