(Ugh, my mails can't get through the list without moderation so I am replying again with my gmail account. Sorry for the duplication)
> On Aug 28, 2015, at 5:02 AM, Shih-Chiang Chien <[email protected]> wrote: > > Hi Ryan, > > Currently the Firefox Account doesn't provide an integrated login experience > on Firefox OS. For example, user need to typing password again for using > Pocket service even if they've already login in FxA in settings app. Oh yeah, I forgot about this... If you are talking about navigator.mozId, we do have an integrated logic experience on Firefox OS. We have SSO. The thing is that for privileged applications, we ask the FxA password the first time the app requests an assertion via navigator.mozId because of privacy reasons. You shouldn't see this auth request dialog for certified apps though. This was a last minute hack before shipping Firefox OS 2.0. The problem was that navigator.mozId was providing the user's email to the app requesting the assertion via navigator.mozId without any user consent [1] (so we were doing Single Silent Sign On). When we noticed that, we were too late on the Firefox OS 2.0 timeline and we were already on a string frozen stage, so we couldn't add any new strings. Ideally, we shouldn't be asking for the password and instead we should just show a confirmation dialog so the user can accept to share or not his email address with the app. But the only option we had at that point that didn't require breaking the string frozen state was to use the refresh authentication dialog. So we did that. That was supposed to be only a temporary hack that we should (and can) remove for 2.5. I'll file a bug for that. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1028398 <https://bugzilla.mozilla.org/show_bug.cgi?id=1028398> > > On Firefox Desktop user can simply grant site permission on fx account login > page when FxA is already login in browser, without typing password again. I > think this is done by using IdentityManager API [1]. > > I don't know why we didn't apply the same technology on Firefox OS in the > past, but it'll enable 3rd-party service on TV with better login experience > because typing is a painful task on TV. We can leverage navigator.mozId with > some adjustment of permission model of "moz-firefox-accounts". > > [1] https://developer.mozilla.org/en-US/docs/Web/API/IdentityManager > <https://developer.mozilla.org/en-US/docs/Web/API/IdentityManager> > > Best Regards, > Shih-Chiang Chien > Mozilla Taiwan > > On Thu, Aug 27, 2015 at 7:27 PM, Tommy Kuo <[email protected] > <mailto:[email protected]>> wrote: > Add Evelyn Huang and Shih-Chiang Chien. > > -- > Tommy Kuo / Software Engineer > [email protected] <mailto:[email protected]> > Mozilla Taiwan > > > On August 25, 2015 at 21:35:26, Fernando Moreno ([email protected] > <mailto:[email protected]>) wrote: > >> Hello, >> >> On Tue, Aug 25, 2015 at 7:38 AM, Ryan Kelly <[email protected] >> <mailto:[email protected]>> wrote: >> On 21/08/2015 17:30, Tommy Kuo wrote: >> >> Do you want to display the pocket website, make calls to the pocket API, >> >> or both? Will you be running from a privileged system app or an >> >> installable webapp? >> > >> > We want to use the Pocket API only in a privileged app. We’ll integrate >> > Pocket service into our TV. >> > >> >> I'm not very familiar with the mozId API. Can you use it to generate >> >> assertions for any audience? From what I can see in [3] it's only >> >> possible to generate assertions for your app origin. >> > >> > I’m trying to decode the assertion generated from FindMyDevice. I found >> > audience is "https://find.firefox.com <https://find.firefox.com/>”, so I >> > think we can generate any >> > audience in the assertion. >> > >> > If we can use the native mozId API, it is convenient to users that they >> > don’t need to enter their username/password again. And we can exchange >> > the assertion for a FxA OAuth token or a Pocket access token. Do you >> > know someone is familiar with mozId? >> >> Casting a wide net here... >> >> IIRC Jared Hirsch (cc'd) did some work on it a while ago, but the code >> hasn't been very active for some time. Fernando Moreno and Michiel de >> Jong (also cc'd) are working on some Firefox Accounts integrations in >> FxOS so they might be able to offer some insight. >> >> Jared, Fernando, Michiel, there's extra context below, but the broad ask >> here is that Tommy's team would like to connect to Pocket from Firefox >> OS, and Pocket authenticates using the FxA OAuth API. >> >> Do you know of any existing code in Firefox OS that's using the FxA >> OAuth APIs? >> >> I played with [1] a few months ago while working on a prototype for the New >> Gaia Architecture project [2], but AFAIK there is no any other existing FxOS >> code using the FxA OAuth APIs. >> >> >> If not, a more specific question that would let us work towards that is: >> can a privileged app use the mozId API to produce a FxA assertion for >> any target audience? >> >> >> Yes, you should be able to specify any target audience with some >> restrictions. Check [3]. I think in your case your Pocket app will be >> shipped as a certified app, so you should be able to use mozId the same way >> FindMyDevice does. >> >> Cheers, >> >> / Fernando >> >> [1] https://github.com/mozilla/fxa-relier-client >> <https://github.com/mozilla/fxa-relier-client> >> [2] https://github.com/fxos/contacts <https://github.com/fxos/contacts> >> [3] >> https://mxr.mozilla.org/mozilla-central/source/dom/identity/nsDOMIdentity.js#617 >> >> <https://mxr.mozilla.org/mozilla-central/source/dom/identity/nsDOMIdentity.js#617> >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
