steps to reproduce: 1. Launch marketplace-dev app on your unagi phone 2. Click on the Login/Register button 3. Log in using unverified account 4. Navigate to 'private yacht' 5. Click on the purchase button expected behavior: Payment Flow opens in the trustedUI and PIN creation screen loads. observed behavior: Payment Flow opens in the trustedUI but user is prompted to log in.
Login in what sense in the observed behavior? Was the persona cookie saved? You can validate if the persona cookie was saved if after step #5, you should not have to enter your username and password, but instead, select to login with the account saved.
This is a Marketplace bug. You can reproduce it on desktop B2G too. The *second* time you log in using the same account, everything works. The bug is something in the way that Marketplace is using the Persona observer API. Even after logging in successfully, Marketplace still calls nav.id.request() which is why it appears to take two logins instead of one.
Supposedly webpay is prompting the user to log in during purchase if they have been logged into marketplace for a while. This should not happen. We have PIN verification to avoid any malicious intent. Logged-in users should directly be prompted to enter their PIN.
Unfortunately, using the exact STR with a new unverified account I was able to start a purchase and get to the mozPay window. (In reply to krupa raj 82[:krupa] from comment #3) > Supposedly webpay is prompting the user to log in during purchase By "webpay" do you mean "Marketplace"? If it looks like this - http://f.cl.ly/items/2Y3v3O2s1f180O10132C/Screen%20Shot%202013-01-16%20at%206.40.04%20PM.png - that's the Marketplace, not webpay. > if they have been logged into marketplace for a while. This should not happen. What do you mean a while? Did you close the app or anything? I can't think of what effect duration would have on login. I'm sure this is happening (and likely blamable on some Persona wonkiness). Any advice to repro would be bawse.
I've noticed this double-login as well, and would be happy to help diagnose. Where does the marketplace code live? I'd be glad to look at the way the observer api is being used; if, as kumar says, there's a second call to navigator.id.request(), then this is the expected behavior. And if, as cvan suspects, there's something wonky with persona, we certainly want to know that, too :) Trying to reproduce now and follow the debug logs (which would give some idea about the way persona is being used and the way it is behaving) is unsuccessful: After clicking on the private yacht, I get a "Something went wrong!" error in the Trusted UI, so I can't do any more at present. (Debug logs: If you pref toolkit.identity.debug to true, you'll get a lot of information about how persona is being called and what it's doing behind the scenes.)
Verified as fixed using a new account : http://screencast.com/t/jq4Iv6EZ
moving back to verify the bug on the phone.
I suspect that this still happens.Kumar and i saw this happen on marketplace-dev STR: 1. Log into marketplace-dev 2. Wait for > 40 mins 3. Search for a paid app and try to purchase it observed behavior: Payment Flow opens in the trustedUI but user is prompted to log in again.
krupa will file a separate bug for cvan