Closed Bug 1586029 Opened 6 years ago Closed 6 years ago

Please provision stage/production OAuth credentials for "Firefox Lite" client

Categories

(Cloud Services :: Server: Firefox Accounts, task)

Product:
Cloud Services
Component:
Server: Firefox Accounts
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: clouserw, Unassigned, NeedInfo)

Details

Please provision stage/production Oauth credentials:

{
 "id": "bd8e8b17e9359f53",
 "name": "Firefox Lite",
 "hashedSecret": "0000000000000000000000000000000000000000000000000000000000000000",
 "redirectUri": "",
 "imageUri": "",
 "canGrant": false,
 "termsUri": "",
 "privacyUri": "",
 "publicClient": true,
 "trusted": true
}

We'll still need a short name for Amplitude. Maybe "fx-lite"?

Wesly: We need to know the redirect URI. Where should we send people after they authenticate?

Flags: needinfo?(whuang)

Any allowedScopes required? (Just checking).

Flags: needinfo?(jrgm)

(In reply to John Morrison [:jrgm] from comment #2)

Any allowedScopes required? (Just checking).

In an email thread, Wesley only requested the "profile" scope.

Flags: needinfo?(whuang) → needinfo?(wehuang)

thanks Wil, John, and Shane.

  1. Wil, just to be sure, I believe the short name for amplitude is not a qusstion to our team, right?
  2. need the redirect uri
  3. need to confirm the allowedScope (what I got is only profile)

@nevin, would you help on 2) and 3) above? thanks.

Flags: needinfo?(wehuang) → needinfo?(nechen)

Opened https://github.com/mozilla/fxa/issues/2749 to get an icon for FxA's Apps & Devices panel.

Wil, just to be sure, I believe the short name for amplitude is not a qusstion to our team, right?

correct

(In reply to Wesly Huang (EPM) from comment #5)

thanks Wil, John, and Shane.

  1. Wil, just to be sure, I believe the short name for amplitude is not a qusstion to our team, right?
  2. need the redirect uri

the redirect production URL is not ready yet. I assume we can change it by ourselves in the future?

  1. need to confirm the allowedScope (what I got is only profile)

Yes

@nevin, would you help on 2) and 3) above? thanks.

Flags: needinfo?(wclouser)

You won't be able to change it by yourselves. It's part of the configuration stored in FxA.

Flags: needinfo?(wclouser)

Added entry in stage per https://bugzilla.mozilla.org/show_bug.cgi?id=1586029#c0 with also allowedScopes = profile', andredirectUri` = "" (empty).

If that's correct for production, I'll add it there tomorrow morning.

Flags: needinfo?(jrgm)

The redirect API endpoint

Production:
Firefox Lite
https://zerda-dcf76.appspot.com/api/v1/login

Staging
Firefox Lite Preview
https://rocketnightly.appspot.com/api/v1/login

Thank you!

Flags: needinfo?(jrgm)

Stage is update for redirectUri and name:

$ curl -s https://oauth.stage.mozaws.net/v1/client/bd8e8b17e9359f53 | python -mjson.tool
{
"id": "bd8e8b17e9359f53",
"name": "Firefox Lite Preview",
"trusted": true,
"image_uri": "",
"redirect_uri": "https://rocketnightly.appspot.com/api/v1/login"
}

Prod client entry added perl comment #0 and updates in comment #12

$ curl -s https://oauth.accounts.firefox.com/v1/client/bd8e8b17e9359f53 | python -mjson.tool
{
"id": "bd8e8b17e9359f53",
"name": "Firefox Lite",
"trusted": true,
"image_uri": "",
"redirect_uri": "https://zerda-dcf76.appspot.com/api/v1/login"
}

Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED

Thanks!
May I know how can I get the secret so I can set up my server?
Thank you!

Flags: needinfo?(wclouser)
Flags: needinfo?(jrgm)

(In reply to Nevin Chen(Not active on Bugzilla) from comment #14)

Thanks!
May I know how can I get the secret so I can set up my server?
Thank you!

Nevin, Is it going to be the browser or a backend that trades the authorization code for the access token? If the browser, then no secrets are needed, if it's the backend, then we are going to have to update our config.

Hi Shane
It's the backend that the Firefox Lite team builds.
Thank you!

Flags: needinfo?(nechen) → needinfo?(stomlinson)

(In reply to Nevin Chen(Not active on Bugzilla) from comment #16)

Hi Shane
It's the backend that the Firefox Lite team builds.
Thank you!

Thanks Nevin, are you going to be the person receiving the OAuth credentials?

:jrgm or :jbuck, could you please generate client secrets in stage & prod for Firefox Lite and change the database configs to have:

publicClient: false
hashedSecret: <hash of secret>

Flags: needinfo?(wclouser)
Flags: needinfo?(stomlinson)
Flags: needinfo?(nechen)
Flags: needinfo?(jbuckley)

(In reply to Shane Tomlinson [:stomlinson] from comment #17)

Thanks Nevin, are you going to be the person receiving the OAuth credentials?

Yes. I'll be the person receiving the OAuth credentials.
You can send it via my Mozilla Email.
Thank you!

Flags: needinfo?(nechen) → needinfo?(stomlinson)

Hi Nevin. Could you put a gpg key in Mozilla phonebook?

It's the backend that the Firefox Lite team builds.

Sorry to chime in late here, but if the login tokens are being held by a backend service component, I'm not sure it makes sense to call this client "Firefox Lite". Will it appear to the user as though they're signing in to the Firefox Lite browser itself, or will it be more akin to signing in to a service on the web?

I'm wondering if this client should be called something like "Firefox Lite Missions", because if I understand the architecture correctly, the FxA tokens end up being held by a server that manages the missions database rather than held by Firefox Lite itself.

Flags: needinfo?(stomlinson)

Hi Joe
Can you help answer comment 20?
Thank you!

Flags: needinfo?(jcheng)
Flags: needinfo?(jbuckley)
You need to log in before you can comment on or make changes to this bug.