Closed
Bug 703093
Opened 13 years ago
Closed 13 years ago
Allow apps to request key/secret to make in-app payments
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
6.4.1
People
(Reporter: kumar, Assigned: kumar)
References
Details
If an app operator wants to make in-app payments they need a page on devhub where they can request an application key and secret. They will keep the secret safe on the server and use it to encode JWT requests to the AMO market. All requests will contain the application key so that AMO knows what secret to use when decoding JWTs. More info: https://github.com/mozilla/apps-payment-server/blob/master/DESIGN.md The secret needs to be very strong. We will need to quickly revoke application keys if a secret gets compromised.
Assignee | ||
Updated•13 years ago
|
Assignee | ||
Updated•13 years ago
|
Priority: -- → P2
Comment 1•13 years ago
|
||
This page should be logging with prejudice. And maybe send an email to the developer.
Assignee | ||
Comment 2•13 years ago
|
||
We also need them to register their postback URL (bug 703083) and chargeback URL (bug 703084)
Updated•13 years ago
|
Priority: P2 → P1
Target Milestone: --- → 6.4.0
Updated•13 years ago
|
Assignee: nobody → kumar.mcmillan
Updated•13 years ago
|
Target Milestone: 6.4.0 → 6.4.1
Assignee | ||
Comment 3•13 years ago
|
||
Brian Warner gave me the Python code for generating a strong key and he provided the best way with os.urandom() so that it is a truly random key. andym, I didn't add any logging because I realized everything is time-stamped in the database. We are not [yet] regenerating keys so it's only DB inserts. If and when we regenerate keys we should log that. To see the new page in devhub, turn on the in-app-payments switch. Fixed in https://github.com/mozilla/zamboni/commit/218b379
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•