Closed Bug 932708 Opened 12 years ago Closed 11 years ago

Create a single sign-on solution for MDN and the Firefox Marketplace

Categories

(developer.mozilla.org Graveyard :: General, defect)

Product:
developer.mozilla.org Graveyard
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: robert, Unassigned)

References

Details

MDN and the Firefox Marketplace should have a single sign-on solution, i.e. using the the Developer Program accounts for both web properties. This should be implemented with Persona.
Blocks: 932711
Luke, how will we best approach this technically, and which team will own which parts?
Flags: needinfo?(lcrouch)
Right now we have bad news, and worse news :( worse news: Persona-based SSO (i.e., "Realms") is cancelled because browser vendors (including ourselves) are trending towards blocking 3rd-party cookies, even for visited sites. [1] bad news: The work-around is to iframe the Persona sign-in button and src it from a single domain, which is a ton of technical work and needs a ton of cross-team collaboration. glimmer of hope, depending on Les's approval: We might be able to do some auth dance on the back-end between MDN & AMO? [1] https://groups.google.com/d/msg/mozilla.dev.identity/f4SSG8qM-Mg/yINcAEUxLS8J
Flags: needinfo?(lcrouch) → needinfo?(lorchard)
Blocks: 932710
(In reply to Luke Crouch [:groovecoder] from comment #2) > glimmer of hope, depending on Les's approval: We might be able to do some > auth dance on the back-end between MDN & AMO? Well, I don't really have any particular dance in mind, though I don't think it would be all that back-end centric. The main pain is setting cookies on both domains when a sign-in happens on either one. Off the top of my head, that involves both sites cooperating somehow with a post-login redirect that bounces off the other. We'd have to meet with the AMO folks and compare notes as to what we could do. Definitely can't just do this unilaterally on the MDN side.
Flags: needinfo?(lorchard)
(In reply to Luke Crouch [:groovecoder] from comment #2) > bad news: The work-around is to iframe the Persona sign-in button and src it > from a single domain, which is a ton of technical work and needs a ton of > cross-team collaboration. I guess what I'm saying is that the bad news is the news. We might be able to use an iframe and login both sites from a shared domain. Or, we might be able to bounce the sites off each other to set login cookies. Either one is not simple. Also, we need to figure out what happens when a user has a profile on MDN but not on AMO, and vice versa.
First, "We might be able to do some auth dance on the back-end between MDN & AMO?". A question: does the Firefox Marketplace use the codebase/setup as AMO? Because even if AMO is desirable, the important first step is the Firefox Marketplace (even though I'm certain we'd face about the same challenges). Second, "We'd have to meet with the AMO folks and compare notes as to what we could do. Definitely can't just do this unilaterally on the MDN side." Completely agree. I'd be happy if you could set up that meeting and discuss the best technical approaches, and let me know what's feasible, and how to go about it. Third, "Also, we need to figure out what happens when a user has a profile on MDN but not on AMO, and vice versa." The idea to me is to merge these accounts, i.e. have one account to rule them all: a Developer Program membership (as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=932709 and https://bugzilla.mozilla.org/show_bug.cgi?id=932710).
(In reply to Robert Nyman from comment #5) > The idea to me is to merge these accounts, i.e. have one account to rule them all: a Developer Program > membership Okay, so this is way bigger than a few SSO hacks on MDN. Need to pop up the stack a few levels... I think we're missing a "Create Developer Program Membership profiles" bug that includes many, many more people than just the current CC list. Not sure what fields would be in that profile, what it would look like, where it would live, who would manage it, etc. That's definitely needed before we can really talk about SSO, or merging accounts from MDN (bug 932709) and AMO/Marketplace (bug 932710). In fact, I think we've been talking about bug 932707 as if it's just a newsletter sign-up. But, in reality, it's asking for a new registration page that takes over for *both* MDN and Marketplace. I don't think we can treat that as just MDN work. > First, "We might be able to do some auth dance on the back-end between MDN & > AMO?". A question: does the Firefox Marketplace use the codebase/setup as > AMO? Because even if AMO is desirable, the important first step is the > Firefox Marketplace (even though I'm certain we'd face about the same > challenges). I think AMO & Marketplace are the same codebase & team. I could be wrong, though: I haven't been involved with AMO for years, and have never touched Marketplace. > Second, "We'd have to meet with the AMO folks and compare notes as to what > we could do. Definitely can't just do this unilaterally on the MDN side." > > Completely agree. I'd be happy if you could set up that meeting and discuss > the best technical approaches, and let me know what's feasible, and how to > go about it. I think setting up a meeting like that is a bit beyond me. I can help tech-wise from the MDN side, but am kind of lost beyond that.
> Okay, so this is way bigger than a few SSO hacks on MDN. Need to pop up the > stack a few levels... > > I think we're missing a "Create Developer Program Membership profiles" bug > that includes many, many more people than just the current CC list. Not sure > what fields would be in that profile, what it would look like, where it > would live, who would manage it, etc. > > That's definitely needed before we can really talk about SSO, or merging > accounts from MDN (bug 932709) and AMO/Marketplace (bug 932710). > > In fact, I think we've been talking about bug 932707 as if it's just a > newsletter sign-up. But, in reality, it's asking for a new registration page > that takes over for *both* MDN and Marketplace. I don't think we can treat > that as just MDN work. I think you are right, Les. The vision is to do this full-on, in a proper way that is truly uniting the various developer-facing web sites. And that will take cross-team collaboration. Which means spending time on Single sign-on workarounds doesn't seem to be the best time spent. I've added the bug https://bugzilla.mozilla.org/show_bug.cgi?id=933031 to discuss this further.
Sorry, yeah - AMO & Marketplace are the same code-base, though they may be two separate teams working on each part of it. Re: scope - yes if we want to create a membership profile that spans all properties, we need to collaborate across teams. It will take several months to execute properly, right?
> Sorry, yeah - AMO & Marketplace are the same code-base, though they may be > two separate teams working on each part of it. No worries, I guessed as much. > Re: scope - yes if we want to create a membership profile that spans all > properties, we need to collaborate across teams. It will take several months > to execute properly, right? Sounds likely. I guess we need to discuss in that other bug what's best.
Blocks: 933031
No longer blocks: 932711
Blocks: 932711
No longer blocks: 932711
WONTFIX'ing - Firefox Marketplace, AMO, MDN, and other Mozilla websites plan to use Firefox Accounts as a single account mechanism.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
Moving to General component.
Component: Developer Program → General
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.