Closed
Bug 1941390
Opened 27 days ago
Closed 5 days ago
Desktop doesn't know how to handle OAuth uri from FxA
Categories
(Firefox :: Firefox Accounts, defect)
Firefox
Firefox Accounts
Tracking
()
RESOLVED
MOVED
People
(Reporter: jonalmeida, Unassigned)
References
Details
Attachments
(1 file, 1 obsolete file)
760.30 KB,
image/png
|
Details |
Prerequisite
- Ensure you are running desktop nightly with OAuth flow enabled.
- Ensure accounts.firefox.com is running on version 1.302.0 or higher (check the version here).
- Have an account created already with a recovery key.
Steps to reproduce
- Click the UI affordance to start a signin flow.
- Click the 'Forgot password?' link instead of signing in.
- Follow that process until you complete the password reset and get to the 'Continue to Sync' button.
- When you get to the 'New account recovery key created', force a tab unload event (e.g. reload the page).
- Observe the 'Your password has been reset' with the 'Continue to Sync' button.
- Click the button.
Expected results
- We continue onward to sync settings or account settings?
Actual results
- We do nothing when FxA provides the
urn:ietf:wg:oauth:2.0:oob:oauth-redirect-webchannel
.
Additional results
- For app services' FxA client, this might be handled differently. I can see these references to the same webchannel redirect:
Comment hidden (obsolete) |
Reporter | ||
Comment 2•17 days ago
|
||
Attachment #9459219 -
Attachment is obsolete: true
Comment 3•10 days ago
|
||
The severity field is not set for this bug.
:markh, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(markh)
Comment 4•6 days ago
|
||
I think this is by design - jon, what are your current thoughts here?
Flags: needinfo?(markh) → needinfo?(jonalmeida942)
Reporter | ||
Comment 5•5 days ago
|
||
Sorry, we had spoken offline about this but I forgot to document the conversation:
- Using the
redirect_uri
to send a user back to the Relying Party (RP) doesn't work here because this isn't a typical OAuth flow. Theredirect_uri
is the final step to complete the flow and return you to the RP. In the Sync case, we have web channel messaging that completes the flow for us, so taking the user through to theredirect_uri
doesn't make a lot of sense today. - A suggestion we discussed is that FxA should know how to continue the flow correctly because it has the current context there and would know what to do next.
- The case we're in today is an edge case: the user has to have completed the flow when the page is unloaded. FxA could make this page sync-aware (integration.isSync) and do something differently.
Closing as MOVED to FXA-11073.
Status: NEW → RESOLVED
Closed: 5 days ago
Flags: needinfo?(jonalmeida942)
Resolution: --- → MOVED
You need to log in
before you can comment on or make changes to this bug.
Description
•