1635657 - Synthesize placeholder AET identifiers for existing accounts

Status: RESOLVED FIXED

(Firefox :: Firefox Accounts, enhancement)

Description

[Ryan Kelly [:rfkelly]]

Bug 1635656 adds support for storing ecosystem_user_id and ecosystem_anon_id values as part of the persisted account state, and for learning the value of ecosystem_anon_id from the FxA profile server.

However, it's only possible to calculate ecosystem_user_id and ecosystem_anon_id during an FxA login flow, when we have access to their password and can derive the necessary secrets from their FxA master key. That means users who are already signed in to Firefox can't start sending Account Ecosystem Telemetry pings until they sign in again (either on some other device, or on this device after a disconnection event).

To help bootstrap the AET data set, let's synthesize placeholder identifiers for these users. If we need the ecosystem_anon_id and it's not in the persisted account state, then we would:

1. Try to fetch ecosystem_anon_id from the FxA profile server.
2. If ecosystem_anon_id is not present in the FxA profile response, then synthesize a new one:
   1. Generate ecosystem_user_id as 32 strong random bytes.
   2. Fetch the /.well-known/fxa-client-configuration file from FxA and extract the ecosystem_telemetry_public_key field, a JWK.
   3. Encrypt ecosystem_user_id to the ecosystem_telemetry_public_key as specified in the tech spec for AET identifiers.
   4. POST the resulting ecosystem_anon_id to the FxA profile server for storage, using concurrency-control mechanisms to help avoid races. If a concurrent update to the profile data is discovered, go back to (1).
   5. Persist the resulting ecosystem_user_id and ecosystem_anon_id values to local state.

This allows the device to start sending AET pings immediately. If and when the user does sign in again and FxA is able to calculate their real ecosystem_user_id, then we will discover it via the normal process of updating user profile data. The AET data pipeline will take care of correlating the temporary id with the new one, in the same way it handles ecosystem_user_id changing after a password reset.

Comment 1

[Ryan Kelly [:rfkelly]]

I filed a corresponding bug for adding this functionality to the rust fxa client here:

https://github.com/mozilla/application-services/issues/3086

I also really don't want to have to implement this twice.I wonder if it might actually be a good opportunity to implement it just once, in Rust, and then use the Rust version from the Desktop Firefox code (even if we haven't finished the rest of the fxa-client-in-desktop project by the time we need this).

Comment 2

[Ryan Kelly [:rfkelly]]

Attachment: Bug 1635657 - synthesize placeholder ecosystemAnonId when not present on FxA server; r?lina,_6a68,m_and_m

Depends on D77762

Comment 3

[Ryan Kelly [:rfkelly]]

See Bug 1635656 Comment 2 for some notes on an FxA dev environment that might be helpful when working on or reviewing this code.

Comment 4

[Ryan Kelly [:rfkelly]]

I wonder if it might actually be a good opportunity to implement it just once, in Rust, and then use the Rust version from the Desktop Firefox code

Also, just want to note explicitly that we're not going to do this, and we'll just deal with having two implementations when the time comes.

Comment 5

[Lougenia Bailey]

Attachment: Bug 1635657 - synthesize placeholder ecosystemAnonId when not present on FxA server

Comment 6

[Lougenia Bailey]

FYI: I'm going to abandon the original revision unless there are objections.

Comment 7

[Ryan Kelly [:rfkelly]]

No objections, please abandon it with abandon (sorry...)

Comment 8

[Pulsebot]

Pushed by lobailey@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/331e641213d5
synthesize placeholder ecosystemAnonId when not present on FxA server r=markh,rfkelly

Comment 9

[Cristina Coroiu [:ccoroiu]]

https://hg.mozilla.org/mozilla-central/rev/331e641213d5