Closed Bug 851760 Opened 12 years ago Closed 11 years ago

OAuth redirection server hosting

Categories

(Cloud Services :: Operations: Marketplace, task)

task
Not set
normal

Tracking

(blocking-b2g:-)

RESOLVED WONTFIX
blocking-b2g -

People

(Reporter: fabrice, Unassigned)

References

Details

(Whiteboard: [NPOTB])

+++ This bug was initially created as a clone of Bug #842953 +++ Gaia is using OAuth to authenticate users for the "import facebook contacts" functionnality. This relies on a remote server since facebook don't allow redirection to the app:// protocol that we use for packaged apps. Currently Telefonica is hosting a server on heroku, but we now need to move on a partner-agnostic solution scalable solution. The pages currently hosted are: 'http://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/flow.html', 'http://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/dialogs_end.html', 'http://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/logout.json' 'https://serene-cove-3587.herokuapp.com/liveowd/oauth2_new/flow_live.html' I'm Ccing Francisco that can give all the needed details about the current setup.
Moving to the right queue.
Assignee: server-ops → server-ops-webops
Component: Server Operations → Server Operations: Web Operations
QA Contact: shyam → nmaul
Hi all, So far we just need static content to be served, html and js that will redirect the information back to the app.
Blocks: 852848
1) Will this only be static content for the foreseeable future or do you think there will ever be a requirement for active content and or a database etc? This will affect where we deploy the code. 2) What sort of domain requirement do you have? We obviously cannot use the herokuapp.com domain and I am curious if you have any preference on this? 3) I see there is one ssl url (the last in the list). Is this a requirement? If so it may take some additional time to secure an SSL certificate depending on the domain chosen above (2). 4) How often do you expect the code will need to be updated? Is this something you expect to deploy once and forget about or do you expect to be deploying updates on a regular bases? 5) Finally what is the time-line for this? Is it tied to a milestone or quarter goal or the like? I do not have access to the bug this blocks so can gather no details from there. If it is easier we can arrange a quick vidyo call tomorrow or sometime soon to discuss the requirements. Let me know if that sounds like it would help. Feel free to ping me or highlight 'webops' on IRC in #it.
Flags: needinfo?(francisco.jordano)
Hi Jason (In reply to Jason Crowe [:jd] from comment #3) > 1) Will this only be static content for the foreseeable future or do you > think there will ever be a requirement for active content and or a database > etc? This will affect where we deploy the code. Will be only static content. We won't store any token from the user. > > 2) What sort of domain requirement do you have? We obviously cannot use the > herokuapp.com domain and I am curious if you have any preference on this? We don't have any preference for the domain, we will just reference it from our apps. > > 3) I see there is one ssl url (the last in the list). Is this a requirement? > If so it may take some additional time to secure an SSL certificate > depending on the domain chosen above (2). SSL is a requirement. > > 4) How often do you expect the code will need to be updated? Is this > something you expect to deploy once and forget about or do you expect to be > deploying updates on a regular bases? We won't be upgrading this in a regular basics, as we won't have ui, just a data redirection. > > 5) Finally what is the time-line for this? Is it tied to a milestone or > quarter goal or the like? I do not have access to the bug this blocks so can > gather no details from there. Yes, this is tied to the launch of the first Firefox OS phones, but we will be ready ASAP (yes I know, everything is ASAP) as long as we are passing the certification process for our devices and the code base will be freeze soon. (Well, it should be already freez :( ) Adding you to the bug where we explain why we need this. > > If it is easier we can arrange a quick vidyo call tomorrow or sometime soon > to discuss the requirements. Let me know if that sounds like it would help. > > Feel free to ping me or highlight 'webops' on IRC in #it. Pinging you in IRC in 5, 4, 3, 2 ...
Flags: needinfo?(francisco.jordano)
Given this is tied to B2G phone launches, it sounds like it is most appropriate for this be hosted as part of the Marketplace infrastructure. I am moving this to the Marketplace Ops queue for review
Assignee: server-ops-webops → server-ops-amo
Component: Server Operations: Web Operations → Server Operations: AMO Operations
QA Contact: nmaul → oremj
Can you attach, or post a link to, an archive containing all of the html/js/etc? I'd like to create a git repo, so we don't lose track of this. Is it alright to post this to github?
Flags: needinfo?(francisco.jordano)
This should be hosted on a mozilla domain name, otherwise it will look sketchy and generate community consternation.
(In reply to Lucas Adamski from comment #7) > This should be hosted on a mozilla domain name, otherwise it will look > sketchy and generate community consternation. Agree, sorry for not explaining myself on the previous comment.
Flags: needinfo?(francisco.jordano)
Should this be marked as not part of the build (NPOTB)?
(In reply to Andrew Overholt [:overholt] from comment #9) > Should this be marked as not part of the build (NPOTB)? Some how it's related as we are pointing our code directly agains that server. What we could do is have that information (the one related to which server we should point) being customizable by partner as part of the building process. I think :fabrice already suggested something like that, but we will need to work on it. Thanks.
Francisco is right. Also, we may not need that at all if the solution I propose in bug 852848 is acceptable and lands everywhere.
(In reply to Francisco Jordano [:arcturus] from comment #10) > (In reply to Andrew Overholt [:overholt] from comment #9) > > Should this be marked as not part of the build (NPOTB)? > > Some how it's related as we are pointing our code directly agains that > server. We'll use bug 852848 for the in-product changes, and mark this as NPOTB until we find out otherwise.
Whiteboard: [NPOTB]
Been a couple of weeks - do we know what needs to happen here yet?
Still waiting on a reply to comment 6.
Flags: needinfo?
Well, sounds like the action is happening in bug 852848 now, but I can't tell from that bug whether it will resolve this one yet or not. Fabrice?
Flags: needinfo?
Yes, if we fix bug 852848 with a platform patch (which is likely, I'm just exactly not sure yet how), that will fix this one too.
Does this bug also covers the management of the hosted Facebook app too? I can find the current ApplicationID as 323630664378726 from https://intense-tundra-4122.herokuapp.com/fbowd/oauth2_new/js/parameters.js and I cannot dig anymore information on the said Facebook glue app, e.g. it's privacy policy declaration to Facebook and to user, and it's support information, etc. https://www.facebook.com/appcenter/323630664378726 https://apps.facebook.com/323630664378726/ It will be really strange, for production, that users will have to grant access to an app named "FBOWD" for contact import, not to mention the proper person in Mozilla does not have the control to that Facebook app in the Facebook developer center.
What is needed to close this bug out?
Given comment 16, can I close this out?
Flags: needinfo?(dietrich)
Per comment #16, closing. If bug 852848 can't or doesn't land for whatever reason, we can reopen this if necessary. However, it's TEF+ so it should land.
Status: NEW → RESOLVED
blocking-b2g: tef+ → -
Closed: 11 years ago
Flags: needinfo?(dietrich)
Resolution: --- → WONTFIX
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in before you can comment on or make changes to this bug.