Closed Bug 968320 Opened 11 years ago Closed 11 years ago

A way to verify app:// origins in the Firefox Accounts verifier


(Core Graveyard :: Identity, defect)

Not set


(Not tracked)



(Reporter: jedp, Unassigned)



If an app posts an identity assertion up to its server, the server should be able to ask the Firefox Accounts verifier to verify the assertion, even if it has an app://something url.

Presently, the verifier rejects such origins - and for good reason, since a url of the form app://{guid} is inherently unverifiable.  But if the app has a stable, if arbitrary, origin in its manifest (the case for packaged apps), then the app's server should be allowed to tell the verifier that this is an accepted origin.

Such a change will require only simple changes to the DOM API, for which we already have Bug 947374, and a simple modification to the verifier.
Depends on: 947374
QA Contact: jparsons
Blocks: 955951
Wait.  What am I talking about.  That's completely irrelevant.  Sorry.  Move along ...
The good :fmarier will open a PR in the new verifier [1] that does something like this PR that I completely forgot I landed in the old verifier last year [2].


Benson, do you know if the new 'browserid-verifier' has been deployed in production yet?  Or are we still using the old 'browserid' verifier for Persona and Firefox Accounts?
Flags: needinfo?(bwong)
@jedp the new verifier ( is deployed at 

Let me know when your PR lands and I will deploy it. 

Flags: needinfo?(bwong)
Thanks, Benson!
Blocks: 947374
No longer depends on: 947374
:fmarier remarks that, according to the unit tests, this feature is already live and deployed on the new verifier.  Thank you, Lloyd.
Closed: 11 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.