Closed Bug 1941390 Opened 27 days ago Closed 5 days ago

Desktop doesn't know how to handle OAuth uri from FxA

Categories

(Firefox :: Firefox Accounts, defect)

defect

Tracking

()

RESOLVED MOVED

People

(Reporter: jonalmeida, Unassigned)

References

Details

Attachments

(1 file, 1 obsolete file)

Prerequisite

  • Ensure you are running desktop nightly with OAuth flow enabled.
  • Ensure accounts.firefox.com is running on version 1.302.0 or higher (check the version here).
  • Have an account created already with a recovery key.

Steps to reproduce

  1. Click the UI affordance to start a signin flow.
  2. Click the 'Forgot password?' link instead of signing in.
  3. Follow that process until you complete the password reset and get to the 'Continue to Sync' button.
  4. When you get to the 'New account recovery key created', force a tab unload event (e.g. reload the page).
  5. Observe the 'Your password has been reset' with the 'Continue to Sync' button.
  6. Click the button.

Expected results

  • We continue onward to sync settings or account settings?

Actual results

  • We do nothing when FxA provides the urn:ietf:wg:oauth:2.0:oob:oauth-redirect-webchannel.

Additional results

Attachment #9459219 - Attachment is obsolete: true

The severity field is not set for this bug.
:markh, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(markh)

I think this is by design - jon, what are your current thoughts here?

Flags: needinfo?(markh) → needinfo?(jonalmeida942)

Sorry, we had spoken offline about this but I forgot to document the conversation:

  • Using the redirect_uri to send a user back to the Relying Party (RP) doesn't work here because this isn't a typical OAuth flow. The redirect_uri is the final step to complete the flow and return you to the RP. In the Sync case, we have web channel messaging that completes the flow for us, so taking the user through to the redirect_uri doesn't make a lot of sense today.
  • A suggestion we discussed is that FxA should know how to continue the flow correctly because it has the current context there and would know what to do next.
  • The case we're in today is an edge case: the user has to have completed the flow when the page is unloaded. FxA could make this page sync-aware (integration.isSync) and do something differently.

Closing as MOVED to FXA-11073.

Status: NEW → RESOLVED
Closed: 5 days ago
Flags: needinfo?(jonalmeida942)
Resolution: --- → MOVED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: