Please provision stage/production OAuth credentials for "Firefox for Fire TV"
Categories
(Cloud Services :: Server: Firefox Accounts, task)
Tracking
(Not tracked)
People
(Reporter: stomlinson, Assigned: jrgm)
References
()
Details
Attachments
(1 file)
|
59.92 KB,
image/png
|
Details |
:jrgm, can you please provision stage/production OAuth credentials for "Firefox for Fire TV" using the following configuration:
{
"id": "85da77264642d6a1",
"name": "Firefox for Fire TV",
"hashedSecret": "0000000000000000000000000000000000000000000000000000000000000000",
"redirectUri": "{{ content_public_url }}/oauth/success/85da77264642d6a1",
"imageUri": "",
"publicClient": true,
"canGrant": false,
"termsUri": "",
"privacyUri": "",
"trusted": true,
"allowedScopes": "https://identity.mozilla.com/apps/oldsync"
}
We will also have to add 85da77264642d6a1 to the list of client_ids allowed to request the "https://identity.mozilla.com/apps/oldsync" scope. I will open a PR on the cloudops-deployment repo for this.
| Reporter | ||
Comment 1•2 years ago
|
||
:jrgm, I cannot find a reference to content_scoped_keys_validation [1] in cloudops-deployment, is that handled differently on stage and prod?
[1] - https://github.com/mozilla/fxa-dev/pull/468/files#diff-5e730c891603232ec59bd75264114994R19`
| Assignee | ||
Comment 2•2 years ago
|
||
I take it that these credentials don't need to be sent to anyone, ya?
| Assignee | ||
Comment 3•2 years ago
|
||
Done:
$ curl -s https://oauth.accounts.firefox.com/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"name": "Firefox for Fire TV",
"trusted": true,
"image_uri": "",
"redirect_uri": "https://oauth.accounts.firefox.com/oauth/success/85da77264642d6a1"
}
$ curl -s https://oauth.stage.mozaws.net/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"name": "Firefox for Fire TV",
"trusted": true,
"image_uri": "",
"redirect_uri": "https://oauth.stage.mozaws.net/oauth/success/85da77264642d6a1"
}
| Reporter | ||
Comment 4•2 years ago
|
||
(In reply to John Morrison [:jrgm] from comment #2)
I take it that these credentials don't need to be sent to anyone, ya?
I don't think so, but :mcomella would probably appreciate a ping, so I've ni'd him. Thanks :jrgm.
:jrgm, do we need to add both the stage and prod redirect_uri's to the config on the content server here: [1]?
| Reporter | ||
Updated•2 years ago
|
I tried using our client ID on the production servers but I received a page saying "Incorrect redirect_uri". Here's my WIP where I do that: https://github.com/mozilla-mobile/firefox-tv/pull/2568
Reopening because it sounds like we might be missing something.
Comment 6•2 years ago
|
||
:jrgm, do we need to add both the stage and prod redirect_uri's to the config on the content server here: [1]?
Yes we do, this is the cause of:
I tried using our client ID on the production servers but I received a page saying "Incorrect redirect_uri
I suspect that stage and prod are just using the default values from the github repo, rather than being configured via cloudops-deployment. I filed a PR to add it here:
Comment 7•2 years ago
|
||
This has been deployed to production, :mcomella could you please check if it's now working as you expect?
I'm still getting the same error (bad redirect URI written in page content) in the PR I previously linked: https://github.com/mozilla-mobile/firefox-tv/pull/2568
However, I notice there's a discrepancy in the redirect URI Ryan has in his PR and the redirect URI I supply, https://accounts.firefox.com/oauth/success/85da77264642d6a1, and the redirect URI in comment 3, https://oauth.accounts.firefox.com/oauth/success/85da77264642d6a1. Using the latter, I get a 500 server error.
Could this be related?
For the record, here's the error page I'm seeing on the emulator.
Comment 10•2 years ago
|
||
Whoops, yes, the values in Comment 3 are wrong, they should be URLs on "accounts.firefox.com" rather than "oauth.accounts.firefox.com". :jrgm could you please update?
| Assignee | ||
Comment 11•2 years ago
|
||
Updated:
$ curl -s https://oauth.accounts.firefox.com/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"image_uri": "",
"name": "Firefox for Fire TV",
"redirect_uri": "https://accounts.firefox.com/oauth/success/85da77264642d6a1",
"trusted": true
}
$ curl -s https://oauth.stage.mozaws.net/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"image_uri": "",
"name": "Firefox for Fire TV",
"redirect_uri": "https://accounts.stage.mozaws.net/oauth/success/85da77264642d6a1",
"trusted": true
}
The new ID appears to work in app, on the production servers, for me now. Thanks! Feel free to close if all your work is done too.
Updated•1 year ago
|
Description
•