Could we please get some details in this bug? :)
Ben, correct me if I am wrong, please, but for what I saw in the identity b2g implementation plan, this bug seems to be related with the creation of an invisible iframe by the gaia system app to load https://b2g.login.persona.org/communication_iframe and the injection of the approriate JS channel, the crypto and the cert-storage components into it.
Fernando: that's right. When navigator.id.watch() is called, the following steps should happen: - if nothing needs to happen, then handle the ready() callback natively, as already happens. - if a valid certificate exists for the user who should be logged in, then proceed with existing native implementation that generates assertion. - if an assertion SHOULD be generated, but no certificate is available, then open up an invisible IFRAME to /communication_iframe so that the logic for key generation and communication with the server for certification can be performed. This IFRAME should be opened up exactly like the trusted popup for navigator.id.request(), in the same system cookie jar, only of course invisible. Once certification has been performed, and the cert is saved to the native store, then control is handed back to the native implementation for assertion generation and callback invocation.
(In reply to Ben Adida [:benadida] from comment #3) > Fernando: that's right. > > When navigator.id.watch() is called, the following steps should happen: > Is there any documentation somewhere for navigator.id? I would like to understand how it works and how it should interact with Gaia.
Vivien: sure navigator.id is documented here: https://github.com/mozilla/id-specs/blob/beta1/browserid/index.md But before you write any patches, please check in with us on #b2gpay as we actually have much of this in progress.
Vivien: I realize I forgot to mark this assigned, sorry about that! I'm working to fix that now. We'll definitely reach out with questions on this issue.
Per today's b2g meeting - at-risk features don't block. So this shouldn't be a +.
this is absolutely critical. Without it, logging into marketplace won't work. Back to +.
In advance of our target this friday, Zach and I got this working this evening. So I think we're in good shape.
the code for this bug is pretty much impossible to separate from that of bug 794680, so we'll close this bug when that patch lands.
fixed as part of bug 794680 patch