Closed
Bug 971991
Opened 10 years ago
Closed 10 years ago
Loop Server needs to accept FxA bid assertion and simple push URL
Categories
(Hello (Loop) :: Server, defect)
Hello (Loop)
Server
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: abr, Assigned: alexis+bugs)
References
Details
User Story
This is the service that accepts registrations of simple push URLs for a user.
No description provided.
|
Reporter | |
Updated•10 years ago
|
Component: General → Client
|
|
Reporter | |
Updated•10 years ago
|
Component: Client → Server
|
||
Comment 1•10 years ago
|
||
This is the service that accepts registrations of simple push URLs for a user.
Summary: Server needs to accept auth token and simple push URL → MEET Server needs to accept auth token and simple push URL
|
Assignee | |
Comment 2•10 years ago
|
||
I think we should associate userids with push urls (eventually multiple ones) and not auth tokens. Auth tokens issued by the tokenserver will eventually expire whereas the userid will not. Associating the simple push url with an user id allows us to have a persistant way to find back how to contact our users.
|
|
||
Comment 3•10 years ago
|
||
That's consistent with my understanding of the plan.
|
|
Assignee | |
Comment 4•10 years ago
|
||
https://github.com/ametaireau/pants-server/commit/cecaaab368f36e0627baf9b5f7bb63dd1ca13473 is the code that does authentication, and https://github.com/ametaireau/pants-server/commit/3033f1ee1e6088c959ab2e58276bf5f7139d94bc checks we're sending a simple push url.
|
||
Comment 5•10 years ago
|
||
For MLP, I bet we want to do whatever's easiest. I've heard use cases for both expiring and non-expiring URLs. Which of these gets prioritized for MVP is presumably up to product.
|
|
||
Comment 6•10 years ago
|
||
For non-expiring, it becomes a lot more important to tackle revocation early on, which is I think a harder problem than an expiry.
|
|
Reporter | |
Comment 7•10 years ago
|
||
(In reply to Dan Mosedale (:dmose) from comment #5) > For MLP, I bet we want to do whatever's easiest. I've heard use cases for > both expiring and non-expiring URLs. Which of these gets prioritized for > MVP is presumably up to product. Which URLs are you talking about here? The Simple Push Server URLs?
|
|
||
Comment 8•10 years ago
|
||
abr: good catch; I was in fact confused. Please disregard my comment. :-)
|
||
Updated•10 years ago
|
User Story: (updated)
Summary: MEET Server needs to accept auth token and simple push URL → Loop Server needs to accept auth token and simple push URL
|
|
Assignee | |
Comment 9•10 years ago
|
||
Bug 972020 states we don't need integration with the token server for the MLP.
|
|
Reporter | |
Updated•10 years ago
|
Summary: Loop Server needs to accept auth token and simple push URL → Loop Server needs to accept FxA auth token and simple push URL
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → alexis+bugs
|
|
Assignee | |
Comment 10•10 years ago
|
||
We need to accept browserid assertions directly, and not tokens issued by the token server. Eventually, to avoid having to do a bid verification on the server each time, we can put a session cookie on the client then.
Summary: Loop Server needs to accept FxA auth token and simple push URL → Loop Server needs to accept FxA bid assertion and simple push URL
|
|
Reporter | |
Comment 11•10 years ago
|
||
For clarity, this is for the step that associates an FxA account ID with a simple push URL.
|
|
Assignee | |
Comment 12•10 years ago
|
||
https://github.com/mozilla/loop-server/commit/a9aa6d1442624ba2014f42d6f9230ce3d1b2226f
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 14•10 years ago
|
||
:alexis I guess this is moot since loop/authentication.js is no longer part of the repo?
|
|
Assignee | |
Comment 15•10 years ago
|
||
It's still the case but doesn't happen the same way. Have a look at loop/fxa.js and loop/index.js for more insights on how this is working.
You need to log in
before you can comment on or make changes to this bug.
Description
•