Closed Bug 821351 Opened 10 years ago Closed 10 years ago

Negotiate Persona verifiers on B2G vs. other platforms

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED FIXED
2012-12-27

People

(Reporter: kumar, Assigned: kumar)

References

Details

On Firefox OS, Marketplace must:
1. serve the b2g Persona include.js
2. use the b2g Persona verifier service

On all other platforms, Marketplace must use the normal Persona include + verifier as it does now.

To negotiate the verifier on the backend, the code can inspect the JWT certificate which arrives as certificate~assertion (tilde separated). The certificate will have iss (issuer) which can be mapped to a whitelist of verifiers.
Priority: -- → P1
Target Milestone: --- → 2012-12-20
Assignee: nobody → kumar.mcmillan
possible tool for inspecting assertions https://github.com/fmarier/browserid-tools
We're blocked on prefing this on Gaia without this. Per talking yesterday with Wil, this blocks on-device ship.
blocking-basecamp: --- → ?
scratch the part about parsing the cert for the issuer. This will be too fragile because issuers will be dynamic once primaries are introduced.

Instead, for now, we can detect navigator.id._shimmed on the client and pass that via Ajax to the server so it knows to use the B2G verifier.
Details on detecting the shim: https://id.etherpad.mozilla.org/fxos-persona
Blocks: 811528
This is on hold for now until the personatest server supports navigator.mozId. We decided on this as a better approach. See https://id.etherpad.mozilla.org/fxos-persona
(In reply to Kumar McMillan [:kumar] from comment #5)
> This is on hold for now until the personatest server supports
> navigator.mozId. We decided on this as a better approach. See
> https://id.etherpad.mozilla.org/fxos-persona

This can't be on hold. We're blocked on prefing on the feature without this. Please advise.
aha, it looks like I can do a workaround by setting a custom UA per https://github.com/mozilla/r2d2b2g/blob/master/prosthesis/defaults/preferences/prefs.js until bug 821000 is fixed.
Kumar - Do you know when you'll be able to land this?

Our client-side QA team needs to finish a full test run by 12/28/2012 of all Gaia features. For that test run, we want the feature prefed on by default to simulate real user interaction, including from dogfooders. Identity is one of the areas that's at risk for the target since marketplace's login will be broken if we pref on.
I'm working on it today. bug 794695 was higher priority for us but that is done, pending review.
Target Milestone: 2012-12-20 → 2012-12-27
This is fixed and live on the dev site. Logins from desktop work with the existing Persona service and logins from B2G use https://notoriousb2g.personatest.org/ (you have to create a login there for it to work)

https://github.com/mozilla/zamboni/commit/71798e326a74dd415d43d714ba90ef08b68d37a6

IMPORTANT: If you are using B2G desktop, that is, not a phone or the Firefox OS simulator, then you need to override your UA string like this https://github.com/mozilla/r2d2b2g/blob/master/prosthesis/defaults/preferences/prefs.js
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
blocking-basecamp: ? → ---
You need to log in before you can comment on or make changes to this bug.