Closed
Bug 882655
Opened 12 years ago
Closed 12 years ago
! - Figure out an SSO/persona solution that doesn't get pop up blocked
Categories
(Webmaker Graveyard :: webmaker.org, defect)
Webmaker Graveyard
webmaker.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: brett, Assigned: michiel)
References
Details
Attachments
(5 files, 1 obsolete file)
56 bytes,
text/x-github-pull-request
|
mjschranz
:
review+
|
Details | Review |
48 bytes,
text/x-github-pull-request
|
kate
:
review+
mjschranz
:
review+
|
Details | Review |
54 bytes,
text/x-github-pull-request
|
mjschranz
:
review+
kate
:
review+
|
Details | Review |
55 bytes,
text/x-github-pull-request
|
humph
:
review+
mjschranz
:
review+
|
Details | Review |
56 bytes,
text/x-github-pull-request
|
mjschranz
:
review+
|
Details | Review |
Whats the importance field above "blocker"?
Comment 1•12 years ago
|
||
This might not be the best solution, but I was doing a quick research about what could be our solution here, and I found that "iframe sandbox" would at least help a bit to get this bypass.
It will at least tell the browser that it is okay to get this iframe popup even they have the option for blocked popup windows on.
It works for most modern browsers except few old one and including IE9 that it doesn't support.
IMO: I think having this feature at least would be better than having nothing at all.
Unless there will be a better solution for that :)
Comment 2•12 years ago
|
||
From discussions with jbuck on irc, the issue here is that we're not calling navigator.id.request() directly from a user action in the UI (i.e., we do it indirectly through postMessage into an iframe due to our navigator.idSSO wrapper), which means it isn't happening as a result of a trusted event, and therefore needs the user to allow it manually (popup blocking kicks in).
The way to fix this is for us to trigger navigator.id.request() directly in the UI callback initiated by the user's "Sign in" click. Our current strategy looks like this:
User clicks -> navigator.idSSO.request() -> postMessage to iframe -> addEventListener("message") -> navigator.id.request()
Basically, we can't do that navigator.id.request() call on the far side of the postMessage--it has to happen before. Jon suggests that the least bad solution would be to replace the sign-in/sign-up buttons with an iframe, that has the same appearance, and triggers request() directly/immediately. What isn't yet clear is how to do this without dumping all our current work in idSSO.
In principle we can have persona pop up its login window, get the email+assertion from that, and then postmessage that data to our iframe for login.webmaker.org validation, correct?
Comment 4•12 years ago
|
||
From discussions on vidyo with jbuck/Pomax, our plan is going to be trying to move the login/logout buttons into the same window (iframe) as we do the call to navigator.id.request(), such that we can wire direct event handlers for trusted events.
Pomax is going to give this a shot and see if he runs into any issues.
NOTE 2: ONCE THIS LANDS, ALL CONSUMER APPS NEED THEIR SNIPPET UPDATED
Comment 10•12 years ago
|
||
Working nicely, but needs some cleanup.
Comment 11•12 years ago
|
||
I have tried on
Opera Version 12.15 on Mac
Chrome Version 27.0.1453.110 on Mac
Firefox Version 21.0 on Mac
Logged in from Thimble with popup blocked "ON" and it stills open up and I can login fine and crossed server
The only thing needed now is to clean up :)
10+ for you :pomax
Assignee | ||
Comment 12•12 years ago
|
||
Comment on attachment 762142 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/119
part one of three
Attachment #762142 -
Flags: review?(david.humphrey)
Assignee | ||
Comment 13•12 years ago
|
||
Comment on attachment 762143 [details] [review]
https://github.com/mozilla/webmaker.org/pull/131
part two of three
Attachment #762143 -
Flags: review?(david.humphrey)
Assignee | ||
Comment 14•12 years ago
|
||
Comment on attachment 762144 [details] [review]
https://github.com/mozilla/login.webmaker.org/pull/102
part three of three
Attachment #762144 -
Flags: review?(david.humphrey)
Comment 15•12 years ago
|
||
Comment on attachment 762142 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/119
One thing I want to make sure we do is styling of that iframe so we remove the border, etc. (i.e., so consumers can just use it without having to also style it). Should we do that in css or js? Should we add an id or class name to the iframe, or just pick it out of the DOM based on position in the nav?
r+ with that figured out.
Attachment #762142 -
Flags: review?(david.humphrey) → review+
Assignee | ||
Comment 16•12 years ago
|
||
we're doing the styling - peek a gandour at the .css we're using in the webmaker.org pull request.
Comment 17•12 years ago
|
||
Comment on attachment 762143 [details] [review]
https://github.com/mozilla/webmaker.org/pull/131
A few comments in the PR, r+ with those.
Attachment #762143 -
Flags: review?(david.humphrey) → review+
Comment 18•12 years ago
|
||
Comment on attachment 762144 [details] [review]
https://github.com/mozilla/login.webmaker.org/pull/102
Seems sane to me, but I'd like Kate to look at it (and other CSS changes).
Attachment #762144 -
Flags: review?(kate)
Attachment #762144 -
Flags: review?(david.humphrey)
Attachment #762144 -
Flags: review+
Comment 19•12 years ago
|
||
General comments on this work:
* Amazing, thank you for getting it done so quickly and with such little fuss
* I want to see the patch for Popcorn Maker's use of this in here too
* I want to have a decision made about where and when the CSS fixes this needs are happening. I'd suggest we do it in this bug, but I'm open to whatever gets it done today.
* I've asked Kate to look at CSS changes generally
* Let's figure out how to style the iframe for consumers so they don't have to set border to none, deal with sizing on iframe, etc.
Assignee | ||
Comment 20•12 years ago
|
||
Comment on attachment 762143 [details] [review]
https://github.com/mozilla/webmaker.org/pull/131
refactored CSS needs a design pass, too.
Attachment #762143 -
Flags: review+ → review?(kate)
Assignee | ||
Comment 21•12 years ago
|
||
as for the iframe border, I'd suggest we simply take the iframe in the webmaker user bar. There's only one in there, but even if there were more, they all need their borders set to none.
Assignee | ||
Comment 22•12 years ago
|
||
I tried to add this to popcorn, too, but popcorn's... a bit of a mess =x
I got it to load, but the cross-site SSO doesn't seem to work (logging into popcorn doesn't log me into webmaker, I have to reload the browser and then it shows me as logged in). Who knows what's missing to make popcorn work too?
Attachment #762324 -
Flags: review?(schranz.m)
Attachment #762324 -
Flags: review?(jon)
Attachment #762324 -
Flags: review?(david.humphrey)
Comment 23•12 years ago
|
||
Comment on attachment 762324 [details] [review]
https://github.com/mozilla/popcorn.webmaker.org/pull/55
I'd like to get Matt to weigh in, looks OK to me.
Attachment #762324 -
Flags: review?(david.humphrey) → review+
Assignee | ||
Comment 24•12 years ago
|
||
Comment on attachment 762324 [details] [review]
https://github.com/mozilla/popcorn.webmaker.org/pull/55
I've updated the popcorn patch to load include.js after the userbar has fully built. solves the problem, for me.
Comment 25•12 years ago
|
||
Additional work needs to be done for the patch to land in Popcorn Maker. Also, we need to figure out what's wrong with the /me and /account pages when clicked on in the bar.
Attachment #762690 -
Flags: review?(jon)
Attachment #762690 -
Flags: review?(david.humphrey)
Updated•12 years ago
|
Attachment #762324 -
Flags: review?(schranz.m) → review-
Assignee | ||
Comment 26•12 years ago
|
||
Point of login cookies taking time: On the very first time a user loads this, in the extremely unlikely event that they have webmaker and popcorn/thimble open in two tabs, the first login that sets a persona cookie will only set the cookie for the one site. Since the other tabs have no persona-controlled sessions yet, there will be no "magic switch" that logs them in simultaneously. However, any time after that, simultaneous login will happen just fine. To be honest, this sounds like a wontfix issue since users are unlikely to load up all the tools in different tabs and then log in (effectively testing our login process) the very first time they use webmaker.
Comment 27•12 years ago
|
||
Comment on attachment 762324 [details] [review]
https://github.com/mozilla/popcorn.webmaker.org/pull/55
R+ with my patch landed. We also fixed the issues being seen with /me and /account
Attachment #762324 -
Flags: review- → review+
Assignee | ||
Comment 28•12 years ago
|
||
Comment on attachment 762142 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/119
just-to-be-sure r?
Attachment #762142 -
Flags: review+ → review?(schranz.m)
Assignee | ||
Comment 29•12 years ago
|
||
Comment on attachment 762143 [details] [review]
https://github.com/mozilla/webmaker.org/pull/131
just-to-be-sure check
Attachment #762143 -
Flags: review?(schranz.m)
Assignee | ||
Comment 30•12 years ago
|
||
Comment on attachment 762144 [details] [review]
https://github.com/mozilla/login.webmaker.org/pull/102
just to be sure... v3
Attachment #762144 -
Flags: review+ → review?(schranz.m)
Comment 31•12 years ago
|
||
Comment on attachment 762690 [details] [diff] [review]
Additional work for Popcorn Patch
This was merged into the Popcorn pull request.
Attachment #762690 -
Attachment is obsolete: true
Attachment #762690 -
Flags: review?(jon)
Attachment #762690 -
Flags: review?(david.humphrey)
Comment 32•12 years ago
|
||
Comment on attachment 762142 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/119
R+, looks good locally for me.
Attachment #762142 -
Flags: review?(schranz.m) → review+
Comment 33•12 years ago
|
||
Comment on attachment 762143 [details] [review]
https://github.com/mozilla/webmaker.org/pull/131
R+ from me. Looked good locally.
Attachment #762143 -
Flags: review?(schranz.m) → review+
Comment 34•12 years ago
|
||
Comment on attachment 762144 [details] [review]
https://github.com/mozilla/login.webmaker.org/pull/102
R+ again. Worked well locally for me.
Attachment #762144 -
Flags: review?(schranz.m) → review+
Attachment #762324 -
Flags: review?(jon)
Comment 35•12 years ago
|
||
Comment on attachment 762144 [details] [review]
https://github.com/mozilla/login.webmaker.org/pull/102
Could we do this instead? That way, we don't have to coordinate fonts etc. between the iframe and the user bar
https://github.com/Pomax/login.webmaker.org/pull/1
Also see https://github.com/Pomax/webmaker.org/pull/1
Assignee | ||
Comment 36•12 years ago
|
||
both pull requests need a rebase before they're reviewable. login is probably good, webmaker will need an update, because it looks like it's based on a fairly "old" branch commit
Updated•12 years ago
|
Attachment #762143 -
Flags: review?(kate) → review+
Updated•12 years ago
|
Attachment #762144 -
Flags: review?(kate) → review+
Comment 37•12 years ago
|
||
Commit pushed to master at https://github.com/mozilla/login.webmaker.org
https://github.com/mozilla/login.webmaker.org/commit/87f50aeafc92ad2bf4dc2cf5f93fee5b249ceb12
Merge pull request #102 from Pomax/bug882655
[#882655] SSO through direct iframe interaction
Comment 38•12 years ago
|
||
Commit pushed to master at https://github.com/mozilla/thimble.webmaker.org
https://github.com/mozilla/thimble.webmaker.org/commit/d4863689b0db7db1b7b55b63c65533e351cd384c
Merge pull request #119 from Pomax/bug882655
[#882655] SSO through direct iframe interaction
Comment 39•12 years ago
|
||
Commit pushed to master at https://github.com/mozilla/popcorn.webmaker.org
https://github.com/mozilla/popcorn.webmaker.org/commit/be0db207eda95217858f2190f283df5eccda8a1f
Merge pull request #55 from Pomax/bug882655
[#882655] SSO through direct iframe interaction
Comment 40•12 years ago
|
||
Commit pushed to master at https://github.com/mozilla/webmaker.org
https://github.com/mozilla/webmaker.org/commit/0f66942e6e3019a560b8db7d9175b8d4d9404d80
Merge pull request #131 from Pomax/bug882655
[#882655] SSO through direct iframe interaction
Assignee | ||
Comment 41•12 years ago
|
||
All the things have landed. Builds running.
Assignee | ||
Comment 42•12 years ago
|
||
Attachment #762819 -
Flags: review?(schranz.m)
Comment 43•12 years ago
|
||
Comment on attachment 762819 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/127
R+
Attachment #762819 -
Flags: review?(schranz.m) → review+
Assignee | ||
Comment 44•12 years ago
|
||
building new thimble for staging.
Assignee | ||
Comment 45•12 years ago
|
||
landed. for reals.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Attachment mime type: text/plain text/plain text/plain text/plain text/plain → text/x-github-pull-request text/x-github-pull-request text/x-github-pull-request text/x-github-pull-request text/x-github-pull-request
You need to log in
before you can comment on or make changes to this bug.
Description
•