Hi All, This week we'll be rolling FxA train-65 to production, with the following highlights:
* The sign-in confirmation feature is now supported on Fennec and iOS devices, meaning we should be clear to start rolling it out to all users rather than just a subset. * We no longer send the post-verification "you're now connected to sync" email unless we're *really* sure you were actually connecting to sync. * Legacy sync clients that don't know how to register themselves as a "device", will now get a placeholder device record created for them. * We now send more request metadata (e.g. headers, payload) through to fxa-customs-server so that it can do more elaborate security checks. * The auth-server now emits more "activity event" metrics, and they include more context about the login flow. * We fixed a potential security issue in fxa-oauth-server, where the "profile" scope was incorrectly taken to imply "profile:write" scope. * The oauth-server now has a script to purge expired access tokens from the db, meaning we can start actually expiring them. * We now offer "Open in Yahoo" and "Open in Outlook" buttons when verifying an account with those providers, following the success of our existing "Open in Gmail" button. * Users who directly access https://accounts.firefox.com/signup will now receive a suggestion on how to correctly sign in to sync. * Quite a few visual tweaks and fixes in fxa-content-server which you can read all about in the changelog. As always, you can dig into the details in the changelogs for each individual repo: https://github.com/mozilla/fxa-auth-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-oauth-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-content-server/blob/master/CHANGELOG.md Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
