Closed Bug 1566346 Opened 2 years ago Closed 1 year ago

Please provision stage/production OAuth credentials for "Firefox for Fire TV"

Categories

(Cloud Services :: Server: Firefox Accounts, task)

Product:
Cloud Services
Component:
Server: Firefox Accounts
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: stomlinson, Assigned: jrgm)

References

(
URL
)

Details

Attachments

(1 file)

Screenshot: incorrect redirect_uri error
59.92 KB, image/png
Details

:jrgm, can you please provision stage/production OAuth credentials for "Firefox for Fire TV" using the following configuration:

{
      "id": "85da77264642d6a1",
      "name": "Firefox for Fire TV",
      "hashedSecret": "0000000000000000000000000000000000000000000000000000000000000000",
      "redirectUri": "{{ content_public_url }}/oauth/success/85da77264642d6a1",
      "imageUri": "",
      "publicClient": true,
      "canGrant": false,
      "termsUri": "",
      "privacyUri": "",
      "trusted": true,
      "allowedScopes": "https://identity.mozilla.com/apps/oldsync"
    }

We will also have to add 85da77264642d6a1 to the list of client_ids allowed to request the "https://identity.mozilla.com/apps/oldsync" scope. I will open a PR on the cloudops-deployment repo for this.

:jrgm, I cannot find a reference to content_scoped_keys_validation [1] in cloudops-deployment, is that handled differently on stage and prod?

[1] - https://github.com/mozilla/fxa-dev/pull/468/files#diff-5e730c891603232ec59bd75264114994R19`

Flags: needinfo?(jrgm)

I take it that these credentials don't need to be sent to anyone, ya?

Done:

$ curl -s https://oauth.accounts.firefox.com/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"name": "Firefox for Fire TV",
"trusted": true,
"image_uri": "",
"redirect_uri": "https://oauth.accounts.firefox.com/oauth/success/85da77264642d6a1"
}

$ curl -s https://oauth.stage.mozaws.net/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"name": "Firefox for Fire TV",
"trusted": true,
"image_uri": "",
"redirect_uri": "https://oauth.stage.mozaws.net/oauth/success/85da77264642d6a1"
}

Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED

(In reply to John Morrison [:jrgm] from comment #2)

I take it that these credentials don't need to be sent to anyone, ya?

I don't think so, but :mcomella would probably appreciate a ping, so I've ni'd him. Thanks :jrgm.

:jrgm, do we need to add both the stage and prod redirect_uri's to the config on the content server here: [1]?

[1] - https://github.com/mozilla/fxa/blob/601fc5c5341bf5fd2134160d6288a75537a2077f/packages/fxa-content-server/server/lib/configuration.js#L500

Flags: needinfo?(michael.l.comella)
Flags: needinfo?(jrgm)

I tried using our client ID on the production servers but I received a page saying "Incorrect redirect_uri". Here's my WIP where I do that: https://github.com/mozilla-mobile/firefox-tv/pull/2568

Reopening because it sounds like we might be missing something.

Status: RESOLVED → REOPENED
Flags: needinfo?(michael.l.comella)
Resolution: FIXED → ---

:jrgm, do we need to add both the stage and prod redirect_uri's to the config on the content server here: [1]?

Yes we do, this is the cause of:

I tried using our client ID on the production servers but I received a page saying "Incorrect redirect_uri

I suspect that stage and prod are just using the default values from the github repo, rather than being configured via cloudops-deployment. I filed a PR to add it here:

https://github.com/mozilla/fxa/pull/1900

https://github.com/mozilla/fxa/pull/1900

This has been deployed to production, :mcomella could you please check if it's now working as you expect?

Flags: needinfo?(jrgm) → needinfo?(michael.l.comella)

I'm still getting the same error (bad redirect URI written in page content) in the PR I previously linked: https://github.com/mozilla-mobile/firefox-tv/pull/2568

However, I notice there's a discrepancy in the redirect URI Ryan has in his PR and the redirect URI I supply, https://accounts.firefox.com/oauth/success/85da77264642d6a1, and the redirect URI in comment 3, https://oauth.accounts.firefox.com/oauth/success/85da77264642d6a1. Using the latter, I get a 500 server error.

Could this be related?

Flags: needinfo?(michael.l.comella) → needinfo?(rfkelly)

For the record, here's the error page I'm seeing on the emulator.

Whoops, yes, the values in Comment 3 are wrong, they should be URLs on "accounts.firefox.com" rather than "oauth.accounts.firefox.com". :jrgm could you please update?

Flags: needinfo?(rfkelly) → needinfo?(jrgm)

Updated:

$ curl -s https://oauth.accounts.firefox.com/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"image_uri": "",
"name": "Firefox for Fire TV",
"redirect_uri": "https://accounts.firefox.com/oauth/success/85da77264642d6a1",
"trusted": true
}

$ curl -s https://oauth.stage.mozaws.net/v1/client/85da77264642d6a1 | python -mjson.tool
{
"id": "85da77264642d6a1",
"image_uri": "",
"name": "Firefox for Fire TV",
"redirect_uri": "https://accounts.stage.mozaws.net/oauth/success/85da77264642d6a1",
"trusted": true
}

Flags: needinfo?(jrgm)

The new ID appears to work in app, on the production servers, for me now. Thanks! Feel free to close if all your work is done too.

Status: REOPENED → RESOLVED
Closed: 2 years ago1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.