Closed Bug 808831 Opened 13 years ago Closed 13 years ago

b2g PIN lockout - navigator.id.logout feature

Categories

(Marketplace Graveyard :: Consumer Pages, defect, P2)

Product:
Marketplace Graveyard
Component:
Consumer Pages
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 822491
Milestone:
2013-01-31

People

(Reporter: ozten, Assigned: potch)

References

Details

Requirements for b2g: After successfully authenticating with Persona and when starting to purchase an App, the user must enter a PIN. If entered wrong 3 times, Marketplace wants us to challenge the user with their password. If the user has forgotten their password, they can reset it via email. The existing function navigator.id.logout will be refactored to add a new first parameter. This is an associative array which may have the property everywhere which is a boolean, defaulting to false. If set to true, the UA will remove all certificates for all identities. The UA will also remove any session cookies to fxos.login.persona.org. Note: logout is available in a deprecated flavor with a callback, we won't use this flavor. http://identity.mozilla.com/post/31739234834/committing-to-a-stable-api-for-persona Then navigator.id.request can be called to restart the provisioning and authentication flows. Having no session, the user will be forced to re-enter their credentials. Example Usage: navigator.id.logout({everywhere: true}); navigator.id.request();
Looks like this is going to change. I'll update the bug with the revised spec. Luckily... it's not a lot of code. Probably logout won't be involved and request will have a new parameter. Thanks for your patience.
Thanks for the update. Reopen when you've got info.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
Revised spec: navigator.id.request will support a new parameter for b2g devices - forceAuthentication: true Example usage: navigator.id.request({ issuer: FXOS_HOSTNAME, unverifiedEmail: ACCEPT_UNVERIFIED, forceAuthentication: true }); If forceAuthentication is any other value other than a Boolean true, it will be ignored. forceAuthentication forces the user to re-enter their credentials. Note: logout will not be used during PIN lockout flow.
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
Depends on: 811012
Blocks: 822491
note that 'issuer' should be replace with 'forceIssuer'
Assignee: nobody → thepotch
Priority: -- → P2
Target Milestone: --- → 2013-01-24
Needed for the logout view. Added as dependency.
Blocks: 827928
Target Milestone: 2013-01-24 → 2013-01-31
The re-auth flow that should happen after the PIN is locked from unsuccessful attempts is tracked in bug 836077 The general re-auth flow for resetting a forgotten PIN is bug 822491. I think everything from this original bug was done in that one.
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.