Closed Bug 951306 Opened 6 years ago Closed 2 years ago

Implement "sign in via web" bug-out option in Android native Firefox Account UI

Categories

(Firefox for Android :: Android Sync, defect, P3)

All
Android
defect

Tracking

()

RESOLVED WONTFIX

People

(Reporter: nalexander, Unassigned)

References

Details

(Whiteboard: [qa+])

We're planning a native UI for Firefox Account sign up/sign in, but in a range of situations, we're going to want to drive users to sign in via a web interface:

* future security issues/protocol changes;
* obsolete client versions;
* future 2 factor auth;
* possibly COPPA failure messaging?
* general messaging to users;

This will require:

* an auth server response (possibly with a URL to direct the user to);
* some client code to start a browser, GeckoView, or WebView in a reasonable state;
* some client code to interpret a sign up/sign in response.
> * an auth server response (possibly with a URL to direct the user to);

ckarlof, rfkelly: can you file a bug or link to a github issue tracking this work?
Flags: needinfo?(rfkelly)
Flags: needinfo?(ckarlof)
> * some client code to interpret a sign up/sign in response.

nchapman, stomlinson, zaach: can you file a bug or link to a github issue tracking the "FxA for the web" work that this will consume?
Flags: needinfo?(zack.carter)
Flags: needinfo?(stomlinson)
Flags: needinfo?(nchapman)
I think a Web based "bug out" flow is too much for this effort. I love the idea, but let's do it later. For now, let's just make sure we can signal and handle the error.

Future key management support (pairing/2nd password): https://github.com/mozilla/fxa-auth-server/issues/451
API version obsolescence: https://github.com/mozilla/fxa-auth-server/issues/449

Are there any cases these don't cover?
Flags: needinfo?(ckarlof)
> * an auth server response (possibly with a URL to direct the user to);

Will a generic "400 Bad Request; client incompatibility detected" response suffice for the initial push, or do you require a little more nuance?
Flags: needinfo?(rfkelly)
Whiteboard: [qa+]
Part of these unsupported login methods will be displaying server-delivered messages for clients to display.  We need to ensure we're setting l10n headers appropriately so we get appropriately translated messages.  See also Bug 957381.
(In reply to Ryan Kelly [:rfkelly] from comment #4)
> > * an auth server response (possibly with a URL to direct the user to);
> 
> Will a generic "400 Bad Request; client incompatibility detected" response
> suffice for the initial push, or do you require a little more nuance?

If you can follow the same pattern that we just established for Sync, then we might be able to tie something in, even if the strings suck.
Blocks: 963833
No longer blocks: 951304
Flags: needinfo?(nchapman)
I've filed a content-server issue here: https://github.com/mozilla/fxa-content-server/issues/569
Flags: needinfo?(zack.carter)
Flags: needinfo?(stomlinson)
Product: Android Background Services → Firefox for Android
Priority: -- → P3
We no longer support native UI for sign in.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.