1410996 - Proposal to become an OpenYOLO provider

Status: RESOLVED INCOMPLETE

(Firefox for Android Graveyard :: Logins, Passwords and Form Fill, enhancement, P3)

Description

[David]

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36



Actual results:

Hi Fennec devs,

Sorry if this is the wrong place to submit a proposal. Please let me know if somewhere is is better suited.

# Background
I am engineer on Google's Identity Platform and contributor to OpenID's OpenYOLO (Sample implementation: https://github.com/openid/OpenYOLO-Android, Specification: http://openid.net/specs/openyolo-android-03.html). The OpenYOLO for Android tldr; is: a protocol for retrieving, updating, and assisting in the creation of credentials that allows the user to choose which credential provider they would like to use.

# Proposal
Add support for being an OpenYOLO provider to Firefox for Android.

# Motivation
 - Allow Firefox users to utilize credentials stored in Firefox on Android.
 - Improve the OpenYOLO ecosystem by adding another provider (Currently 1Password, Dashlane and Google Smartlock include production implementations). 

# Protocol tldr;
Just to give you an idea of the flows (and allow you to offer some advice around pitfalls :) when adding it to fennec) without needing to read the specification: the client discovers providers that support a flow by querying for Activities on the device that contain an Activity matching a given OpenYOLO an intent filter. A request is sent in a protocol buffer message in an intent to the chosen provider via startActivityForResult, the provider is free to present any UI they deem nessary (e.g. a credential picker for retrieve request) and a response is sent in another protocol buffer message by the activity result. The only exception to the Activity request/response pattern is a background background request done as part of the retrieve flow. The client asks all providers if they are capable of handling the credential retrieve request before choosing which to invoke which requires a android service. 

# Other
If there is interest I would love some advice/warnings for adding the provider implementation to the fennec codebase. E.g. any potential pitfalls around needing to declare new activities (a requirement for the protocol), accessing credentials (PasswordRecord?), or anything else.

Cheers,
David

Comment 1

[Nevin Chen(Not active on Bugzilla)]

NI Joe cause he knows better

Comment 2

[Michael Comella (:mcomella) [NI reported issues only: ex-Mozilla]]

Thanks for filing Dave – unfortunately we don't have the eng resources to look at this right now but we'll consider this again soon! We're also developing a login manager called LockBox that will work with Firefox Accounts – I wonder if that'd also be another place to add OpenYOLO: https://github.com/mozilla-lockbox

[triage] Non-critical, but interesting - P3 rank 0.

Comment 3

[BMO Automation]

We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.