Closed Bug 1410342 Opened 7 years ago Closed 7 years ago

Add some events to follow the browser.identity.launchWebAuthFlow flow from the add-on

Categories

(WebExtensions :: Untriaged, enhancement)

Product:
WebExtensions
Component:
Untriaged
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: rhubscher, Unassigned)

References

Details

Attachments

(2 files)

FirefoxNotesAnimation.gif
83.05 KB, image/gif
Details
Redirection fails
23.66 KB, image/png
Details
For the Firefox Notes use case we would like to display feedback about the login process in the Notes footer bar. [0] But the documentation [1] doesn't provide any. Here is the list of event we would like to have: - Login Page opened - Login Page closed without authentication - Login credentials successfully submitted waiting for email validation We already have a way to get the last event (Login successfull) as the promise returns. [0] https://mozilla.invisionapp.com/share/6VBUYHMRB#/235284916_Desktop_Sidebar [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/identity/launchWebAuthFlow
Here is how we want the footer bar to work during authentication flow.
(In reply to Rémy Hubscher (:natim) from comment #0) > For the Firefox Notes use case we would like to display feedback about the > login process in the Notes footer bar. [0] > > But the documentation [1] doesn't provide any. > > Here is the list of event we would like to have: > > - Login Page opened There is no way for us to reliably know that any given page is a login page, not a redirect, interstitial, etc etc, so we wont do that. > - Login Page closed without authentication > - Login credentials successfully submitted waiting for email validation Don't you already have these from the oauth result? If not, that is a problem with the service. All this API does is return the redirect url. If the service sets an error in it, you should be able to use it. For advanced ui work like what I see in the animation, you really need the rest of the identity api, not launchWebAuthFlow. See bug 1320862.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
See Also: → 1320862
> There is no way for us to reliably know that any given page is a login page That not what I am asking here. I need to know when the popup has been loaded and is displaying some HTML to the user. > Don't you already have these from the oauth result? How? Do you have an example in mind? > For advanced ui work like, you really need the rest of the identity api, not launchWebAuthFlow. By rest of the identity api, do you mean getRedirectURL()? Adding this events would help a lot to be able to rely on the browser as well as giving feedback to the add-on about what is going on. I guess if I can detect that the login windows was closed i can manage.
(In reply to Rémy Hubscher (:natim) from comment #3) > > There is no way for us to reliably know that any given page is a login page > > That not what I am asking here. I need to know when the popup has been > loaded and is displaying some HTML to the user. > > > Don't you already have these from the oauth result? > > How? Do you have an example in mind? OAuth services often return error results in the redirect url. Per the MDN docs on this api, there is an example that has a validate function. The redirectURL would have either an auth token, or error information. If it does not have error information, and does not have an auth token, you can assume the user cancelled. But in any case, that url comes from the login service, not from the identity api. > > For advanced ui work like, you really need the rest of the identity api, not launchWebAuthFlow. > > By rest of the identity api, do you mean getRedirectURL()? Adding this > events would help a lot to be able to rely on the browser as well as giving > feedback to the add-on about what is going on. We only implemented the generic functionality of the identity api. There is a lot more to it, and the bug I mentioned is to support the rest of the api backended by fxa, which is what you would use for sync. https://developer.chrome.com/apps/identity > I guess if I can detect that the login windows was closed i can manage. Again, getting the redirectUrl back is your indication it was closed.
> Login Page closed without authentication It looks like the promise returned by `launchWebAuthFlow` should reject in this case, per: https://dxr.mozilla.org/mozilla-central/source/toolkit/components/extensions/ext-identity.js#63 Do you find that it doesn't reject when closing the window in practice? > Login credentials successfully submitted waiting for email validation FWIW, I'm pretty dubious about FxA providing this information to OAuth reliers. It feels like leaking an internal detail of the login process and making it visible to the consumer without being actionable. We allow Firefox to observe unverified logins for Sync, because it can help the user recover from this situation by e.g. re-sending the verification email. OAuth reliers don't have this ability - if the user successfully enters their password in OAuth popup but then fails to click through the verification email, there's nothing that you can do to help them recover, they have to start the login process all over again.
With the current nightly the flow doesn't works anymore.
Attached image Redirection fails
> With the current nightly the flow doesn't works anymore. Meaning that the redirect to the wrong domain name is not caught anymore.
Refs Bug 1411646
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: