Closed Bug 958462 Opened 12 years ago Closed 12 years ago

Add tokenserver support for BrowserID "generation numbers"

Categories

(Cloud Services Graveyard :: Server: Token, defect)

Product:
Cloud Services Graveyard
Component:
Server: Token
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: rfkelly, Assigned: rfkelly)

References

Details

(Whiteboard: [qa+])

Attachments

(1 file)

tokenserver-generations.diff
7.05 KB, patch
telliott
: review+
Details | Diff | Splinter Review
The speed up the propagation of password changes, the FxA server will include a "generation number" in all identity certificates that it issues. This is an integer that will increase monotonically with each change of the user's password. Tokenserver needs to remember a high-water-mark for this value, and reject assertions with lower generation numbers. Docs update forthcoming, implementation next week.
This adds a description of generation-number-checking to the tokenserver flow document, and a dedicated error status so that clients can detect it easily. It's using the generalized cornice error format discussed in Bug 792674. I also went ahead and added a dedicated status for "bad timestamp" per https://github.com/mozilla-services/tokenserver/issues/17
Attachment #8358335 - Flags: review?(telliott)
Attachment #8358335 - Flags: review?(nalexander)
Whiteboard: [qa+]
Comment on attachment 8358335 [details] [diff] [review] tokenserver-generations.diff Review of attachment 8358335 [details] [diff] [review]: ----------------------------------------------------------------- Looks good. My only suggestion would be to remove the 'monotonically' from the generation number. It's not really meaningful there. The number is guaranteed to be greater than the previous number, but it doesn't have to be one greater (even if it likely is).
Attachment #8358335 - Flags: review?(telliott) → review+
Docs change committed in https://github.com/mozilla-services/docs/commit/ad2f3e5f9affc08ee78752665151e3b3885cccbd Implementation forthcoming.
Status: NEW → ASSIGNED
Depends on: 960009
This has landed in tokenserver master. It will be transparent to client code, as generation numbers are produced automatically by the FxA server.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
OK.
Status: RESOLVED → VERIFIED
Comment on attachment 8358335 [details] [diff] [review] tokenserver-generations.diff clearing stale review, this is already landed
Attachment #8358335 - Flags: review?(nalexander)
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: