Hi! As Ryan suggested, I am posting my feature request/idea on here for further discussion.
So I am currently running my own sync storage server. Thanks to recent commits, the sync server now has a "allow_new_users" config option, which restricts new user signup. While sufficient from a "just works" perspective, it has the issue that unwanted requests to the storage server push completely through to the server and only get rejected when no already active token is found in the database. As I said, this seems robust enough, but I have the itch that it leaves open some attack vectors. But including more authentication on the sync server would be defeating the purpose of separating storage and auth. So okay then, for whoever wants more security, run your own auth server! Now that comes with the downside that I can't use some features of FXA. These are few at the moment (most notably the marketplace), but it seems to me that features like single-sign-on (including third-party websites) is planned/swirming around as an idea (see: https://wiki.mozilla.org/Identity/Firefox-Accounts#Can_I_use_my_Firefox_Account_to_log_in_to_non-Mozilla_services.3F) I want both, a self-hosted auth server and all the FXA features. And one way to achieve that would be that my self-hosted auth server could communicate with the "main" auth server at mozilla. A use-case would be that a user starts firefox, automatically logs into his self-hosted fxa-auth-server, then goes to firefox marketplace, marketplace asks for credentials, firefox forwards to the auth server, the local auth server accepts request, queries the main auth server, that one gives an okay, and firefox successfully lets the user login (automagically). Now this is probably very naive. Most of all, as I am too unfamiliar with the auth design to take a stand. Biggest question (for me): How does the "main" auth server authenticate the self-hosted auth server? This seems to hold a lot of potential attacks. Also the needed work for that is probably extremely huge. Now apart from the very neat integration I can imagine by my use-case, something like this could very well distribute the FXA-load away from mozilla's side and lead to a horizontal authentication scheme with an integrated chain-of-trust. Which could or could not be desirable. What do you think? Too idealistic? ;) Best, alex. P.S. I can close my opened issue at github, if you'd like! _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
