Hi Ryan, Do you want to display the pocket website, make calls to the pocket API, or both? Will you be running from a privileged system app or an installable webapp?
We want to use the Pocket API only in a privileged app. We’ll integrate Pocket service into our TV. I'm not very familiar with the mozId API. Can you use it to generate assertions for any audience? From what I can see in [3] it's only possible to generate assertions for your app origin. I’m trying to decode the assertion generated from FindMyDevice. I found audience is "https://find.firefox.com”, so I think we can generate any audience in the assertion. If we can use the native mozId API, it is convenient to users that they don’t need to enter their username/password again. And we can exchange the assertion for a FxA OAuth token or a Pocket access token. Do you know someone is familiar with mozId? Thanks, Tommy -- Tommy Kuo / Software Engineer [email protected] Mozilla Taiwan On August 19, 2015 at 20:45:39, Ryan Kelly ([email protected]) wrote: On 19/08/2015 01:36, Mozilla wrote: > We want to make Pocket can use the Firefox account already logged in > Firefox OS (mozId). We hope that user don’t need to type their > username/password again if they are already logged in. In other words, > we want to use a logged in Firefox account to get a access token from > Pocket. This could be tricky, but I'm happy to help work through the details and see if we can find a way forward. Do you want to display the pocket website, make calls to the pocket API, or both? Will you be running from a privileged system app or an installable webapp? > Does Pocket need to setup something like browserid-verifier[1] in their > server? And I have looked up some information about the “assertion.” Pocket authenticates Firefox Accounts users via our OAuth API [1] rather than using assertions. We're trying to discourage the use of assertions in new applications, and limit their existing use to tightly integrated device-specific apps like Sync and FindMyDevice. They also use their own flavor of OAuth to authenticate to their backend API [2]. From your description, what I think you'd have to do is something like the following: * Use the native mozId API to generate an assertion for the user * Exchange that assertion for a Firefox Accounts OAuth token * Exchange that token for a Pocket OAuth token * use that token to access the Pocket API That's quite a few moving parts. I'm not very familiar with the mozId API. Can you use it to generate assertions for any audience? From what I can see in [3] it's only possible to generate assertions for your app origin. I think I answered your question with more questions, but this is an interesting use-case so I hope we can drill down and figure out the details. Cheers, Ryan [1] https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Firefox_Accounts/Introduction#Login_with_the_FxA_OAuth_HTTP_API [2] http://getpocket.com/developer/docs/authentication [3] https://developer.mozilla.org/en-US/docs/Firefox-Accounts-on-FirefoxOS
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
