Closed Bug 1927971 Opened 3 months ago Closed 3 months ago

Gather data on CalDAV OAuth tokens

Categories

(Calendar :: Provider: CalDAV, task)

Product:
Calendar
Component:
Provider: CalDAV
Type:
task

Tracking

(thunderbird_esr128 fixed, thunderbird133 fixed)

Status:
RESOLVED FIXED
Milestone:
134 Branch
Tracking Flags:
Tracking Status
thunderbird_esr128 --- fixed
thunderbird133 --- fixed

People

(Reporter: darktrojan, Assigned: darktrojan)

References

Details

Attachments

(3 files)

Bug 1927971 - Gather data on CalDAV OAuth tokens. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
corey
: approval-comm-beta+
Details | Review
1927971-data-review.md
2.52 KB, text/plain
sancus
: data-review+
Details
Bug 1927971 - [ESR128] Gather data on CalDAV OAuth tokens. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
corey
: approval-comm-esr128+
Details | Review

CalDAV with OAuth is a mess. We still have the old Lightning client ID in the code. When it comes to storing tokens in the login manager there are three choices of username (the actual username, the session ID from when we had sessions, and the calendar's ID) and three choices of origin (the hostname of the issuer like we do elsewhere, the session ID, and the calendar's ID). I count seven different ways to store a token. We may or may not even have the username for the service.

Fortunately, I think all of the weirdness is restricted to Google calendars. There's also code for Fastmail but that was added recently and I think avoided all of the historical changes.

Long term, I plan to clean this all up, so it uses all the same mechanisms as the other things that use OAuth. But first I want to know the state of play. If there's a lot of users with (e.g.) no username stored, I may change approach and try to migrate them, instead of forcing an authentication prompt in their face. I'm writing a Glean probe that can exist for a few versions (and be migrated back to old school Telemetry for ESR).

Attached file 1927971-data-review.md
Attachment #9434144 - Flags: data-review?(sancus)
Blocks: 1927998
Attachment #9434131 - Attachment description: WIP: Bug 1927971 - Gather data on CalDAV OAuth tokens → Bug 1927971 - Gather data on CalDAV OAuth tokens. r=#thunderbird-reviewers

Comment on attachment 9434144 [details]
1927971-data-review.md

Sounds good.

  1. Is there Documentation?
  1. Is there a control mechanism that allows the user to turn this data collection off?

Yes: Standard telemetry preferences.

If the request is for permanent data collection, is there someone who will monitor the data over time?

Yes, Geoff Lankow(:darktrojan).

Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 1: Technical Data.

Is the data collection request for default-on or default-off?

default-on

Does the instrumentation include the addition of any new identifiers (whether anonymous or otherwise; e.g., username, random IDs, etc. See the appendix for more details)?

No.

Is the data collection covered by the existing Thunderbird privacy notice? If unsure: escalate to legal if:

Yes.

Does the data collection use a third-party collection tool? If yes, escalate to legal.

No.

Attachment #9434144 - Flags: data-review?(sancus) → data-review+
Keywords: checkin-needed-tb
Target Milestone: --- → 134 Branch

Pushed by john@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/d4568348a8b7
Gather data on CalDAV OAuth tokens. r=aleca

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9434131 [details]
Bug 1927971 - Gather data on CalDAV OAuth tokens. r=#thunderbird-reviewers

[Approval Request Comment]
Regression caused by (bug #):
User impact if declined: none
Testing completed (on c-c, etc.): on central a week, data submission is working
Risk to taking this patch (and alternatives if risky): none

Attachment #9434131 - Flags: approval-comm-beta?

Comment on attachment 9434131 [details]
Bug 1927971 - Gather data on CalDAV OAuth tokens. r=#thunderbird-reviewers

[Triage Comment]
Approved for beta

Attachment #9434131 - Flags: approval-comm-beta? → approval-comm-beta+

Comment on attachment 9436295 [details]
Bug 1927971 - [ESR128] Gather data on CalDAV OAuth tokens. r=#thunderbird-reviewers

[Triage Comment]
Approved for esr128

Attachment #9436295 - Flags: approval-comm-esr128+

Here's a sample from the ESR channel.

Where we have a user name :

  • the token is stored using the user name - 98.83% (of all Google calendars reported)
  • the token is stored with the calendar's ID (could been fixed) - 0.00%
  • there is no token stored - 0.79%
  • the token is for the old client, and is stored with the calendar's ID - 0.00%

Where we don't have a user name at all:

  • the "session" ID is used - 0.00%
  • the token is stored with the calendar's ID - 0.06%
  • there is no token stored - 0.03%
  • the token is for the old client, and is stored with the calendar's ID - 0.28%

This is good news, if we just switch everybody to the Thunderbird client (using only the user name for storing tokens) very few people will see a new authentication prompt. I think that is what I'll do.

I'm now going to back this patch out, as it was a one-off collection of data and is no longer needed.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: