Closed Bug 799732 Opened 7 years ago Closed 6 years ago

Implement TokenServerClient for interacting with token server service

Categories

(Firefox for Android :: Android Sync, defect, P1)

All
Android
defect

Tracking

()

RESOLVED FIXED

People

(Reporter: nalexander, Assigned: nalexander)

References

(Depends on 1 open bug, Blocks 1 open bug, )

Details

(Whiteboard: [score=medium][qa+][fixed in elm] u= c= p=1 s=ready)

Would be nice if we had Bug 745800, too.  And I'd like a pony.
Assignee: nobody → nalexander
Component: Android Sync → Android: Firefox Account
Depends on: 745800
Bulk resolving Firefox Accounts bugs, since that project is dead.  For those interested, similar ideas are being explored under the name PiCL (Profile-in-the-Cloud).
Assignee: nalexander → nobody
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Component: Android: Firefox Account → Android Sync
Product: Mozilla Services → Android Background Services
The token server is back in the game!  As part of syncing against Sync 1.1 servers, but with new auth.  See https://mail.mozilla.org/pipermail/sync-dev/2013-August/000392.html.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Whiteboard: [qa+]
It's all reviews, all the day.  Sorry rnewman!
Assignee: nobody → nalexander
Flags: needinfo?(rnewman)
Reviewed in GitHub. Waiting on new revision.
Flags: needinfo?(rnewman)
https://hg.mozilla.org/projects/elm/rev/1b6d001a9da7
Status: REOPENED → ASSIGNED
Whiteboard: [qa+] → [qa+][fixed in elm]
This is a client that handles cryptographic tokens, so sec-review?.
Flags: sec-review?(curtisk)
clearing my name but leaving the flag for triage as I am not qualified to review this
Flags: sec-review?(curtisk) → sec-review?
dchan this will be in Sprint2
Flags: sec-review? → sec-review?(dchan+bugzilla)
Putting this on the triage calendar for our team. This a borderline moderate/high issue given the project it is part of.
Whiteboard: [qa+][fixed in elm] → [score=medium][qa+][fixed in elm] u= c= p=1 s=ready
Depends on: 935671
To provide context for sec review: this is a general purpose piece that exchanges a browser ID assertion (produced by a black box) for a "token server token", which right now means HAWK (https://github.com/hueniverse/hawk) credentials.

The point is to minimize public key crypto: instead of authenticating requests with BID assertions, we authenticate with cheaper symmetric HAWK signatures.

This will be used in the following flow:
* background sync is kicked off by Android
* Sync uses FxAccount credentials to request a browser ID certificate from FxA authentication server
* Sync generates a browser ID assertion using that certificate (Bug 799734 does this)
* Sync exchanges that browser ID assertion using the token server client here
* Sync authenticates future requests using the returned token server token (HAWK credentials)
https://hg.mozilla.org/mozilla-central/rev/1b6d001a9da7
Status: ASSIGNED → RESOLVED
Closed: 7 years ago6 years ago
Resolution: --- → FIXED
Blocks: 958795
Blocks: 959915
Blocks: 959919
Leaving as Resolved given the open Depends on bugs.
Product: Android Background Services → Firefox for Android
You need to log in before you can comment on or make changes to this bug.