Closed Bug 1522684 Opened 6 years ago Closed 6 years ago

Please allow the Firefox for iOS oauth client to request the "oldsync" scope

Categories

(Cloud Services :: Server: Firefox Accounts, enhancement)

Product:
Cloud Services
Component:
Server: Firefox Accounts
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rfkelly, Unassigned)

References

Details

For integration with the rust bookmarks component, please adjust the oauth config for Firefox for iOS so that it is allowed to request the "oldsync" scope:

Client ID: 1b1a3e44c54fbb58
Allowed scopes: https://identity.mozilla.com/apps/oldsync

:rfkelly - what is the redirect URI of Firefox for iOS? I don't have one listed in [1]. We'll need to add that to the content-server configuration here[2].

[1] - https://docs.google.com/spreadsheets/d/1-KkF924eINwQR1rm65C3FibTkrdh12FW_o7Zs9LYgsM/edit?ts=5aea0e37#gid=962403828
[2] - https://github.com/mozilla/fxa-content-server/blob/1d6ef34d05a216f6dc8c9485102e4e6c39278259/server/lib/configuration.js#L406

Flags: needinfo?(rfkelly)

what is the redirect URI of Firefox for iOS?

I don't believe they have one, because they don't (yet) use an OAuth login flow.

Zooming out, because I should have added more context when filing the bug:

Firefox for iOS is working on integrating the rust bookmarks component. In order to do so they will need to pass this component OAuth-style sync credentials with "oldsync" permission.

However, the Firefox for iOS login process is currently not OAuth based - like Desktop, they have a sessionToken and kSync. Replacing the login process is out of scope for this work, so we want to teach Firefox for iOS how to grant itself an "oldsync"-scoped OAuth token using its existing credentials.

The Firefox for iOS client_id will need permission for the "oldsync" scope in order to use the /account/scoped-key-data endpoint [1] to grant itself such credentials. But I don't think it will need a redirect-uri or config added in content-server, because it won't be using the web-based OAuth flow.

:stomlinson does that make sense?

[1] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-accountscoped-key-data

Flags: needinfo?(rfkelly)

The Firefox for iOS client_id will need permission for the "oldsync" scope in order
to use the /account/scoped-key-data endpoint [1] to grant itself such credentials.

Justin tried hitting this endpoint earlier today but got a 500 error; I've filed Bug 1523516 to investigate.

(In reply to Ryan Kelly [:rfkelly] from comment #3)

The Firefox for iOS client_id will need permission for the "oldsync" scope in order
to use the /account/scoped-key-data endpoint [1] to grant itself such credentials.

Justin tried hitting this endpoint earlier today but got a 500 error; I've filed Bug 1523516 to investigate.

Could you add me to that bug? I think we have a fix already in dev, just needs to be deployed.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED

:vladikoff pointed that I updated prod with the new scope, but not stage. As of now, both stage and prod client id 1b1a3e44c54fbb58 have an allowedScope of "https://identity.mozilla.com/apps/oldsync"

You need to log in before you can comment on or make changes to this bug.