Closed Bug 1633512 Opened 6 years ago Closed 6 years ago

[Experiment]: Staged Rollout: Fetch Firefox Sync token for user with an OAuth token

Categories

(Shield :: Shield Study, task, P3)

Product:
Shield
Component:
Shield Study
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: experimenter, Assigned: vfilippov)

References

(
URL
)

Details

(Whiteboard: SACI)

Fetch Firefox Sync token for user with a session token

The existing user volume for Firefox Desktop makes up the bulk of FxA server traffic, and it would be risky to attempt to switch them all over from BrowserID to OAuth in a single release, due to the expected increase in server load. Instead we will prepare a phased rollout, where we can use a remote-controlled pref to determine what percentage of Desktop Firefox instances will access sync via OAuth rather than BrowserID. We will initially roll it out only for a small percentage, but will stand ready to step up the percentage as we gain confidence that the servers can handle the load.

Due to some capacity issues in the FxA metrics pipeline, we currently filter out OAuth-related metrics events from Desktop Firefox, and this has resulted in an unfortunate work-around in Desktop client code: we use BrowserID to fetch an OAuth token even though we could directly fetch one using the sessionToken instead. So this change will not (yet) cause Desktop Firefox to stop using BrowserID assertions entirely.

Before this change, Firefox Desktop would always access Sync by using its sessionToken to make a BrowserID certificate, using the certificate to make a BrowserID assertion, and using the assertion to authenticate to the Sync Tokenserver.

After this change, Firefox Desktop will support a second code path for accessing Sync: using its sessionToken to make a BrowserID certificate, using the certificate to make a BrowserID assertion, and using the assertion to grant an OAuth access token, and using the access token to authenticate to the Sync Tokenserver.

See this document for more details: https://docs.google.com/document/d/1CnTv0Eamy7Lnbmf1ALH00oTKMPhGu70elRivJYjx5v0/edit#heading=h.njlrinoigxak

Experimenter is the source of truth for details and delivery. Changes to Bugzilla are not reflected in Experimenter and will not change delivery configuration.

Data Science Issue:
More information: https://experimenter.services.mozilla.com/experiments/fetch-firefox-sync-token-for-user-with-a-session-token/

Whiteboard: SACI
Summary: [Experiment]: Staged Rollout: Fetch Firefox Sync token for user with a session token → [Experiment]: Staged Rollout: Fetch Firefox Sync token for user with an OAuth token
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.