Closed Bug 888433 Opened 11 years ago Closed 8 years ago

Continue to enable Persona to delegate to primary identity providers

Categories

(Firefox OS Graveyard :: Gaia::System, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::System
Platform:
All
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: jedp, Unassigned)

References

(Blocks 1 open bug)

Details

When a user signs in with Persona, if the he or she has chosen an identity provider that supports browserid, we incorporate content from the identity provider into our sign-in flow.

This is accomplished by redirecting the sign-in flow over to the IdP's own provisioning and authentication pages[1].  These pages originate with the IdP, and load javascript from persona.org to access our API.  After identity provisioning is complete, we come back to our persona.org content to complete the process.  This all takes place in the trusted UI inside the system app.[2]

Note that we can't predict the IdP in advance; it's a matter of user choice at the time of sign-in.

I'm documenting this here because the admixture of redirects, iframes, CORS, and CSP requirements is complex and delicate, and I am concerned it could easily be broken by future developments in the b2g security model or changed in device behavior.  If any such changes are to occur, we will need to develop a way to keep the identity system on the device functioning properly.

I would be glad to provide more information if required.

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Persona/Implementing_a_Persona_IdP#Serving_The_IdP_Support_Document

[2] https://github.com/mozilla-b2g/gaia/blob/master/apps/system/js/identity.js#L62
What's the goal of this bug?  Just to keep us all aware that this is complicated and we want to keep this delegation feature enabled?
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #1)
> What's the goal of this bug?  Just to keep us all aware that this is
> complicated and we want to keep this delegation feature enabled?

That we need to keep this delegation feature enabled, yes.  I realize it's sort of an anti-bug in that respect.  

Is there a better means we ought to use to communicate this?
It's tough to identify what would cause this bug to close.

I usually write unit tests (or other test automation) for things that should continue to work, then we have to deliberately change/disable the test if I want to stop supporting it.  Can you do the same?
That's true.  For this feature, we currently only have automated gaia ui tests.  I will work on converting them to unit tests for gecko.  Perhaps I can follow up with you on email regarding the best way to simulate redirects to different origins etc. inside gecko tests?
I'm probably not the right guy to help you with test automation (I learn new stuff every time I write a test), but am happy to help with what I know.
The persona service will be decommissioned later this year, so I'm closing out persona-related bugs
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.