Closed Bug 963209 Opened 11 years ago Closed 10 years ago

FxA needs to use production verifier

Categories

(Cloud Services :: Server: Firefox Accounts, defect)

Product:
Cloud Services
Component:
Server: Firefox Accounts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: edwong, Unassigned)

References

Details

(Whiteboard: [qa+])

Currently FxA uses persona's verifier. It should use the new one that Lloyd stood up. Current thinking is that the Persona and FxA verifier have interoperable formats and that we don't need to sync up the change between clients and server. For example: Android can use Persona verifier and Auth-server can use FxA verifier for a short period of time.
Whiteboard: [qa+]
Actually we should probably add here the links to the GitHub issues that are specific to Stage and Prod Verifier config and deploy.
This doesn't seem actionable yet as part of Bug 799726. Could you file an intermediate bug detailing what the required action is for Android?
OS: Mac OS X → All
Hardware: x86 → All
> For example: Android can use Persona verifier and Auth-server can use FxA verifier for a short period of time. Sorry, but I can't parse this. The three fxa+sync-related actors in this system all have a different part to play in the verification dance, and only one "uses a verifier". * the fxa-auth-server needs to generate certificates in a certain format, presumably the new format if we're switching over to the new verifier * the client code in firefox needs to generate assertions based on those certificates, presumably matching the format used by fxa-auth-server * the tokenserver needs to submit those assertions to a verifier, presumably the new one if everyone else is using the new assertion format ISTM that the possibility of updating any of these components independently depends wholly on the level of backwards-compatibility in the the new verifier wrt old-format assertions. If it accepts assertions where the certificate is new-format but the claim is old-format for example, then we can fiddle this those two independently on client and server.
No longer blocks: 799726
This doesn't block the work for desktop fxa
No longer blocks: 905997
"Using" the production verifier means the token server using it, not us.
Depends on: 965135
This all got sorted out in the end
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.