Closed
Bug 821351
Opened 12 years ago
Closed 12 years ago
Negotiate Persona verifiers on B2G vs. other platforms
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
2012-12-27
People
(Reporter: kumar, Assigned: kumar)
References
Details
On Firefox OS, Marketplace must:
1. serve the b2g Persona include.js
2. use the b2g Persona verifier service
On all other platforms, Marketplace must use the normal Persona include + verifier as it does now.
To negotiate the verifier on the backend, the code can inspect the JWT certificate which arrives as certificate~assertion (tilde separated). The certificate will have iss (issuer) which can be mapped to a whitelist of verifiers.
|
Assignee | |
Updated•12 years ago
|
|
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → kumar.mcmillan
|
|
Assignee | |
Comment 1•12 years ago
|
||
possible tool for inspecting assertions https://github.com/fmarier/browserid-tools
|
||
Comment 2•12 years ago
|
||
We're blocked on prefing this on Gaia without this. Per talking yesterday with Wil, this blocks on-device ship.
blocking-basecamp: --- → ?
|
|
Assignee | |
Comment 3•12 years ago
|
||
scratch the part about parsing the cert for the issuer. This will be too fragile because issuers will be dynamic once primaries are introduced.
Instead, for now, we can detect navigator.id._shimmed on the client and pass that via Ajax to the server so it knows to use the B2G verifier.
|
|
Assignee | |
Comment 4•12 years ago
|
||
Details on detecting the shim: https://id.etherpad.mozilla.org/fxos-persona
|
|
Assignee | |
Comment 5•12 years ago
|
||
This is on hold for now until the personatest server supports navigator.mozId. We decided on this as a better approach. See https://id.etherpad.mozilla.org/fxos-persona
|
|
||
Comment 6•12 years ago
|
||
(In reply to Kumar McMillan [:kumar] from comment #5)
> This is on hold for now until the personatest server supports
> navigator.mozId. We decided on this as a better approach. See
> https://id.etherpad.mozilla.org/fxos-persona
This can't be on hold. We're blocked on prefing on the feature without this. Please advise.
|
|
Assignee | |
Comment 7•12 years ago
|
||
aha, it looks like I can do a workaround by setting a custom UA per https://github.com/mozilla/r2d2b2g/blob/master/prosthesis/defaults/preferences/prefs.js until bug 821000 is fixed.
|
|
||
Comment 8•12 years ago
|
||
Kumar - Do you know when you'll be able to land this?
Our client-side QA team needs to finish a full test run by 12/28/2012 of all Gaia features. For that test run, we want the feature prefed on by default to simulate real user interaction, including from dogfooders. Identity is one of the areas that's at risk for the target since marketplace's login will be broken if we pref on.
|
|
Assignee | |
Comment 9•12 years ago
|
||
I'm working on it today. bug 794695 was higher priority for us but that is done, pending review.
|
|
Assignee | |
Updated•12 years ago
|
Target Milestone: 2012-12-20 → 2012-12-27
|
|
Assignee | |
Comment 10•12 years ago
|
||
This is fixed and live on the dev site. Logins from desktop work with the existing Persona service and logins from B2G use https://notoriousb2g.personatest.org/ (you have to create a login there for it to work)
https://github.com/mozilla/zamboni/commit/71798e326a74dd415d43d714ba90ef08b68d37a6
IMPORTANT: If you are using B2G desktop, that is, not a phone or the Firefox OS simulator, then you need to override your UA string like this https://github.com/mozilla/r2d2b2g/blob/master/prosthesis/defaults/preferences/prefs.js
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
||
Updated•12 years ago
|
blocking-basecamp: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•