For those of us who intend to setup our own FxA servers, having only one FxA account per device, means that we are going to be locked out of things like Marketplace if it only uses the existing FxA account.
----- Reply message ----- From: "Chris Karlof" <[email protected]> To: "Richard Newman" <[email protected]> Cc: "[email protected]" <[email protected]>, "Ryan Kelly" <[email protected]>, "a." <[email protected]> Subject: inter-server authentication for self hosted auth Date: Tue, May 6, 2014 16:07 On May 5, 2014, at 8:15 PM, Richard Newman <[email protected]> wrote: >> Chris, can you clarify whether Android would behave any differently to >> Desktop in this scenario? > > Some noodling from my perspective: > > We only support a single Firefox Account at present, just as with desktop. > > There's no in-Gecko support for FxA at all -- it's all Java -- but I would be > very surprised if we would ever want to ship two separate login flows with > the correspondingly confusing experience: other parts of Firefox won't do > their own FxA login, they'll delegate to your existing native-handled FxA. > > (According to the quote below, I should be surprised.) > > So using your own FxA server will only work for so long as we force you to > sign in on the web for other stuff (like Marketplace). > > As soon as we improve that experience to use your native account (just like > how Play Store uses your Google account without going through another signin > process), run-their-own-FxA users will be kinda screwed. > >>> As far as Marketplace goes, logging into Marketplace via Desktop Firefox >>> will happen on the Web, which will be independent from your logged in state >>> for Sync >> >> Tangent: we should do a better job of clarifying this story and of >> telling it outside of the FxA/Marketplace group. > > Yeah, I can't imagine that experience being satisfactory on Android. Even > signing in once with a phone keyboard is a pain in the ass, let alone 2+ > times, particularly when the user expects us to be able to do what *every > other account-based app* on Android does and just do it for you. This is a complex issue. Leveraging the logged in state of FxA on Android to log you into a FxA backed web property on Fennec is clearly a good idea. But *requiring* you attach an FxA account to your Android device to log into a FxA backed web property in Fennec seems dubious to me, particularly since doing so will currently start syncing your browser data. > As a rule, we should be operating under the assumption that everything we > ship to GA on Android is native. That's the (very polished) experience with > which we have to compete, and in this case it's also part of the native > apps/synthetic APKs Marketplace story -- what identity will the background > app updater use? Not clear. We may need to support a web based FxA login on Fennec for people who don't want to sign into Fennec, but want to use our relying web properties (e.g., Find My Device). In don't understand Marketplace on Fennec very well, but if it's integrated into the browser and can run in the background, it likely needs to use an FxA account attached to the device. That's tricky because now we need service selection UX on Android. What about the case of using different FxAs for different services? -chris > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
