Closed
Bug 851760
Opened 12 years ago
Closed 11 years ago
OAuth redirection server hosting
Categories
(Cloud Services :: Operations: Marketplace, task)
Cloud Services
Operations: Marketplace
Tracking
(blocking-b2g:-)
RESOLVED
WONTFIX
blocking-b2g | - |
People
(Reporter: fabrice, Unassigned)
References
Details
(Whiteboard: [NPOTB])
+++ This bug was initially created as a clone of Bug #842953 +++
Gaia is using OAuth to authenticate users for the "import facebook contacts" functionnality. This relies on a remote server since facebook don't allow redirection to the app:// protocol that we use for packaged apps.
Currently Telefonica is hosting a server on heroku, but we now need to move on a partner-agnostic solution scalable solution.
The pages currently hosted are:
'http://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/flow.html',
'http://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/dialogs_end.html',
'http://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/logout.json'
'https://serene-cove-3587.herokuapp.com/liveowd/oauth2_new/flow_live.html'
I'm Ccing Francisco that can give all the needed details about the current setup.
Comment 1•12 years ago
|
||
Moving to the right queue.
Assignee: server-ops → server-ops-webops
Component: Server Operations → Server Operations: Web Operations
QA Contact: shyam → nmaul
Comment 2•12 years ago
|
||
Hi all,
So far we just need static content to be served, html and js that will redirect the information back to the app.
Comment 3•12 years ago
|
||
1) Will this only be static content for the foreseeable future or do you think there will ever be a requirement for active content and or a database etc? This will affect where we deploy the code.
2) What sort of domain requirement do you have? We obviously cannot use the herokuapp.com domain and I am curious if you have any preference on this?
3) I see there is one ssl url (the last in the list). Is this a requirement? If so it may take some additional time to secure an SSL certificate depending on the domain chosen above (2).
4) How often do you expect the code will need to be updated? Is this something you expect to deploy once and forget about or do you expect to be deploying updates on a regular bases?
5) Finally what is the time-line for this? Is it tied to a milestone or quarter goal or the like? I do not have access to the bug this blocks so can gather no details from there.
If it is easier we can arrange a quick vidyo call tomorrow or sometime soon to discuss the requirements. Let me know if that sounds like it would help.
Feel free to ping me or highlight 'webops' on IRC in #it.
Updated•12 years ago
|
Flags: needinfo?(francisco.jordano)
Comment 4•12 years ago
|
||
Hi Jason
(In reply to Jason Crowe [:jd] from comment #3)
> 1) Will this only be static content for the foreseeable future or do you
> think there will ever be a requirement for active content and or a database
> etc? This will affect where we deploy the code.
Will be only static content. We won't store any token from the user.
>
> 2) What sort of domain requirement do you have? We obviously cannot use the
> herokuapp.com domain and I am curious if you have any preference on this?
We don't have any preference for the domain, we will just reference it from our apps.
>
> 3) I see there is one ssl url (the last in the list). Is this a requirement?
> If so it may take some additional time to secure an SSL certificate
> depending on the domain chosen above (2).
SSL is a requirement.
>
> 4) How often do you expect the code will need to be updated? Is this
> something you expect to deploy once and forget about or do you expect to be
> deploying updates on a regular bases?
We won't be upgrading this in a regular basics, as we won't have ui, just a data redirection.
>
> 5) Finally what is the time-line for this? Is it tied to a milestone or
> quarter goal or the like? I do not have access to the bug this blocks so can
> gather no details from there.
Yes, this is tied to the launch of the first Firefox OS phones, but we will be ready ASAP (yes I know, everything is ASAP) as long as we are passing the certification process for our devices and the code base will be freeze soon. (Well, it should be already freez :( )
Adding you to the bug where we explain why we need this.
>
> If it is easier we can arrange a quick vidyo call tomorrow or sometime soon
> to discuss the requirements. Let me know if that sounds like it would help.
>
> Feel free to ping me or highlight 'webops' on IRC in #it.
Pinging you in IRC in 5, 4, 3, 2 ...
Flags: needinfo?(francisco.jordano)
Comment 5•12 years ago
|
||
Given this is tied to B2G phone launches, it sounds like it is most appropriate for this be hosted as part of the Marketplace infrastructure.
I am moving this to the Marketplace Ops queue for review
Assignee: server-ops-webops → server-ops-amo
Component: Server Operations: Web Operations → Server Operations: AMO Operations
QA Contact: nmaul → oremj
Comment 6•12 years ago
|
||
Can you attach, or post a link to, an archive containing all of the html/js/etc? I'd like to create a git repo, so we don't lose track of this.
Is it alright to post this to github?
Flags: needinfo?(francisco.jordano)
Comment 7•12 years ago
|
||
This should be hosted on a mozilla domain name, otherwise it will look sketchy and generate community consternation.
Comment 8•12 years ago
|
||
(In reply to Lucas Adamski from comment #7)
> This should be hosted on a mozilla domain name, otherwise it will look
> sketchy and generate community consternation.
Agree, sorry for not explaining myself on the previous comment.
Flags: needinfo?(francisco.jordano)
Comment 9•12 years ago
|
||
Should this be marked as not part of the build (NPOTB)?
Comment 10•12 years ago
|
||
(In reply to Andrew Overholt [:overholt] from comment #9)
> Should this be marked as not part of the build (NPOTB)?
Some how it's related as we are pointing our code directly agains that server.
What we could do is have that information (the one related to which server we should point) being customizable by partner as part of the building process.
I think :fabrice already suggested something like that, but we will need to work on it.
Thanks.
Reporter | ||
Comment 11•12 years ago
|
||
Francisco is right. Also, we may not need that at all if the solution I propose in bug 852848 is acceptable and lands everywhere.
Comment 12•12 years ago
|
||
(In reply to Francisco Jordano [:arcturus] from comment #10)
> (In reply to Andrew Overholt [:overholt] from comment #9)
> > Should this be marked as not part of the build (NPOTB)?
>
> Some how it's related as we are pointing our code directly agains that
> server.
We'll use bug 852848 for the in-product changes, and mark this as NPOTB until we find out otherwise.
Whiteboard: [NPOTB]
Comment 13•12 years ago
|
||
Been a couple of weeks - do we know what needs to happen here yet?
Comment 15•12 years ago
|
||
Well, sounds like the action is happening in bug 852848 now, but I can't tell from that bug whether it will resolve this one yet or not. Fabrice?
Flags: needinfo?
Reporter | ||
Comment 16•12 years ago
|
||
Yes, if we fix bug 852848 with a platform patch (which is likely, I'm just exactly not sure yet how), that will fix this one too.
Comment 17•11 years ago
|
||
Does this bug also covers the management of the hosted Facebook app too?
I can find the current ApplicationID as 323630664378726 from
https://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/js/parameters.js
and I cannot dig anymore information on the said Facebook glue app, e.g. it's privacy policy declaration to Facebook and to user, and it's support information, etc.
https://www.facebook.com/appcenter/323630664378726
https://apps.facebook.com/323630664378726/
It will be really strange, for production, that users will have to grant access to an app named "FBOWD" for contact import, not to mention the proper person in Mozilla does not have the control to that Facebook app in the Facebook developer center.
Comment 18•11 years ago
|
||
What is needed to close this bug out?
Comment 19•11 years ago
|
||
Given comment 16, can I close this out?
Updated•11 years ago
|
Flags: needinfo?(dietrich)
Comment 20•11 years ago
|
||
Per comment #16, closing. If bug 852848 can't or doesn't land for whatever reason, we can reopen this if necessary. However, it's TEF+ so it should land.
Status: NEW → RESOLVED
blocking-b2g: tef+ → -
Closed: 11 years ago
Flags: needinfo?(dietrich)
Resolution: --- → WONTFIX
Updated•10 years ago
|
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in
before you can comment on or make changes to this bug.
Description
•